|
Plagegeister aller Art und deren Bekämpfung: Befall von Malware (zym.tollbahsuburban.com) auf Windows 7 Professional PCWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
19.09.2014, 18:01 | #1 |
| Befall von Malware (zym.tollbahsuburban.com) auf Windows 7 Professional PC Hallo Board, ich sitze gerade an einem Win7 Pro PC, der scheinbar einiges an Malware abbekommen hat. Laut Benutzer wurde eine Software installiert, daraufhin haben sich "alle möglichen anderen Tools mit installiert". Der Benutzer hat scheinbar versucht selbst mit diversen Tools (PC Speed Maximizer, DriverRestore, etc.) für Abhilfe zu sorgen, sich dabei aber wohl noch mehr Malware eingefangen. Momentan äußert sich der Befall durch Pop-Ups in sämtlichen Browsern, sowie Werbeeinblendungen und dem Umleiten von Suchanfragen. Ein erster Lauf von FRST erzeugte folgende Dateien: FRST.txt: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-09-2014 Ran by Minnich (administrator) on MINNICH-PC on 19-09-2014 18:59:55 Running from C:\Users\Minnich\Desktop Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) () C:\Program Files (x86)\PC Speed Up\PCSUService.exe (Cherished Technololgy LIMITED) C:\ProgramData\IePluginServices\PluginService.exe () C:\Program Files (x86)\CDC27E14-F7CE-431E-BBE0-76C7592FBEF6\etmajyzoqm64.exe () C:\Program Files (x86)\SupTab\HpUI.exe () C:\Program Files (x86)\SupTab\Loader64.exe () C:\Program Files (x86)\SupTab\Loader32.exe () C:\Program Files\005\cyycfhtzro64.exe (SIEN S.A.) C:\Program Files (x86)\Common Files\IMGUpdater\IMGUpdater.exe () C:\Windows\score.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Unattend0000000001{15346C6C-F853-4410-BF55-473812C60FF7}] => %SYSTEMDRIVE%\restore\createrestore.exe /r HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [mbot_de_53] => [X] HKLM-x32\...\Run: [Registry Helper] => "C:\Program Files (x86)\Registry Helper\RegistryHelper.Exe" /boot HKLM-x32\...\Run: [AnyProtect Scanner] => "C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe" HKLM-x32\...\Run: [OneMoreGame] => C:\Users\Minnich\AppData\Roaming\OneMoreGame\OMG.exe HKU\S-1-5-21-3299499388-507950971-3432295107-1001\...\Run: [PC Speed Maximizer] => C:\Program Files (x86)\PC Speed Maximizer\SPMLauncher.exe [134968 2014-04-28] (Smart PC Solutions) HKU\S-1-5-21-3299499388-507950971-3432295107-1001\...\Run: [Gameo] => C:\Users\Minnich\AppData\Roaming\Gameo\gameo.exe [41402880 2014-08-25] () HKU\S-1-5-21-3299499388-507950971-3432295107-1001\...\Run: [PCSpeedUp] => C:\Program Files (x86)\PC Speed Up\PCSUNotifier.exe [300840 2014-08-08] () IFEO\DatamngrCoordinator.exe: [Debugger] tasklist.exe Startup: C:\Users\Minnich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJ_l4MkPpONrsnaOi2aKJtss8TtA0GPrLhjCU0ALyib4jnlq109wosoT5F3TUS5eDDBEVsm9WlbCJFlcWYKrfpB9DipEMvosDUOqnmrEE1xLL646Penf6gjruOKEuDU0hyggl6E55d-bHbV4ytN2XwtR4MQA,,&q={searchTerms} HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.mystart.com/?pr=vmn&id=mystarttb&v=5_4&ent=hp_5108&src=5108 HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJ_l4MkPpONrsnaOi2aKJtss8TtA0GPrLhjCU0ALyib4jnlq109wosoT5F3TUS5eDDBEVsm9WlbCJFlcWYKrfpB9DipEMvosDUOqnmrEE1xLL646Penf6gjruOKEuDU0hyggl6E55d-bHbV4ytN2XwtR4MQA,,&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1409842302&from=obw&uid=WDCXWD2500AAJS-07M0A0_WD-WMAV2DU1265412654&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1409842302&from=obw&uid=WDCXWD2500AAJS-07M0A0_WD-WMAV2DU1265412654&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1409842302&from=obw&uid=WDCXWD2500AAJS-07M0A0_WD-WMAV2DU1265412654&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1409842302&from=obw&uid=WDCXWD2500AAJS-07M0A0_WD-WMAV2DU1265412654&q={searchTerms} StartMenuInternet: IEXPLORE.EXE - iexplore.exe SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM - {CC865B26-C31D-4D23-B17B-96548EEF03F6} URL = SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJ_l4MkPpONrsnaOi2aKJtss8TtA0GPrLhjCU0ALyib4jnlq109wosoT5F3TUS5eDDBEVsm9WlbCJFlcWYKrfpB9DipEMvosDUOqnmrEE1xLL646Penf6gjruOKEuDU0hyggl6E55d-bHbV4ytN2XwtR4MRw,,&q={searchTerms} SearchScopes: HKCU - DefaultScope {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = hxxp://www.mystart.com/results.php?gen=ms&pr=vmn&id=mystarttb&v=5_4&ent=ch_5108&q={searchTerms} SearchScopes: HKCU - 569F02B720D640868C23E94F03F2C832 URL = hxxp://groovorio.com/results.php?f=4&q={searchTerms}&a=grv_bndl1_14_26&cd=2XzuyEtN2Y1L1QzutDtDtCzyzyzyzyyCtB0EtCtDtDtByBzytN0D0Tzu0SzyyBzztN1L2XzutAtFtBtFtCtFtDtN1L1Czu1N1C2X1V1S1G1Q1ItC1VtCyE1VtByCtN1L1G1B1V1N2Y1L1Qzu2SyDtDyC0Dzy0CyBzytGzyyDyEyDtGzzyCzy0AtGtCyCzyyEtGtAyDtByCyDtBtByBtA0A0Bzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzztC0Fzzzz0DtByDtG0E0CtAyDtGyEtCyD0AtGzytC0AyDtG0ByEyB0EtAyBzy0DyEtD0C0F2Q&cr=1773006457&ir= SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJ_l4MkPpONrsnaOi2aKJtss8TtA0GPrLhjCU0ALyib4jnlq109wosoT5F3TUS5eDDBEVsm9WlbCJFlcWYKrfpB9DipEMvosDUOqnmrEE1xLL646Penf6gjruOKEuDU0hyggl6E55d-bHbV4ytN2XwtR4MQA,,&q={searchTerms} SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3331213&octid=EB_ORIGINAL_CTID&ISID=MF92BE761-D608-4647-83D0-3881FB749AC8&SearchSource=58&CUI=&UM=6&UP=SP8C0EDAF5-C883-4ED5-A6B4-0B4989531E5B&q={searchTerms}&SSPV=&SSPV= SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.only-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=F6F5001999962E10&affID=129280&tt=020914_onst&tsp=5362 SearchScopes: HKCU - {2B37E792-BCB1-4CE3-A0BA-E9C5B53FA524} URL = hxxp://www.only-search.com/?babsrc=SP_kms&affID=129360&tt=020914_onst&mntrid=F6F5001999962E10&tsp=5361&q={searchTerms}&r=667 SearchScopes: HKCU - {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = hxxp://www.mystart.com/results.php?gen=ms&pr=vmn&id=mystarttb&v=5_4&ent=ch_5108&q={searchTerms} BHO: Shopping Helper SmartbarEngine -> {31ad400d-1b06-4e33-a59a-90c2c140cba0} -> C:\Windows\system32\mscoree.dll (Microsoft Corporation) BHO: TermTutor -> {6CB99040-7828-4C37-AC01-F15758F43E4D} -> C:\Program Files\TermTutor\IE\TermTutorClientIE.dll No File BHO: IMinent WebBooster (BHO) -> {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} -> C:\Program Files (x86)\Iminent\Minibar.InternetExplorer.BHOx64.dll No File BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.) BHO-x32: Shopping Helper SmartbarEngine -> {31ad400d-1b06-4e33-a59a-90c2c140cba0} -> C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation) BHO-x32: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files (x86)\SupTab\SupTab.dll (Thinknice Co. Limited) BHO-x32: No Name -> {84FF7BD6-B47F-46F8-9130-01B2696B36CB} -> No File BHO-x32: No Name -> {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} -> No File Toolbar: HKLM - Shopping Helper Smartbar - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\system32\mscoree.dll (Microsoft Corporation) Toolbar: HKLM-x32 - Shopping Helper Smartbar - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation) Hosts: 127.0.0.1 d3oxij66pru1i3.cloudfront.net Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default FF NewTab: chrome://quick_start/content/index.html FF DefaultSearchEngine: Search The Web FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll () FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF user.js: detected! => C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\user.js FF Plugin ProgramFiles/Appdata: C:\Users\Minnich\AppData\Roaming\mozilla\plugins\np-mswmp.dll (Microsoft Corporation) FF SearchPlugin: C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\searchplugins\Groovorio.xml FF SearchPlugin: C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\searchplugins\onlysearchkms.xml FF SearchPlugin: C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\searchplugins\trovi-search.xml FF SearchPlugin: C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\searchplugins\Web Search.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\istartsurf.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\mystarttb.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\StartWeb.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Fast Start - C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\Extensions\faststartff@gmail.com [2014-09-03] FF Extension: Internet Download Manager Squared - C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\Extensions\idmsq@idmsq.com [2014-09-08] FF Extension: SaveClicker - C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\Extensions\jstrj2otka@kuxbzdmdd-.com [2014-09-03] FF Extension: No Name - C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\Extensions\staged [2014-09-19] FF Extension: 123b222059cb11dbb0de0800200c9a66 - C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\Extensions\{123b2220-59cb-11db-b0de-0800200c9a66} [2014-09-08] FF Extension: Groovorio - C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\Extensions\{73843edf-1075-4a55-947c-e13e0dc9349e} [2014-09-04] FF Extension: AF445D67154C4c69A17B7F392BCC36A3 - C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\Extensions\{AF445D67-154C-4c69-A17B-7F392BCC36A3} [2014-09-07] FF Extension: Iminent - C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\Extensions\firefoxmini@go.im.xpi [2014-09-03] FF Extension: NoScript - C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-09-19] FF HKLM-x32\...\Firefox\Extensions: [termtutor@termtutor.com] - C:\Program Files (x86)\Mozilla Firefox\extensions\termtutor@termtutor.com FF HKLM-x32\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04] Chrome: ======= CHR Profile: C:\Users\Minnich\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (SaveClicker) - C:\Users\Minnich\AppData\Local\Google\Chrome\User Data\Default\Extensions\bndmpmkpkcaipgdfamhmjdkeemneaeco [2014-09-03] CHR Extension: (No Name) - C:\Users\Minnich\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnjjngeaknajbdcgpfkgnonkmififhfo [2014-09-08] CHR Extension: (No Name) - C:\Users\Minnich\AppData\Local\Google\Chrome\User Data\Default\Extensions\mblbciejcodpealifnhfjbdlkedplodp [2014-09-07] CHR Extension: (No Name) - C:\Users\Minnich\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdapmeleikeppmfgadilffngabfpibok [2014-09-07] CHR Extension: (No Name) - C:\Users\Minnich\AppData\Local\Google\Chrome\User Data\Default\Extensions\mflbcmpjneookibbaeopkfcnegknkgog [2014-09-10] CHR Extension: (No Name) - C:\Users\Minnich\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnanplinmmnjhobaliikmelmmjpoogkb [2014-09-04] CHR HKLM-x32\...\Chrome\Extension: [dghncoeocefmhkhiphdgikkamjeglbfh] - C:\Program Files (x86)\mystarttb\chrome-newtab-search.crx [] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AllDaySavingsService64; C:\Program Files (x86)\CDC27E14-F7CE-431E-BBE0-76C7592FBEF6\etmajyzoqm64.exe [172544 2014-07-31] () [File not signed] S2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [36936 2014-09-03] (Just Develop It) S3 Browser7Maintenance; C:\Program Files (x86)\Browser 7 Maintenance Service\maintenanceservice.exe [118584 2014-09-12] (Deutsche Telekom AG) R2 cyycfhtzro64; C:\Program Files\005\cyycfhtzro64.exe [709120 2014-09-04] () [File not signed] R2 GlobalUpdater; C:\Program Files (x86)\Common Files\IMGUpdater\IMGUpdater.exe [378152 2014-08-13] (SIEN S.A.) R2 IePluginServices; C:\ProgramData\IePluginServices\PluginService.exe [715656 2014-09-03] (Cherished Technololgy LIMITED) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.) R2 PCSUService; C:\Program Files (x86)\PC Speed Up\PCSUService.exe [430888 2014-08-08] () R2 scores; C:\Windows\score.exe [4823040 2014-09-02] () [File not signed] S2 ReimageRealTimeProtector; C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 netfilter64; C:\Windows\System32\drivers\netfilter64.sys [46376 2014-07-31] (NetFilterSDK.com) R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.) R1 {c5e48979-bd7f-4cf7-9b73-2482a67a4f37}Gw64; C:\Windows\System32\drivers\{c5e48979-bd7f-4cf7-9b73-2482a67a4f37}Gw64.sys [61072 2014-09-03] (StdLib) R1 {e6ca9971-30ed-444a-9489-82fca50b2062}Gw64; C:\Windows\System32\drivers\{e6ca9971-30ed-444a-9489-82fca50b2062}Gw64.sys [61064 2014-09-04] (StdLib) S3 cpuz134; \??\C:\Users\Minnich\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X] S1 ttnfd; system32\drivers\ttnfd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-19 17:14 - 2014-09-19 17:14 - 00709564 _____ () C:\Users\Minnich\Desktop\delfix_10.8.exe 2014-09-19 17:13 - 2014-09-19 17:13 - 02347384 _____ (ESET) C:\Users\Minnich\Desktop\esetsmartinstaller_deu.exe 2014-09-19 17:13 - 2014-09-19 17:13 - 00448512 _____ (OldTimer Tools) C:\Users\Minnich\Desktop\TFC.exe 2014-09-19 17:12 - 2014-09-19 17:12 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Minnich\Desktop\mbam-setup-2.0.2.1012.exe 2014-09-19 17:09 - 2014-09-19 17:09 - 01373475 _____ () C:\Users\Minnich\Desktop\AdwCleaner_3.310.exe 2014-09-19 17:05 - 2014-09-19 19:00 - 00016325 _____ () C:\Users\Minnich\Desktop\FRST.txt 2014-09-19 17:05 - 2014-09-19 18:59 - 00065987 _____ () C:\Users\Minnich\Desktop\FRST_.txt 2014-09-19 17:05 - 2014-09-19 18:59 - 00000000 ____D () C:\FRST 2014-09-19 17:05 - 2014-09-19 17:06 - 00023349 _____ () C:\Users\Minnich\Desktop\Addition_.txt 2014-09-19 17:04 - 2014-09-19 17:04 - 02105856 _____ (Farbar) C:\Users\Minnich\Desktop\FRST64.exe 2014-09-19 16:57 - 2014-09-19 17:26 - 00000333 _____ () C:\Users\Minnich\Desktop\mal.txt 2014-09-19 16:52 - 2014-09-19 16:52 - 00000000 ____D () C:\Users\Minnich\Desktop\Alte Browser7-Daten 2014-09-19 13:43 - 2014-09-19 13:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-09-14 07:56 - 2014-09-14 07:56 - 01651552 _____ () C:\Windows\Minidump\091414-19156-01.dmp 2014-09-11 11:01 - 2014-09-19 07:54 - 00000374 _____ () C:\Windows\Tasks\AmiUpdXp.job 2014-09-11 11:01 - 2014-09-11 11:01 - 00003420 _____ () C:\Windows\System32\Tasks\AmiUpdXp 2014-09-11 11:01 - 2014-09-11 11:01 - 00000000 ____D () C:\Users\Minnich\Documents\PCSpeedUp 2014-09-11 11:01 - 2014-09-11 11:01 - 00000000 ____D () C:\Users\Minnich\AppData\Local\20777 2014-09-11 11:00 - 2014-09-19 17:46 - 00000344 _____ () C:\Windows\Tasks\PC SpeedUp Service Deactivator.job 2014-09-11 11:00 - 2014-09-19 07:57 - 00000000 ____D () C:\Program Files (x86)\PC Speed Up 2014-09-11 11:00 - 2014-09-11 11:00 - 00002724 _____ () C:\Windows\System32\Tasks\PC SpeedUp Service Deactivator 2014-09-11 11:00 - 2014-09-11 11:00 - 00001055 _____ () C:\Users\Minnich\Desktop\PC Speed Up.lnk 2014-09-11 11:00 - 2014-09-11 11:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Speed Up 2014-09-11 08:42 - 2014-09-11 08:42 - 10036224 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe 2014-09-10 18:47 - 2014-08-19 20:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-09-10 18:47 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-09-10 18:47 - 2014-08-19 00:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-09-10 18:47 - 2014-08-19 00:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-09-10 18:47 - 2014-08-19 00:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-09-10 18:47 - 2014-08-19 00:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-09-10 18:47 - 2014-08-19 00:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-09-10 18:47 - 2014-08-19 00:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-09-10 18:47 - 2014-08-19 00:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-09-10 18:47 - 2014-08-19 00:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-09-10 18:47 - 2014-08-19 00:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-09-10 18:47 - 2014-08-19 00:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-09-10 18:47 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-09-10 18:47 - 2014-08-18 23:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-09-10 18:47 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-09-10 18:47 - 2014-08-18 23:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-09-10 18:47 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-09-10 18:47 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-09-10 18:47 - 2014-08-18 23:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-09-10 18:47 - 2014-08-18 23:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-09-10 18:47 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-09-10 18:47 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-09-10 18:47 - 2014-08-18 23:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-09-10 18:47 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-09-10 18:47 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-09-10 18:47 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-09-10 18:47 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-09-10 18:47 - 2014-08-18 23:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-09-10 18:47 - 2014-08-18 23:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-09-10 18:47 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-09-10 18:47 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-09-10 18:47 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-09-10 18:47 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-09-10 18:47 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-09-10 18:46 - 2014-08-19 01:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-09-10 18:46 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-09-10 18:46 - 2014-08-19 00:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-09-10 18:46 - 2014-08-19 00:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-09-10 18:46 - 2014-08-19 00:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-09-10 18:46 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-09-10 18:46 - 2014-08-19 00:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-09-10 18:46 - 2014-08-18 23:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-09-10 18:46 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-09-10 18:46 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-09-10 18:46 - 2014-08-18 23:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-09-10 18:46 - 2014-08-18 23:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-09-10 18:46 - 2014-08-18 23:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-09-10 18:46 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-09-10 18:46 - 2014-08-18 23:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-09-10 18:46 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-09-10 18:46 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-09-10 18:46 - 2014-08-18 22:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-09-10 18:46 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-09-10 18:46 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-09-10 18:46 - 2014-08-18 22:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-09-10 18:46 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-09-10 14:57 - 2014-08-01 13:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll 2014-09-10 14:57 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll 2014-09-10 14:55 - 2014-09-05 04:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-09-10 14:55 - 2014-09-05 04:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-09-10 14:55 - 2014-07-07 04:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-09-10 14:55 - 2014-07-07 04:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-09-10 14:55 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-09-10 14:55 - 2014-07-07 03:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2014-09-10 14:55 - 2014-07-07 03:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2014-09-10 14:55 - 2014-06-24 05:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll 2014-09-10 14:55 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll 2014-09-10 08:17 - 2014-06-27 04:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll 2014-09-10 08:17 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll 2014-09-09 08:17 - 2014-09-19 09:13 - 00003260 _____ () C:\Windows\System32\Tasks\PC Speed Maximizer Schedule 2014-09-09 08:17 - 2014-09-09 08:17 - 00000000 ____D () C:\Users\Minnich\AppData\Roaming\SumatraPDF 2014-09-09 08:17 - 2014-09-09 08:17 - 00000000 ____D () C:\Users\Minnich\AppData\Roaming\PC Speed Maximizer 2014-09-09 08:13 - 2014-09-19 16:49 - 00000000 ____D () C:\Users\Minnich\AppData\Local\Gameo 2014-09-09 08:13 - 2014-09-19 08:13 - 00003754 _____ () C:\Windows\System32\Tasks\DriverRestore_ScheduledScan 2014-09-09 08:13 - 2014-09-19 08:13 - 00003600 _____ () C:\Windows\System32\Tasks\DriverRestore_DailyScan 2014-09-09 08:13 - 2014-09-09 08:13 - 00001928 _____ () C:\Users\Minnich\Desktop\Play Goodgame Empire.lnk 2014-09-09 08:13 - 2014-09-09 08:13 - 00001805 _____ () C:\Users\Minnich\Desktop\Gameo.lnk 2014-09-09 08:13 - 2014-09-09 08:13 - 00001791 _____ () C:\Users\Minnich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gameo.lnk 2014-09-09 08:13 - 2014-09-09 08:13 - 00000173 _____ () C:\Users\Minnich\Desktop\Play Games Online.url 2014-09-09 08:13 - 2014-09-09 08:13 - 00000173 _____ () C:\Users\Minnich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Play Games Online.url 2014-09-09 08:13 - 2014-09-09 08:13 - 00000000 ___HD () C:\Users\Minnich\AppData\Roaming\GoldenGate 2014-09-09 08:13 - 2014-09-09 08:13 - 00000000 ____D () C:\Users\Minnich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gameo 2014-09-09 08:13 - 2014-09-09 08:13 - 00000000 ____D () C:\Users\Minnich\AppData\Roaming\Gameo 2014-09-09 08:13 - 2014-09-09 08:13 - 00000000 ____D () C:\Users\Minnich\AppData\Roaming\0C1I1L1R1J0C1F1G1G1P1R2Z 2014-09-09 08:12 - 2014-09-19 10:00 - 00000000 ____D () C:\Program Files (x86)\DriverRestore 2014-09-09 08:12 - 2014-09-09 08:12 - 00001124 _____ () C:\Users\Minnich\Desktop\PC Speed Maximizer.lnk 2014-09-09 08:12 - 2014-09-09 08:12 - 00001074 _____ () C:\Users\Public\Desktop\DriverRestore.lnk 2014-09-09 08:12 - 2014-09-09 08:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Speed Maximizer 2014-09-09 08:12 - 2014-09-09 08:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverRestore 2014-09-09 08:12 - 2014-07-01 19:37 - 00020872 _____ (Phoenix Technologies) C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS 2014-09-09 07:47 - 2014-09-09 07:47 - 00853960 _____ (Reimage®) C:\Users\Minnich\Downloads\ReimageRepair.exe 2014-09-09 07:47 - 2014-09-09 07:47 - 00853960 _____ (Reimage®) C:\Users\Minnich\Downloads\ReimageRepair(1).exe 2014-09-09 07:41 - 2014-09-09 07:41 - 00004032 _____ () C:\Windows\System32\Tasks\LaunchSignup 2014-09-09 07:41 - 2014-09-09 07:41 - 00001976 _____ () C:\Users\Minnich\Desktop\Sync Folder.lnk 2014-09-09 07:40 - 2014-09-09 07:59 - 00000000 ____D () C:\Users\Minnich\AppData\Local\Genesis_09090540 2014-09-09 07:40 - 2014-09-09 07:40 - 00001094 _____ () C:\Users\Minnich\Desktop\MyPC Backup.lnk 2014-09-09 07:40 - 2014-09-09 07:40 - 00000000 ____D () C:\Users\Minnich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup 2014-09-09 07:40 - 2014-09-09 07:40 - 00000000 ____D () C:\Program Files (x86)\MyPC Backup 2014-09-09 07:39 - 2014-09-09 07:39 - 01255552 _____ () C:\Users\Minnich\Downloads\Setup(1).exe 2014-09-09 07:37 - 2014-09-09 07:38 - 01255552 _____ () C:\Users\Minnich\Downloads\Setup.exe 2014-09-08 13:28 - 2014-09-08 13:28 - 00003154 _____ () C:\Windows\System32\Tasks\{405D3FA4-397D-4A16-9D21-7494A877FA1E} 2014-09-08 13:19 - 2014-09-08 13:19 - 29689728 _____ (Deutsche Telekom AG) C:\Users\Minnich\Downloads\browser7-latest.exe 2014-09-08 11:33 - 2014-09-08 11:33 - 00718848 _____ ( ) C:\Users\Minnich\Downloads\IDM2-Win-EN.exe 2014-09-08 11:33 - 2014-09-08 11:33 - 00000000 ____D () C:\MININT 2014-09-08 09:41 - 2014-09-08 09:41 - 00003328 _____ () C:\Windows\System32\Tasks\ASP 2014-09-07 11:19 - 2014-09-08 09:56 - 00000000 ____D () C:\Program Files\Reimage 2014-09-07 10:59 - 2014-09-07 10:59 - 00000000 ____D () C:\Users\Minnich\AppData\Roaming\DriverFinder 2014-09-06 16:35 - 2014-09-06 16:35 - 00000000 ____D () C:\ProgramData\Telekom-Browser 7 2014-09-06 15:44 - 2014-09-06 15:44 - 00362592 _____ (Deutsche Telekom AG) C:\Users\Minnich\Downloads\browser7_setup.exe 2014-09-06 15:00 - 2014-09-07 11:19 - 00000000 ____D () C:\Program Files (x86)\ReimageExpress.com 2014-09-06 14:45 - 2014-09-06 14:46 - 00000000 ____D () C:\Program Files (x86)\Reimageplus.com 2014-09-06 10:47 - 2014-09-07 08:42 - 00001224 _____ () C:\Users\Minnich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-09-06 10:45 - 2014-09-06 10:45 - 00000000 ____D () C:\ProgramData\374311380 2014-09-06 10:33 - 2014-09-06 10:33 - 00000000 ____D () C:\Program Files (x86)\SaveClicker 2014-09-06 10:26 - 2014-09-06 10:26 - 00000000 ____D () C:\Program Files (x86)\predm 2014-09-06 07:53 - 2014-09-06 07:53 - 00000464 _____ () C:\Windows\system32\ScannerSettings 2014-09-05 12:26 - 2014-09-05 12:26 - 00000000 ____D () C:\Users\Minnich\AppData\Local\speed browser 2014-09-05 12:25 - 2014-09-05 12:25 - 01482656 _____ () C:\ProgramData\Setup.exe 2014-09-05 12:25 - 2014-09-05 12:25 - 00000000 ____D () C:\ProgramData\Browser 2014-09-05 08:48 - 2014-09-05 08:48 - 00000000 ____D () C:\TVWizard 2014-09-05 08:26 - 2014-09-04 19:53 - 00061064 _____ (StdLib) C:\Windows\system32\Drivers\{e6ca9971-30ed-444a-9489-82fca50b2062}Gw64.sys 2014-09-05 08:05 - 2014-09-06 14:55 - 00000000 ____D () C:\Program Files (x86)\Bench 2014-09-05 08:05 - 2014-09-06 11:03 - 00000003 _____ () C:\Users\Minnich\AppData\Local\proxy.log 2014-09-05 08:05 - 2014-09-05 08:05 - 00000000 ____D () C:\Users\Minnich\AppData\Roaming\rightbackup 2014-09-04 17:34 - 2014-09-04 17:34 - 00000044 _____ () C:\Users\Minnich\AppData\Roaming\WB.CFG 2014-09-04 16:56 - 2014-09-19 18:51 - 00000000 ____D () C:\Program Files\AllDaySavings 2014-09-04 16:56 - 2014-09-05 08:03 - 00000000 ____D () C:\Users\Minnich\AppData\Roaming\Probit Software 2014-09-04 16:55 - 2014-09-06 14:48 - 00000000 ____D () C:\Program Files (x86)\CDC27E14-F7CE-431E-BBE0-76C7592FBEF6 2014-09-04 16:55 - 2014-09-04 16:55 - 00000000 ____D () C:\ProgramData\TEMP 2014-09-04 16:51 - 2014-09-04 16:51 - 01994136 _____ (HQPureQual) C:\Users\Minnich\AppData\Roaming\KWHF.exe 2014-09-04 16:51 - 2014-09-04 16:51 - 00001246 _____ () C:\Windows\Tasks\KWHF.job 2014-09-04 16:51 - 2014-09-04 16:51 - 00000000 ____D () C:\Program Files (x86)\Probit Software 2014-09-04 16:50 - 2014-09-05 08:05 - 00000529 _____ () C:\END 2014-09-04 16:50 - 2014-09-04 16:51 - 00000000 ____D () C:\Program Files\005 2014-09-04 16:34 - 2014-09-04 16:34 - 00000000 _____ () C:\LIL4A39.tmp 2014-09-04 16:34 - 2014-09-04 16:34 - 00000000 _____ () C:\LIL4A0A.tmp 2014-09-04 16:34 - 2014-09-04 16:34 - 00000000 _____ () C:\LIL49DB.tmp 2014-09-04 16:33 - 2014-09-04 16:33 - 00000000 ____D () C:\33cb8ceb-6e1a-4e4c-9963-d32ad5205a76 2014-09-04 16:27 - 2014-09-04 16:27 - 00144760 _____ (Premium Installer ) C:\Users\Minnich\Downloads\javaupdate_setup.exe 2014-09-04 16:16 - 2014-09-04 16:16 - 00244400 _____ () C:\Users\Minnich\Downloads\Firefox Setup Stub 32.0.exe 2014-09-04 16:07 - 2014-09-08 14:18 - 00000000 ___HD () C:\Windows\msdownld.tmp 2014-09-04 16:01 - 2014-09-07 16:01 - 00000376 _____ () C:\Windows\Tasks\APSnotifierPP3.job 2014-09-04 16:01 - 2014-09-04 16:21 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP1.job 2014-09-04 16:01 - 2014-09-04 16:08 - 00000376 _____ () C:\Windows\Tasks\APSnotifierPP2.job 2014-09-04 16:01 - 2014-09-04 16:01 - 00002832 _____ () C:\Windows\System32\Tasks\APSnotifierPP1 2014-09-04 16:01 - 2014-09-04 16:01 - 00002830 _____ () C:\Windows\System32\Tasks\APSnotifierPP3 2014-09-04 16:01 - 2014-09-04 16:01 - 00002830 _____ () C:\Windows\System32\Tasks\APSnotifierPP2 2014-09-04 16:00 - 2014-09-04 16:00 - 00575544 _____ (ClickMeIn Limited) C:\Users\Minnich\AppData\Local\nsrAD00.tmp 2014-09-04 07:27 - 2014-09-04 07:27 - 00000000 ____D () C:\Users\Minnich\AppData\Local\com 2014-09-04 07:24 - 2014-09-09 07:59 - 00000000 ____D () C:\Users\Minnich\AppData\Roaming\Activeris 2014-09-04 07:20 - 2014-09-04 07:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InetStat 2014-09-03 19:45 - 2014-09-05 08:05 - 00001889 _____ () C:\Users\Minnich\Desktop\Search.lnk 2014-09-03 19:44 - 2014-09-18 18:16 - 00000000 ___HD () C:\Users\Public\Temp 2014-09-03 19:44 - 2014-09-06 10:48 - 00000000 ____D () C:\Users\Minnich\AppData\Local\Smartbar 2014-09-03 19:43 - 2014-09-06 20:50 - 00000000 ____D () C:\Program Files (x86)\globalUpdate 2014-09-03 19:43 - 2014-09-06 10:21 - 00000000 ____D () C:\Program Files (x86)\videos MediaPlayer+ 2014-09-03 19:42 - 2014-09-03 19:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PepperZip 2014-09-03 19:42 - 2014-09-02 14:11 - 04823040 _____ () C:\Windows\score.exe 2014-09-03 19:29 - 2014-09-03 19:29 - 00936136 _____ () C:\Windows\Minidump\090314-14008-01.dmp 2014-09-03 15:46 - 2014-09-09 08:12 - 00000000 ____D () C:\Program Files (x86)\PC Speed Maximizer 2014-09-03 15:46 - 2014-09-03 15:46 - 00000000 ____D () C:\Users\Minnich\Documents\PC Speed Maximizer 2014-09-03 15:43 - 2014-09-06 10:39 - 00000000 ____D () C:\ProgramData\SaveClicker 2014-09-03 15:43 - 2014-09-06 10:33 - 00000000 ____D () C:\ProgramData\4ef04fb202130dcc 2014-09-03 15:43 - 2014-09-03 15:43 - 00000000 ____D () C:\Users\Minnich\AppData\Local\Torch 2014-09-03 15:43 - 2014-09-03 15:43 - 00000000 ____D () C:\Users\Minnich\AppData\Local\Google 2014-09-03 15:43 - 2014-09-03 15:43 - 00000000 ____D () C:\Users\Minnich\AppData\Local\Comodo 2014-09-03 15:43 - 2014-09-03 15:43 - 00000000 ____D () C:\Users\Minnich\AppData\Local\Chromatic Browser 2014-09-03 15:43 - 2014-09-03 15:43 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Torch 2014-09-03 15:43 - 2014-09-03 15:43 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google 2014-09-03 15:43 - 2014-09-03 15:43 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo 2014-09-03 15:43 - 2014-09-03 15:43 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Chromatic Browser 2014-09-03 15:42 - 2014-09-03 15:42 - 00000000 ____D () C:\Users\Minnich\AppData\Local\globalUpdate 2014-09-03 15:42 - 2014-09-03 15:42 - 00000000 ____D () C:\ProgramData\IePluginServices 2014-09-03 15:41 - 2014-09-06 10:49 - 00000000 ____D () C:\Users\Minnich\AppData\Roaming\istartsurf 2014-09-03 15:41 - 2014-09-06 10:19 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect 2014-09-03 15:41 - 2014-09-03 15:42 - 00000000 ____D () C:\Program Files (x86)\SupTab 2014-09-03 15:19 - 2014-09-03 02:49 - 00061072 _____ (StdLib) C:\Windows\system32\Drivers\{c5e48979-bd7f-4cf7-9b73-2482a67a4f37}Gw64.sys 2014-09-03 15:18 - 2014-09-06 10:26 - 00000000 ____D () C:\Users\Minnich\AppData\Local\fabulous_09031318 2014-09-03 13:31 - 2014-09-06 10:16 - 00000000 ____D () C:\ProgramData\Registry Helper 2014-09-03 13:31 - 2014-09-03 13:31 - 00575544 _____ (ClickMeIn Limited) C:\Users\Minnich\AppData\Local\nsrAFFC.tmp 2014-09-03 13:31 - 2014-09-03 13:31 - 00000318 _____ () C:\Users\Minnich\AppData\Roaming\aps.uninstall.scan.results 2014-09-03 13:30 - 2014-09-05 08:05 - 00000000 ____D () C:\ProgramData\DSearchLink 2014-09-03 13:27 - 2014-09-08 09:41 - 00000000 ____D () C:\Users\Minnich\AppData\Roaming\Systweak 2014-09-03 13:27 - 2014-09-03 13:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro 2014-09-03 13:27 - 2014-05-08 12:31 - 00019968 _____ (Activeris) C:\Windows\system32\roboot64.exe 2014-09-03 13:20 - 2014-09-03 13:20 - 00000000 ____D () C:\Users\Minnich\Documents\Optimizer Pro 2014-09-03 13:14 - 2014-09-05 08:15 - 00000000 ____D () C:\Program Files (x86)\FLVM Player 2014-09-02 17:06 - 2014-09-11 11:02 - 00000000 ____D () C:\Users\Minnich\AppData\Roaming\QuickScan 2014-09-02 17:06 - 2014-09-02 17:06 - 00000000 ____D () C:\Users\Minnich\AppData\Local\CrashRpt 2014-09-02 17:04 - 2014-09-02 17:04 - 00073728 _____ ( ) C:\Users\Minnich\Desktop\guiformat.exe 2014-09-01 10:18 - 2014-09-01 10:18 - 00001248 _____ () C:\Users\Minnich\AppData\Roaming\KWHF 2014-09-01 08:38 - 2014-09-01 08:38 - 00000000 ____D () C:\Users\Minnich\AppData\Local\Adobe 2014-08-29 12:59 - 2014-08-29 12:59 - 02073521 _____ (Auerswald) C:\Users\Minnich\Downloads\Install.exe 2014-08-28 07:47 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2014-08-28 07:47 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2014-08-28 07:47 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-08-27 15:59 - 2014-08-27 16:00 - 01068280 _____ () C:\Windows\Minidump\082714-24024-01.dmp ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-19 19:00 - 2014-09-19 17:05 - 00016325 _____ () C:\Users\Minnich\Desktop\FRST.txt 2014-09-19 19:00 - 2009-07-14 06:45 - 00032352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-09-19 19:00 - 2009-07-14 06:45 - 00032352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-09-19 18:59 - 2014-09-19 17:05 - 00065987 _____ () C:\Users\Minnich\Desktop\FRST_.txt 2014-09-19 18:59 - 2014-09-19 17:05 - 00000000 ____D () C:\FRST 2014-09-19 18:51 - 2014-09-04 16:56 - 00000000 ____D () C:\Program Files\AllDaySavings 2014-09-19 18:42 - 2013-09-12 08:36 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-09-19 17:46 - 2014-09-11 11:00 - 00000344 _____ () C:\Windows\Tasks\PC SpeedUp Service Deactivator.job 2014-09-19 17:26 - 2014-09-19 16:57 - 00000333 _____ () C:\Users\Minnich\Desktop\mal.txt 2014-09-19 17:14 - 2014-09-19 17:14 - 00709564 _____ () C:\Users\Minnich\Desktop\delfix_10.8.exe 2014-09-19 17:13 - 2014-09-19 17:13 - 02347384 _____ (ESET) C:\Users\Minnich\Desktop\esetsmartinstaller_deu.exe 2014-09-19 17:13 - 2014-09-19 17:13 - 00448512 _____ (OldTimer Tools) C:\Users\Minnich\Desktop\TFC.exe 2014-09-19 17:12 - 2014-09-19 17:12 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Minnich\Desktop\mbam-setup-2.0.2.1012.exe 2014-09-19 17:09 - 2014-09-19 17:09 - 01373475 _____ () C:\Users\Minnich\Desktop\AdwCleaner_3.310.exe 2014-09-19 17:06 - 2014-09-19 17:05 - 00023349 _____ () C:\Users\Minnich\Desktop\Addition_.txt 2014-09-19 17:04 - 2014-09-19 17:04 - 02105856 _____ (Farbar) C:\Users\Minnich\Desktop\FRST64.exe 2014-09-19 16:52 - 2014-09-19 16:52 - 00000000 ____D () C:\Users\Minnich\Desktop\Alte Browser7-Daten 2014-09-19 16:49 - 2014-09-09 08:13 - 00000000 ____D () C:\Users\Minnich\AppData\Local\Gameo 2014-09-19 13:43 - 2014-09-19 13:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-09-19 13:43 - 2014-06-05 18:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-09-19 10:00 - 2014-09-09 08:12 - 00000000 ____D () C:\Program Files (x86)\DriverRestore 2014-09-19 09:39 - 2014-06-05 16:01 - 01089713 _____ () C:\Windows\WindowsUpdate.log 2014-09-19 09:13 - 2014-09-09 08:17 - 00003260 _____ () C:\Windows\System32\Tasks\PC Speed Maximizer Schedule 2014-09-19 08:13 - 2014-09-09 08:13 - 00003754 _____ () C:\Windows\System32\Tasks\DriverRestore_ScheduledScan 2014-09-19 08:13 - 2014-09-09 08:13 - 00003600 _____ () C:\Windows\System32\Tasks\DriverRestore_DailyScan 2014-09-19 07:57 - 2014-09-11 11:00 - 00000000 ____D () C:\Program Files (x86)\PC Speed Up 2014-09-19 07:54 - 2014-09-11 11:01 - 00000374 _____ () C:\Windows\Tasks\AmiUpdXp.job 2014-09-19 07:52 - 2013-09-12 10:48 - 00029455 _____ () C:\Windows\setupact.log 2014-09-19 07:52 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-09-18 18:16 - 2014-09-03 19:44 - 00000000 ___HD () C:\Users\Public\Temp 2014-09-18 07:56 - 2013-09-12 08:35 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2014-09-18 07:56 - 2013-09-12 08:35 - 00002026 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk 2014-09-18 07:56 - 2013-09-12 08:35 - 00000000 ____D () C:\ProgramData\Adobe 2014-09-18 07:54 - 2014-06-05 17:32 - 00000000 ____D () C:\Users\Minnich\AppData\Roaming\Adobe 2014-09-15 14:12 - 2014-06-10 09:56 - 00000000 ____D () C:\Users\Minnich\Documents\Loewe 2014-09-15 12:57 - 2011-04-12 09:43 - 00699092 _____ () C:\Windows\system32\perfh007.dat 2014-09-15 12:57 - 2011-04-12 09:43 - 00149232 _____ () C:\Windows\system32\perfc007.dat 2014-09-15 12:57 - 2009-07-14 07:13 - 01619284 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-09-15 12:44 - 2014-07-07 13:17 - 00001099 _____ () C:\Users\Minnich\AppData\Roaming\ShiftN.ini 2014-09-14 07:56 - 2014-09-14 07:56 - 01651552 _____ () C:\Windows\Minidump\091414-19156-01.dmp 2014-09-14 07:56 - 2014-06-11 17:27 - 4161772523 _____ () C:\Windows\MEMORY.DMP 2014-09-14 07:56 - 2014-06-11 17:27 - 00000000 ____D () C:\Windows\Minidump 2014-09-13 07:51 - 2014-06-06 11:08 - 00000000 ____D () C:\Program Files (x86)\Browser 7 Maintenance Service 2014-09-11 11:02 - 2014-09-02 17:06 - 00000000 ____D () C:\Users\Minnich\AppData\Roaming\QuickScan 2014-09-11 11:01 - 2014-09-11 11:01 - 00003420 _____ () C:\Windows\System32\Tasks\AmiUpdXp 2014-09-11 11:01 - 2014-09-11 11:01 - 00000000 ____D () C:\Users\Minnich\Documents\PCSpeedUp 2014-09-11 11:01 - 2014-09-11 11:01 - 00000000 ____D () C:\Users\Minnich\AppData\Local\20777 2014-09-11 11:00 - 2014-09-11 11:00 - 00002724 _____ () C:\Windows\System32\Tasks\PC SpeedUp Service Deactivator 2014-09-11 11:00 - 2014-09-11 11:00 - 00001055 _____ () C:\Users\Minnich\Desktop\PC Speed Up.lnk 2014-09-11 11:00 - 2014-09-11 11:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Speed Up 2014-09-11 09:51 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache 2014-09-11 08:42 - 2014-09-11 08:42 - 10036224 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe 2014-09-11 08:42 - 2013-09-12 08:36 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-09-11 08:42 - 2013-09-12 08:36 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-09-11 08:42 - 2013-09-12 08:36 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-09-10 18:46 - 2013-09-12 09:33 - 01592628 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2014-09-10 18:45 - 2014-06-06 13:07 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-09-10 08:18 - 2014-06-06 11:28 - 00000000 ____D () C:\Windows\system32\MRT 2014-09-10 08:17 - 2014-06-06 11:28 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-09-09 08:21 - 2010-11-21 05:47 - 00037824 _____ () C:\Windows\PFRO.log 2014-09-09 08:17 - 2014-09-09 08:17 - 00000000 ____D () C:\Users\Minnich\AppData\Roaming\SumatraPDF 2014-09-09 08:17 - 2014-09-09 08:17 - 00000000 ____D () C:\Users\Minnich\AppData\Roaming\PC Speed Maximizer 2014-09-09 08:13 - 2014-09-09 08:13 - 00001928 _____ () C:\Users\Minnich\Desktop\Play Goodgame Empire.lnk 2014-09-09 08:13 - 2014-09-09 08:13 - 00001805 _____ () C:\Users\Minnich\Desktop\Gameo.lnk 2014-09-09 08:13 - 2014-09-09 08:13 - 00001791 _____ () C:\Users\Minnich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gameo.lnk 2014-09-09 08:13 - 2014-09-09 08:13 - 00000173 _____ () C:\Users\Minnich\Desktop\Play Games Online.url 2014-09-09 08:13 - 2014-09-09 08:13 - 00000173 _____ () C:\Users\Minnich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Play Games Online.url 2014-09-09 08:13 - 2014-09-09 08:13 - 00000000 ___HD () C:\Users\Minnich\AppData\Roaming\GoldenGate 2014-09-09 08:13 - 2014-09-09 08:13 - 00000000 ____D () C:\Users\Minnich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gameo 2014-09-09 08:13 - 2014-09-09 08:13 - 00000000 ____D () C:\Users\Minnich\AppData\Roaming\Gameo 2014-09-09 08:13 - 2014-09-09 08:13 - 00000000 ____D () C:\Users\Minnich\AppData\Roaming\0C1I1L1R1J0C1F1G1G1P1R2Z 2014-09-09 08:12 - 2014-09-09 08:12 - 00001124 _____ () C:\Users\Minnich\Desktop\PC Speed Maximizer.lnk 2014-09-09 08:12 - 2014-09-09 08:12 - 00001074 _____ () C:\Users\Public\Desktop\DriverRestore.lnk 2014-09-09 08:12 - 2014-09-09 08:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Speed Maximizer 2014-09-09 08:12 - 2014-09-09 08:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverRestore 2014-09-09 08:12 - 2014-09-03 15:46 - 00000000 ____D () C:\Program Files (x86)\PC Speed Maximizer 2014-09-09 08:00 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared 2014-09-09 07:59 - 2014-09-09 07:40 - 00000000 ____D () C:\Users\Minnich\AppData\Local\Genesis_09090540 2014-09-09 07:59 - 2014-09-04 07:24 - 00000000 ____D () C:\Users\Minnich\AppData\Roaming\Activeris 2014-09-09 07:47 - 2014-09-09 07:47 - 00853960 _____ (Reimage®) C:\Users\Minnich\Downloads\ReimageRepair.exe 2014-09-09 07:47 - 2014-09-09 07:47 - 00853960 _____ (Reimage®) C:\Users\Minnich\Downloads\ReimageRepair(1).exe 2014-09-09 07:41 - 2014-09-09 07:41 - 00004032 _____ () C:\Windows\System32\Tasks\LaunchSignup 2014-09-09 07:41 - 2014-09-09 07:41 - 00001976 _____ () C:\Users\Minnich\Desktop\Sync Folder.lnk 2014-09-09 07:40 - 2014-09-09 07:40 - 00001094 _____ () C:\Users\Minnich\Desktop\MyPC Backup.lnk 2014-09-09 07:40 - 2014-09-09 07:40 - 00000000 ____D () C:\Users\Minnich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup 2014-09-09 07:40 - 2014-09-09 07:40 - 00000000 ____D () C:\Program Files (x86)\MyPC Backup 2014-09-09 07:39 - 2014-09-09 07:39 - 01255552 _____ () C:\Users\Minnich\Downloads\Setup(1).exe 2014-09-09 07:38 - 2014-09-09 07:37 - 01255552 _____ () C:\Users\Minnich\Downloads\Setup.exe 2014-09-08 14:18 - 2014-09-04 16:07 - 00000000 ___HD () C:\Windows\msdownld.tmp 2014-09-08 14:18 - 2014-06-06 11:59 - 00037103 _____ () C:\Windows\IE11_main.log 2014-09-08 13:32 - 2014-06-05 17:32 - 00063776 _____ () C:\Users\Minnich\AppData\Local\GDIPFONTCACHEV1.DAT 2014-09-08 13:32 - 2009-07-14 06:45 - 00287824 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-09-08 13:28 - 2014-09-08 13:28 - 00003154 _____ () C:\Windows\System32\Tasks\{405D3FA4-397D-4A16-9D21-7494A877FA1E} 2014-09-08 13:20 - 2014-06-06 11:08 - 00001339 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Browser 7 der Telekom.lnk 2014-09-08 13:20 - 2014-06-06 11:08 - 00001327 _____ () C:\Users\Public\Desktop\Browser 7 der Telekom.lnk 2014-09-08 13:19 - 2014-09-08 13:19 - 29689728 _____ (Deutsche Telekom AG) C:\Users\Minnich\Downloads\browser7-latest.exe 2014-09-08 11:33 - 2014-09-08 11:33 - 00718848 _____ ( ) C:\Users\Minnich\Downloads\IDM2-Win-EN.exe 2014-09-08 11:33 - 2014-09-08 11:33 - 00000000 ____D () C:\MININT 2014-09-08 11:33 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Resources 2014-09-08 09:56 - 2014-09-07 11:19 - 00000000 ____D () C:\Program Files\Reimage 2014-09-08 09:41 - 2014-09-08 09:41 - 00003328 _____ () C:\Windows\System32\Tasks\ASP 2014-09-08 09:41 - 2014-09-03 13:27 - 00000000 ____D () C:\Users\Minnich\AppData\Roaming\Systweak 2014-09-07 16:01 - 2014-09-04 16:01 - 00000376 _____ () C:\Windows\Tasks\APSnotifierPP3.job 2014-09-07 11:19 - 2014-09-06 15:00 - 00000000 ____D () C:\Program Files (x86)\ReimageExpress.com 2014-09-07 10:59 - 2014-09-07 10:59 - 00000000 ____D () C:\Users\Minnich\AppData\Roaming\DriverFinder 2014-09-07 08:42 - 2014-09-06 10:47 - 00001224 _____ () C:\Users\Minnich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-09-07 08:42 - 2014-06-05 18:19 - 00001880 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-09-07 08:42 - 2014-06-05 18:19 - 00001868 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-09-06 20:50 - 2014-09-03 19:43 - 00000000 ____D () C:\Program Files (x86)\globalUpdate 2014-09-06 16:35 - 2014-09-06 16:35 - 00000000 ____D () C:\ProgramData\Telekom-Browser 7 2014-09-06 16:35 - 2014-06-06 11:08 - 00000000 ____D () C:\Users\Minnich\AppData\Roaming\Deutsche Telekom AG 2014-09-06 15:44 - 2014-09-06 15:44 - 00362592 _____ (Deutsche Telekom AG) C:\Users\Minnich\Downloads\browser7_setup.exe 2014-09-06 15:03 - 2014-06-07 15:37 - 00000000 ____D () C:\Windows\system32\appmgmt 2014-09-06 14:55 - 2014-09-05 08:05 - 00000000 ____D () C:\Program Files (x86)\Bench 2014-09-06 14:50 - 2013-09-12 08:33 - 00002051 _____ () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-09-06 14:50 - 2013-09-12 08:33 - 00002051 _____ () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-09-06 14:48 - 2014-09-04 16:55 - 00000000 ____D () C:\Program Files (x86)\CDC27E14-F7CE-431E-BBE0-76C7592FBEF6 2014-09-06 14:46 - 2014-09-06 14:45 - 00000000 ____D () C:\Program Files (x86)\Reimageplus.com 2014-09-06 11:03 - 2014-09-05 08:05 - 00000003 _____ () C:\Users\Minnich\AppData\Local\proxy.log 2014-09-06 11:01 - 2009-07-14 04:34 - 00000505 _____ () C:\Windows\win.ini 2014-09-06 10:49 - 2014-09-03 15:41 - 00000000 ____D () C:\Users\Minnich\AppData\Roaming\istartsurf 2014-09-06 10:48 - 2014-09-03 19:44 - 00000000 ____D () C:\Users\Minnich\AppData\Local\Smartbar 2014-09-06 10:45 - 2014-09-06 10:45 - 00000000 ____D () C:\ProgramData\374311380 2014-09-06 10:39 - 2014-09-03 15:43 - 00000000 ____D () C:\ProgramData\SaveClicker 2014-09-06 10:33 - 2014-09-06 10:33 - 00000000 ____D () C:\Program Files (x86)\SaveClicker 2014-09-06 10:33 - 2014-09-03 15:43 - 00000000 ____D () C:\ProgramData\4ef04fb202130dcc 2014-09-06 10:26 - 2014-09-06 10:26 - 00000000 ____D () C:\Program Files (x86)\predm 2014-09-06 10:26 - 2014-09-03 15:18 - 00000000 ____D () C:\Users\Minnich\AppData\Local\fabulous_09031318 2014-09-06 10:21 - 2014-09-03 19:43 - 00000000 ____D () C:\Program Files (x86)\videos MediaPlayer+ 2014-09-06 10:19 - 2014-09-03 15:41 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect 2014-09-06 10:16 - 2014-09-03 13:31 - 00000000 ____D () C:\ProgramData\Registry Helper 2014-09-06 07:53 - 2014-09-06 07:53 - 00000464 _____ () C:\Windows\system32\ScannerSettings 2014-09-05 12:26 - 2014-09-05 12:26 - 00000000 ____D () C:\Users\Minnich\AppData\Local\speed browser 2014-09-05 12:25 - 2014-09-05 12:25 - 01482656 _____ () C:\ProgramData\Setup.exe 2014-09-05 12:25 - 2014-09-05 12:25 - 00000000 ____D () C:\ProgramData\Browser 2014-09-05 08:48 - 2014-09-05 08:48 - 00000000 ____D () C:\TVWizard 2014-09-05 08:15 - 2014-09-03 13:14 - 00000000 ____D () C:\Program Files (x86)\FLVM Player 2014-09-05 08:05 - 2014-09-05 08:05 - 00000000 ____D () C:\Users\Minnich\AppData\Roaming\rightbackup 2014-09-05 08:05 - 2014-09-04 16:50 - 00000529 _____ () C:\END 2014-09-05 08:05 - 2014-09-03 19:45 - 00001889 _____ () C:\Users\Minnich\Desktop\Search.lnk 2014-09-05 08:05 - 2014-09-03 13:30 - 00000000 ____D () C:\ProgramData\DSearchLink 2014-09-05 08:03 - 2014-09-04 16:56 - 00000000 ____D () C:\Users\Minnich\AppData\Roaming\Probit Software 2014-09-05 04:10 - 2014-09-10 14:55 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-09-05 04:05 - 2014-09-10 14:55 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-09-04 19:53 - 2014-09-05 08:26 - 00061064 _____ (StdLib) C:\Windows\system32\Drivers\{e6ca9971-30ed-444a-9489-82fca50b2062}Gw64.sys 2014-09-04 17:34 - 2014-09-04 17:34 - 00000044 _____ () C:\Users\Minnich\AppData\Roaming\WB.CFG 2014-09-04 16:55 - 2014-09-04 16:55 - 00000000 ____D () C:\ProgramData\TEMP 2014-09-04 16:51 - 2014-09-04 16:51 - 01994136 _____ (HQPureQual) C:\Users\Minnich\AppData\Roaming\KWHF.exe 2014-09-04 16:51 - 2014-09-04 16:51 - 00001246 _____ () C:\Windows\Tasks\KWHF.job 2014-09-04 16:51 - 2014-09-04 16:51 - 00000000 ____D () C:\Program Files (x86)\Probit Software 2014-09-04 16:51 - 2014-09-04 16:50 - 00000000 ____D () C:\Program Files\005 2014-09-04 16:34 - 2014-09-04 16:34 - 00000000 _____ () C:\LIL4A39.tmp 2014-09-04 16:34 - 2014-09-04 16:34 - 00000000 _____ () C:\LIL4A0A.tmp 2014-09-04 16:34 - 2014-09-04 16:34 - 00000000 _____ () C:\LIL49DB.tmp 2014-09-04 16:33 - 2014-09-04 16:33 - 00000000 ____D () C:\33cb8ceb-6e1a-4e4c-9963-d32ad5205a76 2014-09-04 16:27 - 2014-09-04 16:27 - 00144760 _____ (Premium Installer ) C:\Users\Minnich\Downloads\javaupdate_setup.exe 2014-09-04 16:21 - 2014-09-04 16:01 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP1.job 2014-09-04 16:16 - 2014-09-04 16:16 - 00244400 _____ () C:\Users\Minnich\Downloads\Firefox Setup Stub 32.0.exe 2014-09-04 16:08 - 2014-09-04 16:01 - 00000376 _____ () C:\Windows\Tasks\APSnotifierPP2.job 2014-09-04 16:01 - 2014-09-04 16:01 - 00002832 _____ () C:\Windows\System32\Tasks\APSnotifierPP1 2014-09-04 16:01 - 2014-09-04 16:01 - 00002830 _____ () C:\Windows\System32\Tasks\APSnotifierPP3 2014-09-04 16:01 - 2014-09-04 16:01 - 00002830 _____ () C:\Windows\System32\Tasks\APSnotifierPP2 2014-09-04 16:00 - 2014-09-04 16:00 - 00575544 _____ (ClickMeIn Limited) C:\Users\Minnich\AppData\Local\nsrAD00.tmp 2014-09-04 07:27 - 2014-09-04 07:27 - 00000000 ____D () C:\Users\Minnich\AppData\Local\com 2014-09-04 07:25 - 2014-06-05 18:20 - 00000000 ____D () C:\Users\Minnich\AppData\Roaming\Mozilla 2014-09-04 07:20 - 2014-09-04 07:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InetStat 2014-09-03 19:42 - 2014-09-03 19:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PepperZip 2014-09-03 19:29 - 2014-09-03 19:29 - 00936136 _____ () C:\Windows\Minidump\090314-14008-01.dmp 2014-09-03 15:46 - 2014-09-03 15:46 - 00000000 ____D () C:\Users\Minnich\Documents\PC Speed Maximizer 2014-09-03 15:43 - 2014-09-03 15:43 - 00000000 ____D () C:\Users\Minnich\AppData\Local\Torch 2014-09-03 15:43 - 2014-09-03 15:43 - 00000000 ____D () C:\Users\Minnich\AppData\Local\Google 2014-09-03 15:43 - 2014-09-03 15:43 - 00000000 ____D () C:\Users\Minnich\AppData\Local\Comodo 2014-09-03 15:43 - 2014-09-03 15:43 - 00000000 ____D () C:\Users\Minnich\AppData\Local\Chromatic Browser 2014-09-03 15:43 - 2014-09-03 15:43 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Torch 2014-09-03 15:43 - 2014-09-03 15:43 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google 2014-09-03 15:43 - 2014-09-03 15:43 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo 2014-09-03 15:43 - 2014-09-03 15:43 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Chromatic Browser 2014-09-03 15:42 - 2014-09-03 15:42 - 00000000 ____D () C:\Users\Minnich\AppData\Local\globalUpdate 2014-09-03 15:42 - 2014-09-03 15:42 - 00000000 ____D () C:\ProgramData\IePluginServices 2014-09-03 15:42 - 2014-09-03 15:41 - 00000000 ____D () C:\Program Files (x86)\SupTab 2014-09-03 13:31 - 2014-09-03 13:31 - 00575544 _____ (ClickMeIn Limited) C:\Users\Minnich\AppData\Local\nsrAFFC.tmp 2014-09-03 13:31 - 2014-09-03 13:31 - 00000318 _____ () C:\Users\Minnich\AppData\Roaming\aps.uninstall.scan.results 2014-09-03 13:27 - 2014-09-03 13:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro 2014-09-03 13:20 - 2014-09-03 13:20 - 00000000 ____D () C:\Users\Minnich\Documents\Optimizer Pro 2014-09-03 02:49 - 2014-09-03 15:19 - 00061072 _____ (StdLib) C:\Windows\system32\Drivers\{c5e48979-bd7f-4cf7-9b73-2482a67a4f37}Gw64.sys 2014-09-02 17:06 - 2014-09-02 17:06 - 00000000 ____D () C:\Users\Minnich\AppData\Local\CrashRpt 2014-09-02 17:04 - 2014-09-02 17:04 - 00073728 _____ ( ) C:\Users\Minnich\Desktop\guiformat.exe 2014-09-02 14:11 - 2014-09-03 19:42 - 04823040 _____ () C:\Windows\score.exe 2014-09-02 10:05 - 2014-06-06 12:17 - 00000000 ____D () C:\It2001 2014-09-01 10:18 - 2014-09-01 10:18 - 00001248 _____ () C:\Users\Minnich\AppData\Roaming\KWHF 2014-09-01 08:38 - 2014-09-01 08:38 - 00000000 ____D () C:\Users\Minnich\AppData\Local\Adobe 2014-08-29 12:59 - 2014-08-29 12:59 - 02073521 _____ (Auerswald) C:\Users\Minnich\Downloads\Install.exe 2014-08-27 16:00 - 2014-08-27 15:59 - 01068280 _____ () C:\Windows\Minidump\082714-24024-01.dmp 2014-08-25 06:53 - 2010-11-21 05:27 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2014-08-23 04:07 - 2014-08-28 07:47 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2014-08-23 03:45 - 2014-08-28 07:47 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2014-08-23 02:59 - 2014-08-28 07:47 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys Files to move or delete: ==================== C:\ProgramData\Setup.exe Some content of TEMP: ==================== C:\Users\Minnich\AppData\Local\Temp\294823_.exe C:\Users\Minnich\AppData\Local\Temp\332023.exe.exe C:\Users\Minnich\AppData\Local\Temp\510_obw_webssearches11-6.exe C:\Users\Minnich\AppData\Local\Temp\AllDaySavings.exe C:\Users\Minnich\AppData\Local\Temp\BackupSetup.exe C:\Users\Minnich\AppData\Local\Temp\CloudBackup593.exe C:\Users\Minnich\AppData\Local\Temp\DRHelper_installFinish.exe C:\Users\Minnich\AppData\Local\Temp\DRHelper_installStart.exe C:\Users\Minnich\AppData\Local\Temp\ICSW_0C1I1L1R1J0C1F1G1G1P1R2Z.exe C:\Users\Minnich\AppData\Local\Temp\ins6F36.tmp.exe C:\Users\Minnich\AppData\Local\Temp\Launcher.exe C:\Users\Minnich\AppData\Local\Temp\nsg58FE.tmp.exe C:\Users\Minnich\AppData\Local\Temp\OnlineBackup.exe C:\Users\Minnich\AppData\Local\Temp\optprosetup.exe C:\Users\Minnich\AppData\Local\Temp\post1.exe C:\Users\Minnich\AppData\Local\Temp\post2.dll C:\Users\Minnich\AppData\Local\Temp\post2.exe C:\Users\Minnich\AppData\Local\Temp\ReimageExpressPackage.exe C:\Users\Minnich\AppData\Local\Temp\ReimageExpressSetup.exe C:\Users\Minnich\AppData\Local\Temp\ReimagePackage.exe C:\Users\Minnich\AppData\Local\Temp\rt-installer.exe C:\Users\Minnich\AppData\Local\Temp\Shop2.exe C:\Users\Minnich\AppData\Local\Temp\Softonic_DE_1-5-11_DE-Production_10_CleanRelease.exe C:\Users\Minnich\AppData\Local\Temp\System.Data.SQLite.dll C:\Users\Minnich\AppData\Local\Temp\System.Data.SQLite10413.dll C:\Users\Minnich\AppData\Local\Temp\System.Data.SQLite10830.dll C:\Users\Minnich\AppData\Local\Temp\System.Data.SQLite10963.dll C:\Users\Minnich\AppData\Local\Temp\System.Data.SQLite11111.dll C:\Users\Minnich\AppData\Local\Temp\System.Data.SQLite11324.dll C:\Users\Minnich\AppData\Local\Temp\System.Data.SQLite11424.dll C:\Users\Minnich\AppData\Local\Temp\System.Data.SQLite12460.dll C:\Users\Minnich\AppData\Local\Temp\System.Data.SQLite13890.dll C:\Users\Minnich\AppData\Local\Temp\System.Data.SQLite19289.dll C:\Users\Minnich\AppData\Local\Temp\System.Data.SQLite19536.dll C:\Users\Minnich\AppData\Local\Temp\System.Data.SQLite20833.dll C:\Users\Minnich\AppData\Local\Temp\System.Data.SQLite21755.dll C:\Users\Minnich\AppData\Local\Temp\System.Data.SQLite22111.dll C:\Users\Minnich\AppData\Local\Temp\System.Data.SQLite22994.dll C:\Users\Minnich\AppData\Local\Temp\System.Data.SQLite23785.dll C:\Users\Minnich\AppData\Local\Temp\System.Data.SQLite27527.dll C:\Users\Minnich\AppData\Local\Temp\System.Data.SQLite27824.dll C:\Users\Minnich\AppData\Local\Temp\System.Data.SQLite29607.dll C:\Users\Minnich\AppData\Local\Temp\System.Data.SQLite29971.dll C:\Users\Minnich\AppData\Local\Temp\System.Data.SQLite36167.dll C:\Users\Minnich\AppData\Local\Temp\System.Data.SQLite37796.dll C:\Users\Minnich\AppData\Local\Temp\System.Data.SQLite38292.dll C:\Users\Minnich\AppData\Local\Temp\System.Data.SQLite49748.dll C:\Users\Minnich\AppData\Local\Temp\System.Data.SQLite52964.dll C:\Users\Minnich\AppData\Local\Temp\System.Data.SQLite54966.dll C:\Users\Minnich\AppData\Local\Temp\System.Data.SQLite56438.dll C:\Users\Minnich\AppData\Local\Temp\System.Data.SQLite57155.dll C:\Users\Minnich\AppData\Local\Temp\System.Data.SQLite59499.dll C:\Users\Minnich\AppData\Local\Temp\System.Data.SQLite60321.dll C:\Users\Minnich\AppData\Local\Temp\System.Data.SQLite61327.dll C:\Users\Minnich\AppData\Local\Temp\System.Data.SQLite62501.dll C:\Users\Minnich\AppData\Local\Temp\System.Data.SQLite62637.dll C:\Users\Minnich\AppData\Local\Temp\System.Data.SQLite62901.dll C:\Users\Minnich\AppData\Local\Temp\System.Data.SQLite64115.dll C:\Users\Minnich\AppData\Local\Temp\System.Data.SQLite65148.dll C:\Users\Minnich\AppData\Local\Temp\System.Data.SQLite66181.dll C:\Users\Minnich\AppData\Local\Temp\System.Data.SQLite74865.dll C:\Users\Minnich\AppData\Local\Temp\System.Data.SQLite76010.dll C:\Users\Minnich\AppData\Local\Temp\System.Data.SQLite77804.dll C:\Users\Minnich\AppData\Local\Temp\System.Data.SQLite78893.dll C:\Users\Minnich\AppData\Local\Temp\System.Data.SQLite81326.dll C:\Users\Minnich\AppData\Local\Temp\System.Data.SQLite82756.dll C:\Users\Minnich\AppData\Local\Temp\System.Data.SQLite84451.dll C:\Users\Minnich\AppData\Local\Temp\System.Data.SQLite86737.dll C:\Users\Minnich\AppData\Local\Temp\System.Data.SQLite86905.dll C:\Users\Minnich\AppData\Local\Temp\System.Data.SQLite87589.dll C:\Users\Minnich\AppData\Local\Temp\System.Data.SQLite89086.dll C:\Users\Minnich\AppData\Local\Temp\System.Data.SQLite89208.dll C:\Users\Minnich\AppData\Local\Temp\System.Data.SQLite90816.dll C:\Users\Minnich\AppData\Local\Temp\System.Data.SQLite91583.dll C:\Users\Minnich\AppData\Local\Temp\System.Data.SQLite91869.dll C:\Users\Minnich\AppData\Local\Temp\System.Data.SQLite94357.dll C:\Users\Minnich\AppData\Local\Temp\System.Data.SQLite94552.dll C:\Users\Minnich\AppData\Local\Temp\System.Data.SQLite94710.dll C:\Users\Minnich\AppData\Local\Temp\System.Data.SQLite94896.dll C:\Users\Minnich\AppData\Local\Temp\System.Data.SQLite97107.dll C:\Users\Minnich\AppData\Local\Temp\System.Data.SQLite97198.dll C:\Users\Minnich\AppData\Local\Temp\System.Data.SQLite98329.dll C:\Users\Minnich\AppData\Local\Temp\System.Data.SQLite99223.dll C:\Users\Minnich\AppData\Local\Temp\System.Data.SQLite99475.dll C:\Users\Minnich\AppData\Local\Temp\UpdateOMG.exe C:\Users\Minnich\AppData\Local\Temp\vcredist_x64.exe C:\Users\Minnich\AppData\Local\Temp\Vuupc_setup.exe C:\Users\Minnich\AppData\Local\Temp\WebsSearches_Installer_20140723.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-09-17 11:49 ==================== End Of Log ============================ Addition.txt: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-09-2014 Ran by Minnich at 2014-09-19 19:00:15 Running from C:\Users\Minnich\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.152 - Adobe Systems Incorporated) Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated) Adobe Reader XI (11.0.09) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated) Browser 7 der Telekom 31.0.20 (x86 de) (HKLM-x32\...\Browser 7 der Telekom 31.0.20 (x86 de)) (Version: 31.0.20 - Deutsche Telekom AG) Browser 7 Maintenance Service (HKLM-x32\...\Browser7MaintenanceService) (Version: 31.0.19 - Deutsche Telekom AG) DriverRestore (HKLM\...\DriverRestore) (Version: 1.0 - 383 Media, Inc.) Easy PDF Reader Packages (HKCU\...\Easy PDF Reader Packages) (Version: - ) <==== ATTENTION Gameo (HKCU\...\Gameo) (Version: 0.9.1 - Fried Cookie Software) InfoTip 2001 (HKLM-x32\...\It2001) (Version: - ) istartsurf uninstall (HKLM-x32\...\istartsurf uninstall) (Version: - istartsurf) <==== ATTENTION MAGIX Foto & Grafik Designer 9 (HKLM-x32\...\MX.{E84F54E0-4BC7-4C19-A969-D22574CDC118}) (Version: 9.1.2.28274 - MAGIX AG) MAGIX Foto & Grafik Designer 9 (Version: 9.1.2.28274 - MAGIX AG) Hidden MAGIX Web Designer MX Premium (HKLM-x32\...\MAGIX_{4D5A1C12-2F7B-4A67-B186-ECAE22EF4FCB}) (Version: 8.0.2.21761 - MAGIX AG) MAGIX Web Designer MX Premium (Version: 8.0.2.21761 - MAGIX AG) Hidden McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.) Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Mozilla Firefox 32.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 32.0.1 (x86 de)) (Version: 32.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 32.0 - Mozilla) MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) MyPC Backup (HKLM\...\MyPC Backup) (Version: - JDi Backup Ltd) <==== ATTENTION PC Speed Maximizer v3.2 (HKLM-x32\...\PC Speed Maximizer_is1) (Version: 3.2 - Smart PC Solutions) PC Speed Up (HKLM\...\PCSU-SL_is1) (Version: 3.6.6.0 - Speedchecker Limited) Photo & Graphic Designer 9 Update (Version: 9.2.8.32681 - MAGIX Software GmbH) Hidden PIKO Master Control V2.0 v1.2.2.38199 (HKLM-x32\...\PIKO Master Control V2.0_is1) (Version: 1.2.2.38199 - KOSTAL Solar Electric GmbH) simplitec simplicheck (HKLM-x32\...\{183D780B-28F9-41BA-A2CB-605F324A5781}) (Version: 1.3.10.0 - simplitec GmbH) Software Version Updater (HKLM-x32\...\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}) (Version: 1.1.3.8 - ) <==== ATTENTION Web Designer Premium MX Update (Version: 8.1.5.31094 - MAGIX AG) Hidden ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 07-09-2014 05:50:26 Windows Defender Checkpoint 08-09-2014 07:48:44 Advanced-System Protector 08-09-2014 08:06:10 Removed Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 08-09-2014 12:26:08 Removed Microsoft Silverlight 09-09-2014 06:00:18 Removed Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 10-09-2014 06:16:46 Windows Update 10-09-2014 16:44:55 Windows Update 17-09-2014 06:11:01 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 04:34 - 2014-09-08 11:33 - 00000867 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 d3oxij66pru1i3.cloudfront.net ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {2A4D46E6-8FE6-40DD-A3B5-AC8F8EE8F7D1} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION Task: {3DE0C654-65C3-4DC0-BA6A-ED7D570CC9D0} - System32\Tasks\ASP => C:\Program Files (x86)\Tuneup Pro\systweakasp.exe Task: {4E4AE86A-7632-4E08-9764-6584860DDA84} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION Task: {5E3F9F07-75C9-445E-A111-E0E250E7E9F5} - System32\Tasks\DriverRestore_ScheduledScan => C:\Program Files (x86)\DriverRestore\DriverRestore.exe [2014-07-15] () Task: {6C3EFE4C-FB27-4E5E-BA51-850E1178EDCB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-11] (Adobe Systems Incorporated) Task: {7929E22C-9E3E-461B-BA2F-D97C10256833} - \ReimageUpdater No Task File <==== ATTENTION Task: {A1820847-BBED-4884-B07D-3C10505F6329} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe [2014-09-03] (MyPC Backup) <==== ATTENTION Task: {C589CB52-199A-4B7F-B043-3CCFA7869176} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION Task: {CBB2E0FD-42FD-4E94-8195-0F713F4F7247} - System32\Tasks\DriverRestore_DailyScan => C:\Program Files (x86)\DriverRestore\DriverRestore.exe [2014-07-15] () Task: {D8511953-6640-4969-95BD-A56F00F64566} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe Task: {DF95028E-2707-4B06-9739-E3D7ECB40BFE} - System32\Tasks\PC Speed Maximizer Schedule => C:\Program Files (x86)\PC Speed Maximizer\SPMLauncher.exe [2014-04-28] (Smart PC Solutions) Task: {EEBE72F4-74A5-4C29-B771-ED972BB6F001} - System32\Tasks\AmiUpdXp => C:\Users\Minnich\AppData\Local\20777\a12408.exe [2014-09-11] () <==== ATTENTION Task: {FFEBAE56-E35C-444C-9303-D2354008698E} - System32\Tasks\PC SpeedUp Service Deactivator => C:\Program Files (x86)\PC Speed Up\PCSUSD.exe [2014-08-08] () <==== ATTENTION Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\AmiUpdXp.job => C:\Users\Minnich\AppData\Local\20777\a12408.exe <==== ATTENTION Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION Task: C:\Windows\Tasks\KWHF.job => C:\Users\Minnich\AppData\Roaming\KWHF.exe Task: C:\Windows\Tasks\PC SpeedUp Service Deactivator.job => C:\Program Files (x86)\PC Speed Up\PCSUSD.exe ==================== Loaded Modules (whitelisted) ============= 2014-09-11 11:00 - 2014-08-08 13:43 - 00430888 _____ () C:\Program Files (x86)\PC Speed Up\PCSUService.exe 2014-07-31 22:20 - 2014-07-31 22:20 - 00172544 _____ () C:\Program Files (x86)\CDC27E14-F7CE-431E-BBE0-76C7592FBEF6\etmajyzoqm64.exe 2014-07-31 22:20 - 2014-07-31 22:20 - 00110080 _____ () C:\Program Files (x86)\CDC27E14-F7CE-431E-BBE0-76C7592FBEF6\nfapi.dll 2014-07-31 22:20 - 2014-07-31 22:20 - 00456192 _____ () C:\Program Files (x86)\CDC27E14-F7CE-431E-BBE0-76C7592FBEF6\ProtocolFilters.dll 2014-08-21 12:33 - 2014-09-03 15:42 - 00106376 _____ () C:\Program Files (x86)\SupTab\WindowsSupportDll64.dll 2014-08-21 12:32 - 2014-09-03 15:41 - 00733576 _____ () C:\Program Files (x86)\SupTab\HpUI.exe 2014-07-16 10:55 - 2014-07-16 10:55 - 00073216 _____ () C:\Program Files (x86)\SupTab\Loader64.exe 2014-07-16 11:16 - 2014-07-16 11:16 - 00064000 _____ () C:\Program Files (x86)\SupTab\Loader32.exe 2014-09-04 16:51 - 2014-09-04 16:51 - 00709120 _____ () C:\Program Files\005\cyycfhtzro64.exe 2014-09-03 19:42 - 2014-09-02 14:11 - 04823040 _____ () C:\Windows\score.exe 2014-09-11 11:00 - 2014-08-08 13:43 - 00585600 _____ () C:\Program Files (x86)\PC Speed Up\sqlite3.dll 2014-08-21 12:33 - 2014-09-03 15:42 - 00023944 _____ () C:\Program Files (x86)\SupTab\WindowsSupportDll32.dll 2014-09-19 13:43 - 2014-09-19 13:43 - 03716720 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ==================== Faulty Device Manager Devices ============= Name: ttnfd Description: ttnfd Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: ttnfd Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: Teredo Tunneling Pseudo-Interface Description: Microsoft-Teredo-Tunneling-Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (09/19/2014 05:13:14 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (09/19/2014 05:13:07 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (09/19/2014 04:49:21 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 31.0.0.5358, Zeitstempel: 0x540837e7 Name des fehlerhaften Moduls: NPSWF32_15_0_0_152.dll, Version: 15.0.0.152, Zeitstempel: 0x53fe8213 Ausnahmecode: 0x80000003 Fehleroffset: 0x00357aad ID des fehlerhaften Prozesses: 0x13dc Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0 Pfad der fehlerhaften Anwendung: plugin-container.exe1 Pfad des fehlerhaften Moduls: plugin-container.exe2 Berichtskennung: plugin-container.exe3 Error: (09/19/2014 04:48:38 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 31.0.0.5358, Zeitstempel: 0x540837e7 Name des fehlerhaften Moduls: NPSWF32_15_0_0_152.dll, Version: 15.0.0.152, Zeitstempel: 0x53fe8213 Ausnahmecode: 0x80000003 Fehleroffset: 0x00357aad ID des fehlerhaften Prozesses: 0xbb8 Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0 Pfad der fehlerhaften Anwendung: plugin-container.exe1 Pfad des fehlerhaften Moduls: plugin-container.exe2 Berichtskennung: plugin-container.exe3 Error: (09/19/2014 07:54:12 AM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT-AUTORITÄT) Description: Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine Ereignisse übermittelt werden. Error: (09/18/2014 07:45:52 AM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT-AUTORITÄT) Description: Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine Ereignisse übermittelt werden. Error: (09/17/2014 08:07:46 AM) (Source: MsiInstaller) (EventID: 1024) (User: Minnich-PC) Description: Produkt: Adobe Reader XI (11.0.08) - Deutsch - Update "{AC76BA86-7AD7-0000-2550-7A8C40011009}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127 Error: (09/17/2014 08:07:39 AM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT-AUTORITÄT) Description: Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine Ereignisse übermittelt werden. Error: (09/16/2014 07:24:42 AM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT-AUTORITÄT) Description: Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine Ereignisse übermittelt werden. Error: (09/15/2014 07:43:36 AM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT-AUTORITÄT) Description: Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine Ereignisse übermittelt werden. System errors: ============= Error: (09/19/2014 07:53:01 AM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: ttnfd Error: (09/19/2014 07:53:00 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Reimage Real Time Protector" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (09/19/2014 07:53:00 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Computer Backup (MyPC Backup)" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (09/19/2014 07:53:00 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Computer Backup (MyPC Backup) erreicht. Error: (09/19/2014 07:50:50 AM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: ttnfd Error: (09/19/2014 07:50:50 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Reimage Real Time Protector" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (09/19/2014 07:50:50 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Computer Backup (MyPC Backup)" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (09/19/2014 07:50:50 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Computer Backup (MyPC Backup) erreicht. Error: (09/18/2014 07:44:44 AM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: ttnfd Error: (09/18/2014 07:44:43 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Reimage Real Time Protector" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Microsoft Office Sessions: ========================= Error: (09/19/2014 05:13:14 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Minnich\Desktop\esetsmartinstaller_deu.exe Error: (09/19/2014 05:13:07 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Minnich\Downloads\esetsmartinstaller_deu.exe Error: (09/19/2014 04:49:21 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: plugin-container.exe31.0.0.5358540837e7NPSWF32_15_0_0_152.dll15.0.0.15253fe82138000000300357aad13dc01cfd418d87e3b37C:\Program Files (x86)\Deutsche Telekom AG\Browser 7\plugin-container.exeC:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll234117ff-400c-11e4-bd3d-001999962e10 Error: (09/19/2014 04:48:38 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: plugin-container.exe31.0.0.5358540837e7NPSWF32_15_0_0_152.dll15.0.0.15253fe82138000000300357aadbb801cfd417e0d5d892C:\Program Files (x86)\Deutsche Telekom AG\Browser 7\plugin-container.exeC:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll09ca037a-400c-11e4-bd3d-001999962e10 Error: (09/19/2014 07:54:12 AM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT-AUTORITÄT) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/18/2014 07:45:52 AM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT-AUTORITÄT) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/17/2014 08:07:46 AM) (Source: MsiInstaller) (EventID: 1024) (User: Minnich-PC) Description: Adobe Reader XI (11.0.08) - Deutsch{AC76BA86-7AD7-0000-2550-7A8C40011009}1625(NULL)(NULL)(NULL) Error: (09/17/2014 08:07:39 AM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT-AUTORITÄT) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/16/2014 07:24:42 AM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT-AUTORITÄT) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/15/2014 07:43:36 AM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT-AUTORITÄT) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 ==================== Memory info =========================== Processor: Intel(R) Core(TM)2 Duo CPU E7500 @ 2.93GHz Percentage of memory in use: 36% Total physical RAM: 3967.61 MB Available physical RAM: 2504.04 MB Total Pagefile: 8233.41 MB Available Pagefile: 6719.95 MB Total Virtual: 8192 MB Available Virtual: 8191.84 MB ==================== Drives ================================ Drive c: (Windows) (Fixed) (Total:225.22 GB) (Free:180.31 GB) NTFS ==>[Drive with boot components (obtained from BCD)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 0841F56C) Partition 1: (Not Active) - (Size=7.7 GB) - (Type=27) Partition 2: (Active) - (Size=225.2 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Besten Gruß. |
19.09.2014, 18:08 | #2 |
/// the machine /// TB-Ausbilder | Befall von Malware (zym.tollbahsuburban.com) auf Windows 7 Professional PC hi,
__________________Adware & Co. deinstallieren
Scan mit Combofix
__________________ |
20.09.2014, 09:09 | #3 | |
| Befall von Malware (zym.tollbahsuburban.com) auf Windows 7 Professional PCZitat:
aufgrund andauernder Gewitter konnte gestern leider nicht mehr weiter gemacht werden. Jetzt geht es weiter. Folgendes Programm wird zwar im FRST Logfile mit "ATTENTION" markiert, ist aber nicht im Revo Uninstaller aufgeführt: Code:
ATTFilter MyPC Backup (HKLM\...\MyPC Backup) (Version: - JDi Backup Ltd) <==== ATTENTION Anbei nochmal ein neuer Scan von FRST nach einem Neustart. Ich weiß nicht, wie lange der befallene PC gestern schon lief, bzw. was unternommen wurde, _bevor_ ich den ersten Scan gestartet hatte. FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-09-2014 Ran by PcUser (administrator) on PcUser-PC on 20-09-2014 10:12:32 Running from C:\Users\PcUser\Desktop Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) () C:\Program Files (x86)\PC Speed Up\PCSUService.exe (Cherished Technololgy LIMITED) C:\ProgramData\IePluginServices\PluginService.exe () C:\Program Files (x86)\CDC27E14-F7CE-431E-BBE0-76C7592FBEF6\etmajyzoqm64.exe (Smart PC Solutions) C:\Program Files (x86)\PC Speed Maximizer\PCSpeedMaximizer.exe (Smart PC Solutions) C:\Program Files (x86)\PC Speed Maximizer\SPMSmartScan.exe () C:\Users\PcUser\AppData\Roaming\Gameo\gameo.exe () C:\Program Files (x86)\PC Speed Up\PCSUNotifier.exe (MyPCBackup.com) C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe () C:\Users\PcUser\AppData\Roaming\Gameo\gameo.exe () C:\Users\PcUser\AppData\Roaming\Gameo\gameo.exe () C:\Program Files (x86)\SupTab\HpUI.exe () C:\Program Files (x86)\SupTab\Loader64.exe () C:\Program Files (x86)\SupTab\Loader32.exe (SIEN S.A.) C:\Program Files (x86)\Common Files\IMGUpdater\IMGUpdater.exe () C:\Windows\score.exe () C:\Users\PcUser\AppData\Roaming\Gameo\gameo.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Unattend0000000001{15346C6C-F853-4410-BF55-473812C60FF7}] => %SYSTEMDRIVE%\restore\createrestore.exe /r HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [mbot_de_53] => [X] HKLM-x32\...\Run: [Registry Helper] => "C:\Program Files (x86)\Registry Helper\RegistryHelper.Exe" /boot HKLM-x32\...\Run: [AnyProtect Scanner] => "C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe" HKLM-x32\...\Run: [OneMoreGame] => C:\Users\PcUser\AppData\Roaming\OneMoreGame\OMG.exe HKU\S-1-5-21-3299499388-507950971-3432295107-1001\...\Run: [PC Speed Maximizer] => C:\Program Files (x86)\PC Speed Maximizer\SPMLauncher.exe [134968 2014-04-28] (Smart PC Solutions) HKU\S-1-5-21-3299499388-507950971-3432295107-1001\...\Run: [Gameo] => C:\Users\PcUser\AppData\Roaming\Gameo\gameo.exe [41402880 2014-08-25] () HKU\S-1-5-21-3299499388-507950971-3432295107-1001\...\Run: [PCSpeedUp] => C:\Program Files (x86)\PC Speed Up\PCSUNotifier.exe [300840 2014-08-08] () IFEO\DatamngrCoordinator.exe: [Debugger] tasklist.exe Startup: C:\Users\PcUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJ_l4MkPpONrsnaOi2aKJtss8TtA0GPrLhjCU0ALyib4jnlq109wosoT5F3TUS5eDDBEVsm9WlbCJFlcWYKrfpB9DipEMvosDUOqnmrEE1xLL646Penf6gjruOKEuDU0hyggl6E55d-bHbV4ytN2XwtR4MQA,,&q={searchTerms} HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.mystart.com/?pr=vmn&id=mystarttb&v=5_4&ent=hp_5108&src=5108 HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJ_l4MkPpONrsnaOi2aKJtss8TtA0GPrLhjCU0ALyib4jnlq109wosoT5F3TUS5eDDBEVsm9WlbCJFlcWYKrfpB9DipEMvosDUOqnmrEE1xLL646Penf6gjruOKEuDU0hyggl6E55d-bHbV4ytN2XwtR4MQA,,&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1409842302&from=obw&uid=WDCXWD2500AAJS-07M0A0_WD-WMAV2DU1265412654&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1409842302&from=obw&uid=WDCXWD2500AAJS-07M0A0_WD-WMAV2DU1265412654&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1409842302&from=obw&uid=WDCXWD2500AAJS-07M0A0_WD-WMAV2DU1265412654&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1409842302&from=obw&uid=WDCXWD2500AAJS-07M0A0_WD-WMAV2DU1265412654&q={searchTerms} StartMenuInternet: IEXPLORE.EXE - iexplore.exe SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM - {CC865B26-C31D-4D23-B17B-96548EEF03F6} URL = SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJ_l4MkPpONrsnaOi2aKJtss8TtA0GPrLhjCU0ALyib4jnlq109wosoT5F3TUS5eDDBEVsm9WlbCJFlcWYKrfpB9DipEMvosDUOqnmrEE1xLL646Penf6gjruOKEuDU0hyggl6E55d-bHbV4ytN2XwtR4MRw,,&q={searchTerms} SearchScopes: HKCU - DefaultScope {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = hxxp://www.mystart.com/results.php?gen=ms&pr=vmn&id=mystarttb&v=5_4&ent=ch_5108&q={searchTerms} SearchScopes: HKCU - 569F02B720D640868C23E94F03F2C832 URL = hxxp://groovorio.com/results.php?f=4&q={searchTerms}&a=grv_bndl1_14_26&cd=2XzuyEtN2Y1L1QzutDtDtCzyzyzyzyyCtB0EtCtDtDtByBzytN0D0Tzu0SzyyBzztN1L2XzutAtFtBtFtCtFtDtN1L1Czu1N1C2X1V1S1G1Q1ItC1VtCyE1VtByCtN1L1G1B1V1N2Y1L1Qzu2SyDtDyC0Dzy0CyBzytGzyyDyEyDtGzzyCzy0AtGtCyCzyyEtGtAyDtByCyDtBtByBtA0A0Bzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzztC0Fzzzz0DtByDtG0E0CtAyDtGyEtCyD0AtGzytC0AyDtG0ByEyB0EtAyBzy0DyEtD0C0F2Q&cr=1773006457&ir= SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJ_l4MkPpONrsnaOi2aKJtss8TtA0GPrLhjCU0ALyib4jnlq109wosoT5F3TUS5eDDBEVsm9WlbCJFlcWYKrfpB9DipEMvosDUOqnmrEE1xLL646Penf6gjruOKEuDU0hyggl6E55d-bHbV4ytN2XwtR4MQA,,&q={searchTerms} SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3331213&octid=EB_ORIGINAL_CTID&ISID=MF92BE761-D608-4647-83D0-3881FB749AC8&SearchSource=58&CUI=&UM=6&UP=SP8C0EDAF5-C883-4ED5-A6B4-0B4989531E5B&q={searchTerms}&SSPV=&SSPV= SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.only-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=F6F5001999962E10&affID=129280&tt=020914_onst&tsp=5362 SearchScopes: HKCU - {2B37E792-BCB1-4CE3-A0BA-E9C5B53FA524} URL = hxxp://www.only-search.com/?babsrc=SP_kms&affID=129360&tt=020914_onst&mntrid=F6F5001999962E10&tsp=5361&q={searchTerms}&r=667 SearchScopes: HKCU - {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = hxxp://www.mystart.com/results.php?gen=ms&pr=vmn&id=mystarttb&v=5_4&ent=ch_5108&q={searchTerms} BHO: Shopping Helper SmartbarEngine -> {31ad400d-1b06-4e33-a59a-90c2c140cba0} -> C:\Windows\system32\mscoree.dll (Microsoft Corporation) BHO: TermTutor -> {6CB99040-7828-4C37-AC01-F15758F43E4D} -> C:\Program Files\TermTutor\IE\TermTutorClientIE.dll No File BHO: IMinent WebBooster (BHO) -> {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} -> C:\Program Files (x86)\Iminent\Minibar.InternetExplorer.BHOx64.dll No File BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.) BHO-x32: Shopping Helper SmartbarEngine -> {31ad400d-1b06-4e33-a59a-90c2c140cba0} -> C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation) BHO-x32: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files (x86)\SupTab\SupTab.dll (Thinknice Co. Limited) BHO-x32: No Name -> {84FF7BD6-B47F-46F8-9130-01B2696B36CB} -> No File BHO-x32: No Name -> {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} -> No File Toolbar: HKLM - Shopping Helper Smartbar - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\system32\mscoree.dll (Microsoft Corporation) Toolbar: HKLM-x32 - Shopping Helper Smartbar - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation) Hosts: 127.0.0.1 d3oxij66pru1i3.cloudfront.net Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\PcUser\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default FF NewTab: chrome://quick_start/content/index.html FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll () FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF user.js: detected! => C:\Users\PcUser\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\user.js FF Plugin ProgramFiles/Appdata: C:\Users\PcUser\AppData\Roaming\mozilla\plugins\np-mswmp.dll (Microsoft Corporation) FF SearchPlugin: C:\Users\PcUser\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\searchplugins\Groovorio.xml FF SearchPlugin: C:\Users\PcUser\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\searchplugins\onlysearchkms.xml FF SearchPlugin: C:\Users\PcUser\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\searchplugins\trovi-search.xml FF SearchPlugin: C:\Users\PcUser\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\searchplugins\Web Search.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\istartsurf.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\mystarttb.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\StartWeb.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Fast Start - C:\Users\PcUser\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\Extensions\faststartff@gmail.com [2014-09-03] FF Extension: Internet Download Manager Squared - C:\Users\PcUser\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\Extensions\idmsq@idmsq.com [2014-09-08] FF Extension: SaveClicker - C:\Users\PcUser\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\Extensions\jstrj2otka@kuxbzdmdd-.com [2014-09-03] FF Extension: 123b222059cb11dbb0de0800200c9a66 - C:\Users\PcUser\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\Extensions\{123b2220-59cb-11db-b0de-0800200c9a66} [2014-09-08] FF Extension: Groovorio - C:\Users\PcUser\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\Extensions\{73843edf-1075-4a55-947c-e13e0dc9349e} [2014-09-04] FF Extension: AF445D67154C4c69A17B7F392BCC36A3 - C:\Users\PcUser\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\Extensions\{AF445D67-154C-4c69-A17B-7F392BCC36A3} [2014-09-07] FF Extension: Iminent - C:\Users\PcUser\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\Extensions\firefoxmini@go.im.xpi [2014-09-03] FF Extension: NoScript - C:\Users\PcUser\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-09-19] FF HKLM-x32\...\Firefox\Extensions: [termtutor@termtutor.com] - C:\Program Files (x86)\Mozilla Firefox\extensions\termtutor@termtutor.com FF HKLM-x32\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\PcUser\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04] Chrome: ======= CHR Profile: C:\Users\PcUser\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (SaveClicker) - C:\Users\PcUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\bndmpmkpkcaipgdfamhmjdkeemneaeco [2014-09-03] CHR Extension: (No Name) - C:\Users\PcUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnjjngeaknajbdcgpfkgnonkmififhfo [2014-09-08] CHR Extension: (No Name) - C:\Users\PcUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\mblbciejcodpealifnhfjbdlkedplodp [2014-09-07] CHR Extension: (No Name) - C:\Users\PcUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdapmeleikeppmfgadilffngabfpibok [2014-09-07] CHR Extension: (No Name) - C:\Users\PcUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\mflbcmpjneookibbaeopkfcnegknkgog [2014-09-10] CHR Extension: (No Name) - C:\Users\PcUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnanplinmmnjhobaliikmelmmjpoogkb [2014-09-04] CHR HKLM-x32\...\Chrome\Extension: [dghncoeocefmhkhiphdgikkamjeglbfh] - C:\Program Files (x86)\mystarttb\chrome-newtab-search.crx [] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AllDaySavingsService64; C:\Program Files (x86)\CDC27E14-F7CE-431E-BBE0-76C7592FBEF6\etmajyzoqm64.exe [172544 2014-07-31] () [File not signed] S2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [36936 2014-09-03] (Just Develop It) S3 Browser7Maintenance; C:\Program Files (x86)\Browser 7 Maintenance Service\maintenanceservice.exe [118584 2014-09-12] (Deutsche Telekom AG) S2 cyycfhtzro64; C:\Program Files\005\cyycfhtzro64.exe [709120 2014-09-04] () [File not signed] R2 GlobalUpdater; C:\Program Files (x86)\Common Files\IMGUpdater\IMGUpdater.exe [378152 2014-08-13] (SIEN S.A.) R2 IePluginServices; C:\ProgramData\IePluginServices\PluginService.exe [715656 2014-09-03] (Cherished Technololgy LIMITED) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.) R2 PCSUService; C:\Program Files (x86)\PC Speed Up\PCSUService.exe [430888 2014-08-08] () R2 scores; C:\Windows\score.exe [4823040 2014-09-02] () [File not signed] S2 ReimageRealTimeProtector; C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 netfilter64; C:\Windows\System32\drivers\netfilter64.sys [46376 2014-07-31] (NetFilterSDK.com) R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.) R1 {c5e48979-bd7f-4cf7-9b73-2482a67a4f37}Gw64; C:\Windows\System32\drivers\{c5e48979-bd7f-4cf7-9b73-2482a67a4f37}Gw64.sys [61072 2014-09-03] (StdLib) R1 {e6ca9971-30ed-444a-9489-82fca50b2062}Gw64; C:\Windows\System32\drivers\{e6ca9971-30ed-444a-9489-82fca50b2062}Gw64.sys [61064 2014-09-04] (StdLib) S3 cpuz134; \??\C:\Users\PcUser\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X] S1 ttnfd; system32\drivers\ttnfd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-20 10:09 - 2014-09-20 10:09 - 00025708 _____ () C:\Users\PcUser\Desktop\Addition.txt 2014-09-19 19:12 - 2014-09-19 19:12 - 00001271 _____ () C:\Users\PcUser\Desktop\Revo Uninstaller.lnk 2014-09-19 19:12 - 2014-09-19 19:12 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2014-09-19 19:11 - 2014-09-19 19:11 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\PcUser\Desktop\revosetup95.exe 2014-09-19 19:00 - 2014-09-19 19:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-09-19 17:14 - 2014-09-19 17:14 - 00709564 _____ () C:\Users\PcUser\Desktop\delfix_10.8.exe 2014-09-19 17:13 - 2014-09-19 17:13 - 02347384 _____ (ESET) C:\Users\PcUser\Desktop\esetsmartinstaller_deu.exe 2014-09-19 17:13 - 2014-09-19 17:13 - 00448512 _____ (OldTimer Tools) C:\Users\PcUser\Desktop\TFC.exe 2014-09-19 17:12 - 2014-09-19 17:12 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\PcUser\Desktop\mbam-setup-2.0.2.1012.exe 2014-09-19 17:09 - 2014-09-19 17:09 - 01373475 _____ () C:\Users\PcUser\Desktop\AdwCleaner_3.310.exe 2014-09-19 17:05 - 2014-09-20 10:12 - 00016387 _____ () C:\Users\PcUser\Desktop\FRST.txt 2014-09-19 17:05 - 2014-09-20 10:12 - 00000000 ____D () C:\FRST 2014-09-19 17:05 - 2014-09-19 19:00 - 00066173 _____ () C:\Users\PcUser\Desktop\FRST_.txt 2014-09-19 17:05 - 2014-09-19 19:00 - 00024188 _____ () C:\Users\PcUser\Desktop\Addition_.txt 2014-09-19 17:04 - 2014-09-19 17:04 - 02105856 _____ (Farbar) C:\Users\PcUser\Desktop\FRST64.exe 2014-09-19 16:57 - 2014-09-19 17:26 - 00000333 _____ () C:\Users\PcUser\Desktop\mal.txt 2014-09-19 16:52 - 2014-09-19 16:52 - 00000000 ____D () C:\Users\PcUser\Desktop\Alte Browser7-Daten 2014-09-14 07:56 - 2014-09-14 07:56 - 01651552 _____ () C:\Windows\Minidump\091414-19156-01.dmp 2014-09-11 11:01 - 2014-09-20 10:12 - 00000374 _____ () C:\Windows\Tasks\AmiUpdXp.job 2014-09-11 11:01 - 2014-09-11 11:01 - 00003420 _____ () C:\Windows\System32\Tasks\AmiUpdXp 2014-09-11 11:01 - 2014-09-11 11:01 - 00000000 ____D () C:\Users\PcUser\Documents\PCSpeedUp 2014-09-11 11:01 - 2014-09-11 11:01 - 00000000 ____D () C:\Users\PcUser\AppData\Local\20777 2014-09-11 11:00 - 2014-09-20 10:10 - 00000000 ____D () C:\Program Files (x86)\PC Speed Up 2014-09-11 11:00 - 2014-09-19 19:37 - 00000344 _____ () C:\Windows\Tasks\PC SpeedUp Service Deactivator.job 2014-09-11 11:00 - 2014-09-11 11:00 - 00002724 _____ () C:\Windows\System32\Tasks\PC SpeedUp Service Deactivator 2014-09-11 11:00 - 2014-09-11 11:00 - 00001055 _____ () C:\Users\PcUser\Desktop\PC Speed Up.lnk 2014-09-11 11:00 - 2014-09-11 11:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Speed Up 2014-09-11 08:42 - 2014-09-11 08:42 - 10036224 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe 2014-09-10 18:47 - 2014-08-19 20:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-09-10 18:47 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-09-10 18:47 - 2014-08-19 00:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-09-10 18:47 - 2014-08-19 00:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-09-10 18:47 - 2014-08-19 00:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-09-10 18:47 - 2014-08-19 00:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-09-10 18:47 - 2014-08-19 00:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-09-10 18:47 - 2014-08-19 00:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-09-10 18:47 - 2014-08-19 00:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-09-10 18:47 - 2014-08-19 00:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-09-10 18:47 - 2014-08-19 00:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-09-10 18:47 - 2014-08-19 00:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-09-10 18:47 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-09-10 18:47 - 2014-08-18 23:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-09-10 18:47 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-09-10 18:47 - 2014-08-18 23:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-09-10 18:47 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-09-10 18:47 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-09-10 18:47 - 2014-08-18 23:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-09-10 18:47 - 2014-08-18 23:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-09-10 18:47 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-09-10 18:47 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-09-10 18:47 - 2014-08-18 23:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-09-10 18:47 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-09-10 18:47 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-09-10 18:47 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-09-10 18:47 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-09-10 18:47 - 2014-08-18 23:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-09-10 18:47 - 2014-08-18 23:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-09-10 18:47 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-09-10 18:47 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-09-10 18:47 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-09-10 18:47 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-09-10 18:47 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-09-10 18:46 - 2014-08-19 01:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-09-10 18:46 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-09-10 18:46 - 2014-08-19 00:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-09-10 18:46 - 2014-08-19 00:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-09-10 18:46 - 2014-08-19 00:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-09-10 18:46 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-09-10 18:46 - 2014-08-19 00:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-09-10 18:46 - 2014-08-18 23:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-09-10 18:46 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-09-10 18:46 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-09-10 18:46 - 2014-08-18 23:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-09-10 18:46 - 2014-08-18 23:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-09-10 18:46 - 2014-08-18 23:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-09-10 18:46 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-09-10 18:46 - 2014-08-18 23:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-09-10 18:46 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-09-10 18:46 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-09-10 18:46 - 2014-08-18 22:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-09-10 18:46 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-09-10 18:46 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-09-10 18:46 - 2014-08-18 22:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-09-10 18:46 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-09-10 14:57 - 2014-08-01 13:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll 2014-09-10 14:57 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll 2014-09-10 14:55 - 2014-09-05 04:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-09-10 14:55 - 2014-09-05 04:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-09-10 14:55 - 2014-07-07 04:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-09-10 14:55 - 2014-07-07 04:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-09-10 14:55 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-09-10 14:55 - 2014-07-07 03:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2014-09-10 14:55 - 2014-07-07 03:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2014-09-10 14:55 - 2014-06-24 05:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll 2014-09-10 14:55 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll 2014-09-10 08:17 - 2014-06-27 04:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll 2014-09-10 08:17 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll 2014-09-09 08:17 - 2014-09-20 10:10 - 00003260 _____ () C:\Windows\System32\Tasks\PC Speed Maximizer Schedule 2014-09-09 08:17 - 2014-09-09 08:17 - 00000000 ____D () C:\Users\PcUser\AppData\Roaming\SumatraPDF 2014-09-09 08:17 - 2014-09-09 08:17 - 00000000 ____D () C:\Users\PcUser\AppData\Roaming\PC Speed Maximizer 2014-09-09 08:13 - 2014-09-20 10:10 - 00000000 ____D () C:\Users\PcUser\AppData\Local\Gameo 2014-09-09 08:13 - 2014-09-20 08:14 - 00003754 _____ () C:\Windows\System32\Tasks\DriverRestore_ScheduledScan 2014-09-09 08:13 - 2014-09-20 08:14 - 00003600 _____ () C:\Windows\System32\Tasks\DriverRestore_DailyScan 2014-09-09 08:13 - 2014-09-09 08:13 - 00001928 _____ () C:\Users\PcUser\Desktop\Play Goodgame Empire.lnk 2014-09-09 08:13 - 2014-09-09 08:13 - 00001805 _____ () C:\Users\PcUser\Desktop\Gameo.lnk 2014-09-09 08:13 - 2014-09-09 08:13 - 00001791 _____ () C:\Users\PcUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gameo.lnk 2014-09-09 08:13 - 2014-09-09 08:13 - 00000173 _____ () C:\Users\PcUser\Desktop\Play Games Online.url 2014-09-09 08:13 - 2014-09-09 08:13 - 00000173 _____ () C:\Users\PcUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Play Games Online.url 2014-09-09 08:13 - 2014-09-09 08:13 - 00000000 ___HD () C:\Users\PcUser\AppData\Roaming\GoldenGate 2014-09-09 08:13 - 2014-09-09 08:13 - 00000000 ____D () C:\Users\PcUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gameo 2014-09-09 08:13 - 2014-09-09 08:13 - 00000000 ____D () C:\Users\PcUser\AppData\Roaming\Gameo 2014-09-09 08:13 - 2014-09-09 08:13 - 00000000 ____D () C:\Users\PcUser\AppData\Roaming\0C1I1L1R1J0C1F1G1G1P1R2Z 2014-09-09 08:12 - 2014-09-20 08:14 - 00000000 ____D () C:\Program Files (x86)\DriverRestore 2014-09-09 08:12 - 2014-09-09 08:12 - 00001124 _____ () C:\Users\PcUser\Desktop\PC Speed Maximizer.lnk 2014-09-09 08:12 - 2014-09-09 08:12 - 00001074 _____ () C:\Users\Public\Desktop\DriverRestore.lnk 2014-09-09 08:12 - 2014-09-09 08:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Speed Maximizer 2014-09-09 08:12 - 2014-09-09 08:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverRestore 2014-09-09 08:12 - 2014-07-01 19:37 - 00020872 _____ (Phoenix Technologies) C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS 2014-09-09 07:47 - 2014-09-09 07:47 - 00853960 _____ (Reimage®) C:\Users\PcUser\Downloads\ReimageRepair.exe 2014-09-09 07:47 - 2014-09-09 07:47 - 00853960 _____ (Reimage®) C:\Users\PcUser\Downloads\ReimageRepair(1).exe 2014-09-09 07:41 - 2014-09-09 07:41 - 00004032 _____ () C:\Windows\System32\Tasks\LaunchSignup 2014-09-09 07:41 - 2014-09-09 07:41 - 00001976 _____ () C:\Users\PcUser\Desktop\Sync Folder.lnk 2014-09-09 07:40 - 2014-09-09 07:59 - 00000000 ____D () C:\Users\PcUser\AppData\Local\Genesis_09090540 2014-09-09 07:40 - 2014-09-09 07:40 - 00001094 _____ () C:\Users\PcUser\Desktop\MyPC Backup.lnk 2014-09-09 07:40 - 2014-09-09 07:40 - 00000000 ____D () C:\Users\PcUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup 2014-09-09 07:40 - 2014-09-09 07:40 - 00000000 ____D () C:\Program Files (x86)\MyPC Backup 2014-09-09 07:39 - 2014-09-09 07:39 - 01255552 _____ () C:\Users\PcUser\Downloads\Setup(1).exe 2014-09-09 07:37 - 2014-09-09 07:38 - 01255552 _____ () C:\Users\PcUser\Downloads\Setup.exe 2014-09-08 13:28 - 2014-09-08 13:28 - 00003154 _____ () C:\Windows\System32\Tasks\{405D3FA4-397D-4A16-9D21-7494A877FA1E} 2014-09-08 13:19 - 2014-09-08 13:19 - 29689728 _____ (Deutsche Telekom AG) C:\Users\PcUser\Downloads\browser7-latest.exe 2014-09-08 11:33 - 2014-09-08 11:33 - 00718848 _____ ( ) C:\Users\PcUser\Downloads\IDM2-Win-EN.exe 2014-09-08 11:33 - 2014-09-08 11:33 - 00000000 ____D () C:\MININT 2014-09-08 09:41 - 2014-09-08 09:41 - 00003328 _____ () C:\Windows\System32\Tasks\ASP 2014-09-07 11:19 - 2014-09-08 09:56 - 00000000 ____D () C:\Program Files\Reimage 2014-09-07 10:59 - 2014-09-07 10:59 - 00000000 ____D () C:\Users\PcUser\AppData\Roaming\DriverFinder 2014-09-06 16:35 - 2014-09-06 16:35 - 00000000 ____D () C:\ProgramData\Telekom-Browser 7 2014-09-06 15:44 - 2014-09-06 15:44 - 00362592 _____ (Deutsche Telekom AG) C:\Users\PcUser\Downloads\browser7_setup.exe 2014-09-06 15:00 - 2014-09-07 11:19 - 00000000 ____D () C:\Program Files (x86)\ReimageExpress.com 2014-09-06 14:45 - 2014-09-06 14:46 - 00000000 ____D () C:\Program Files (x86)\Reimageplus.com 2014-09-06 10:47 - 2014-09-07 08:42 - 00001224 _____ () C:\Users\PcUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-09-06 10:45 - 2014-09-06 10:45 - 00000000 ____D () C:\ProgramData\374311380 2014-09-06 10:33 - 2014-09-06 10:33 - 00000000 ____D () C:\Program Files (x86)\SaveClicker 2014-09-06 10:26 - 2014-09-06 10:26 - 00000000 ____D () C:\Program Files (x86)\predm 2014-09-06 07:53 - 2014-09-06 07:53 - 00000464 _____ () C:\Windows\system32\ScannerSettings 2014-09-05 12:26 - 2014-09-05 12:26 - 00000000 ____D () C:\Users\PcUser\AppData\Local\speed browser 2014-09-05 12:25 - 2014-09-05 12:25 - 01482656 _____ () C:\ProgramData\Setup.exe 2014-09-05 12:25 - 2014-09-05 12:25 - 00000000 ____D () C:\ProgramData\Browser 2014-09-05 08:48 - 2014-09-05 08:48 - 00000000 ____D () C:\TVWizard 2014-09-05 08:26 - 2014-09-04 19:53 - 00061064 _____ (StdLib) C:\Windows\system32\Drivers\{e6ca9971-30ed-444a-9489-82fca50b2062}Gw64.sys 2014-09-05 08:05 - 2014-09-06 14:55 - 00000000 ____D () C:\Program Files (x86)\Bench 2014-09-05 08:05 - 2014-09-06 11:03 - 00000003 _____ () C:\Users\PcUser\AppData\Local\proxy.log 2014-09-05 08:05 - 2014-09-05 08:05 - 00000000 ____D () C:\Users\PcUser\AppData\Roaming\rightbackup 2014-09-04 17:34 - 2014-09-04 17:34 - 00000044 _____ () C:\Users\PcUser\AppData\Roaming\WB.CFG 2014-09-04 16:56 - 2014-09-20 08:22 - 00000000 ____D () C:\Program Files\AllDaySavings 2014-09-04 16:56 - 2014-09-05 08:03 - 00000000 ____D () C:\Users\PcUser\AppData\Roaming\Probit Software 2014-09-04 16:55 - 2014-09-06 14:48 - 00000000 ____D () C:\Program Files (x86)\CDC27E14-F7CE-431E-BBE0-76C7592FBEF6 2014-09-04 16:55 - 2014-09-04 16:55 - 00000000 ____D () C:\ProgramData\TEMP 2014-09-04 16:51 - 2014-09-04 16:51 - 01994136 _____ (HQPureQual) C:\Users\PcUser\AppData\Roaming\KWHF.exe 2014-09-04 16:51 - 2014-09-04 16:51 - 00001246 _____ () C:\Windows\Tasks\KWHF.job 2014-09-04 16:51 - 2014-09-04 16:51 - 00000000 ____D () C:\Program Files (x86)\Probit Software 2014-09-04 16:50 - 2014-09-05 08:05 - 00000529 _____ () C:\END 2014-09-04 16:50 - 2014-09-04 16:51 - 00000000 ____D () C:\Program Files\005 2014-09-04 16:34 - 2014-09-04 16:34 - 00000000 _____ () C:\LIL4A39.tmp 2014-09-04 16:34 - 2014-09-04 16:34 - 00000000 _____ () C:\LIL4A0A.tmp 2014-09-04 16:34 - 2014-09-04 16:34 - 00000000 _____ () C:\LIL49DB.tmp 2014-09-04 16:33 - 2014-09-04 16:33 - 00000000 ____D () C:\33cb8ceb-6e1a-4e4c-9963-d32ad5205a76 2014-09-04 16:27 - 2014-09-04 16:27 - 00144760 _____ (Premium Installer ) C:\Users\PcUser\Downloads\javaupdate_setup.exe 2014-09-04 16:16 - 2014-09-04 16:16 - 00244400 _____ () C:\Users\PcUser\Downloads\Firefox Setup Stub 32.0.exe 2014-09-04 16:07 - 2014-09-08 14:18 - 00000000 ___HD () C:\Windows\msdownld.tmp 2014-09-04 16:01 - 2014-09-07 16:01 - 00000376 _____ () C:\Windows\Tasks\APSnotifierPP3.job 2014-09-04 16:01 - 2014-09-04 16:21 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP1.job 2014-09-04 16:01 - 2014-09-04 16:08 - 00000376 _____ () C:\Windows\Tasks\APSnotifierPP2.job 2014-09-04 16:01 - 2014-09-04 16:01 - 00002832 _____ () C:\Windows\System32\Tasks\APSnotifierPP1 2014-09-04 16:01 - 2014-09-04 16:01 - 00002830 _____ () C:\Windows\System32\Tasks\APSnotifierPP3 2014-09-04 16:01 - 2014-09-04 16:01 - 00002830 _____ () C:\Windows\System32\Tasks\APSnotifierPP2 2014-09-04 16:00 - 2014-09-04 16:00 - 00575544 _____ (ClickMeIn Limited) C:\Users\PcUser\AppData\Local\nsrAD00.tmp 2014-09-04 07:27 - 2014-09-04 07:27 - 00000000 ____D () C:\Users\PcUser\AppData\Local\com 2014-09-04 07:24 - 2014-09-09 07:59 - 00000000 ____D () C:\Users\PcUser\AppData\Roaming\Activeris 2014-09-04 07:20 - 2014-09-04 07:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InetStat 2014-09-03 19:45 - 2014-09-05 08:05 - 00001889 _____ () C:\Users\PcUser\Desktop\Search.lnk 2014-09-03 19:44 - 2014-09-18 18:16 - 00000000 ___HD () C:\Users\Public\Temp 2014-09-03 19:44 - 2014-09-06 10:48 - 00000000 ____D () C:\Users\PcUser\AppData\Local\Smartbar 2014-09-03 19:43 - 2014-09-06 20:50 - 00000000 ____D () C:\Program Files (x86)\globalUpdate 2014-09-03 19:43 - 2014-09-06 10:21 - 00000000 ____D () C:\Program Files (x86)\videos MediaPlayer+ 2014-09-03 19:42 - 2014-09-03 19:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PepperZip 2014-09-03 19:42 - 2014-09-02 14:11 - 04823040 _____ () C:\Windows\score.exe 2014-09-03 19:29 - 2014-09-03 19:29 - 00936136 _____ () C:\Windows\Minidump\090314-14008-01.dmp 2014-09-03 15:46 - 2014-09-09 08:12 - 00000000 ____D () C:\Program Files (x86)\PC Speed Maximizer 2014-09-03 15:46 - 2014-09-03 15:46 - 00000000 ____D () C:\Users\PcUser\Documents\PC Speed Maximizer 2014-09-03 15:43 - 2014-09-06 10:39 - 00000000 ____D () C:\ProgramData\SaveClicker 2014-09-03 15:43 - 2014-09-06 10:33 - 00000000 ____D () C:\ProgramData\4ef04fb202130dcc 2014-09-03 15:43 - 2014-09-03 15:43 - 00000000 ____D () C:\Users\PcUser\AppData\Local\Torch 2014-09-03 15:43 - 2014-09-03 15:43 - 00000000 ____D () C:\Users\PcUser\AppData\Local\Google 2014-09-03 15:43 - 2014-09-03 15:43 - 00000000 ____D () C:\Users\PcUser\AppData\Local\Comodo 2014-09-03 15:43 - 2014-09-03 15:43 - 00000000 ____D () C:\Users\PcUser\AppData\Local\Chromatic Browser 2014-09-03 15:43 - 2014-09-03 15:43 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Torch 2014-09-03 15:43 - 2014-09-03 15:43 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google 2014-09-03 15:43 - 2014-09-03 15:43 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo 2014-09-03 15:43 - 2014-09-03 15:43 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Chromatic Browser 2014-09-03 15:42 - 2014-09-03 15:42 - 00000000 ____D () C:\Users\PcUser\AppData\Local\globalUpdate 2014-09-03 15:42 - 2014-09-03 15:42 - 00000000 ____D () C:\ProgramData\IePluginServices 2014-09-03 15:41 - 2014-09-06 10:49 - 00000000 ____D () C:\Users\PcUser\AppData\Roaming\istartsurf 2014-09-03 15:41 - 2014-09-06 10:19 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect 2014-09-03 15:41 - 2014-09-03 15:42 - 00000000 ____D () C:\Program Files (x86)\SupTab 2014-09-03 15:19 - 2014-09-03 02:49 - 00061072 _____ (StdLib) C:\Windows\system32\Drivers\{c5e48979-bd7f-4cf7-9b73-2482a67a4f37}Gw64.sys 2014-09-03 15:18 - 2014-09-06 10:26 - 00000000 ____D () C:\Users\PcUser\AppData\Local\fabulous_09031318 2014-09-03 13:31 - 2014-09-06 10:16 - 00000000 ____D () C:\ProgramData\Registry Helper 2014-09-03 13:31 - 2014-09-03 13:31 - 00575544 _____ (ClickMeIn Limited) C:\Users\PcUser\AppData\Local\nsrAFFC.tmp 2014-09-03 13:31 - 2014-09-03 13:31 - 00000318 _____ () C:\Users\PcUser\AppData\Roaming\aps.uninstall.scan.results 2014-09-03 13:30 - 2014-09-05 08:05 - 00000000 ____D () C:\ProgramData\DSearchLink 2014-09-03 13:27 - 2014-09-08 09:41 - 00000000 ____D () C:\Users\PcUser\AppData\Roaming\Systweak 2014-09-03 13:27 - 2014-09-03 13:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro 2014-09-03 13:27 - 2014-05-08 12:31 - 00019968 _____ (Activeris) C:\Windows\system32\roboot64.exe 2014-09-03 13:20 - 2014-09-03 13:20 - 00000000 ____D () C:\Users\PcUser\Documents\Optimizer Pro 2014-09-03 13:14 - 2014-09-05 08:15 - 00000000 ____D () C:\Program Files (x86)\FLVM Player 2014-09-02 17:06 - 2014-09-11 11:02 - 00000000 ____D () C:\Users\PcUser\AppData\Roaming\QuickScan 2014-09-02 17:06 - 2014-09-02 17:06 - 00000000 ____D () C:\Users\PcUser\AppData\Local\CrashRpt 2014-09-02 17:04 - 2014-09-02 17:04 - 00073728 _____ ( ) C:\Users\PcUser\Desktop\guiformat.exe 2014-09-01 10:18 - 2014-09-01 10:18 - 00001248 _____ () C:\Users\PcUser\AppData\Roaming\KWHF 2014-09-01 08:38 - 2014-09-01 08:38 - 00000000 ____D () C:\Users\PcUser\AppData\Local\Adobe 2014-08-29 12:59 - 2014-08-29 12:59 - 02073521 _____ (Auerswald) C:\Users\PcUser\Downloads\Install.exe 2014-08-28 07:47 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2014-08-28 07:47 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2014-08-28 07:47 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-08-27 15:59 - 2014-08-27 16:00 - 01068280 _____ () C:\Windows\Minidump\082714-24024-01.dmp ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-20 10:12 - 2014-09-19 17:05 - 00016387 _____ () C:\Users\PcUser\Desktop\FRST.txt 2014-09-20 10:12 - 2014-09-19 17:05 - 00000000 ____D () C:\FRST 2014-09-20 10:12 - 2014-09-11 11:01 - 00000374 _____ () C:\Windows\Tasks\AmiUpdXp.job 2014-09-20 10:10 - 2014-09-11 11:00 - 00000000 ____D () C:\Program Files (x86)\PC Speed Up 2014-09-20 10:10 - 2014-09-09 08:17 - 00003260 _____ () C:\Windows\System32\Tasks\PC Speed Maximizer Schedule 2014-09-20 10:10 - 2014-09-09 08:13 - 00000000 ____D () C:\Users\PcUser\AppData\Local\Gameo 2014-09-20 10:10 - 2014-06-05 16:01 - 01117506 _____ () C:\Windows\WindowsUpdate.log 2014-09-20 10:10 - 2013-09-12 10:48 - 00029679 _____ () C:\Windows\setupact.log 2014-09-20 10:10 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-09-20 10:09 - 2014-09-20 10:09 - 00025708 _____ () C:\Users\PcUser\Desktop\Addition.txt 2014-09-20 09:49 - 2009-07-14 06:45 - 00032352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-09-20 09:49 - 2009-07-14 06:45 - 00032352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-09-20 09:47 - 2011-04-12 09:43 - 00699092 _____ () C:\Windows\system32\perfh007.dat 2014-09-20 09:47 - 2011-04-12 09:43 - 00149232 _____ () C:\Windows\system32\perfc007.dat 2014-09-20 09:47 - 2009-07-14 07:13 - 01619284 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-09-20 09:42 - 2013-09-12 08:36 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-09-20 08:46 - 2014-06-05 18:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-09-20 08:22 - 2014-09-04 16:56 - 00000000 ____D () C:\Program Files\AllDaySavings 2014-09-20 08:14 - 2014-09-09 08:13 - 00003754 _____ () C:\Windows\System32\Tasks\DriverRestore_ScheduledScan 2014-09-20 08:14 - 2014-09-09 08:13 - 00003600 _____ () C:\Windows\System32\Tasks\DriverRestore_DailyScan 2014-09-20 08:14 - 2014-09-09 08:12 - 00000000 ____D () C:\Program Files (x86)\DriverRestore 2014-09-19 19:37 - 2014-09-11 11:00 - 00000344 _____ () C:\Windows\Tasks\PC SpeedUp Service Deactivator.job 2014-09-19 19:12 - 2014-09-19 19:12 - 00001271 _____ () C:\Users\PcUser\Desktop\Revo Uninstaller.lnk 2014-09-19 19:12 - 2014-09-19 19:12 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2014-09-19 19:11 - 2014-09-19 19:11 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\PcUser\Desktop\revosetup95.exe 2014-09-19 19:00 - 2014-09-19 19:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-09-19 19:00 - 2014-09-19 17:05 - 00066173 _____ () C:\Users\PcUser\Desktop\FRST_.txt 2014-09-19 19:00 - 2014-09-19 17:05 - 00024188 _____ () C:\Users\PcUser\Desktop\Addition_.txt 2014-09-19 17:26 - 2014-09-19 16:57 - 00000333 _____ () C:\Users\PcUser\Desktop\mal.txt 2014-09-19 17:14 - 2014-09-19 17:14 - 00709564 _____ () C:\Users\PcUser\Desktop\delfix_10.8.exe 2014-09-19 17:13 - 2014-09-19 17:13 - 02347384 _____ (ESET) C:\Users\PcUser\Desktop\esetsmartinstaller_deu.exe 2014-09-19 17:13 - 2014-09-19 17:13 - 00448512 _____ (OldTimer Tools) C:\Users\PcUser\Desktop\TFC.exe 2014-09-19 17:12 - 2014-09-19 17:12 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\PcUser\Desktop\mbam-setup-2.0.2.1012.exe 2014-09-19 17:09 - 2014-09-19 17:09 - 01373475 _____ () C:\Users\PcUser\Desktop\AdwCleaner_3.310.exe 2014-09-19 17:04 - 2014-09-19 17:04 - 02105856 _____ (Farbar) C:\Users\PcUser\Desktop\FRST64.exe 2014-09-19 16:52 - 2014-09-19 16:52 - 00000000 ____D () C:\Users\PcUser\Desktop\Alte Browser7-Daten 2014-09-18 18:16 - 2014-09-03 19:44 - 00000000 ___HD () C:\Users\Public\Temp 2014-09-18 07:56 - 2013-09-12 08:35 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2014-09-18 07:56 - 2013-09-12 08:35 - 00002026 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk 2014-09-18 07:56 - 2013-09-12 08:35 - 00000000 ____D () C:\ProgramData\Adobe 2014-09-18 07:54 - 2014-06-05 17:32 - 00000000 ____D () C:\Users\PcUser\AppData\Roaming\Adobe 2014-09-15 14:12 - 2014-06-10 09:56 - 00000000 ____D () C:\Users\PcUser\Documents\Loewe 2014-09-15 12:44 - 2014-07-07 13:17 - 00001099 _____ () C:\Users\PcUser\AppData\Roaming\ShiftN.ini 2014-09-14 07:56 - 2014-09-14 07:56 - 01651552 _____ () C:\Windows\Minidump\091414-19156-01.dmp 2014-09-14 07:56 - 2014-06-11 17:27 - 4161772523 _____ () C:\Windows\MEMORY.DMP 2014-09-14 07:56 - 2014-06-11 17:27 - 00000000 ____D () C:\Windows\Minidump 2014-09-13 07:51 - 2014-06-06 11:08 - 00000000 ____D () C:\Program Files (x86)\Browser 7 Maintenance Service 2014-09-11 11:02 - 2014-09-02 17:06 - 00000000 ____D () C:\Users\PcUser\AppData\Roaming\QuickScan 2014-09-11 11:01 - 2014-09-11 11:01 - 00003420 _____ () C:\Windows\System32\Tasks\AmiUpdXp 2014-09-11 11:01 - 2014-09-11 11:01 - 00000000 ____D () C:\Users\PcUser\Documents\PCSpeedUp 2014-09-11 11:01 - 2014-09-11 11:01 - 00000000 ____D () C:\Users\PcUser\AppData\Local\20777 2014-09-11 11:00 - 2014-09-11 11:00 - 00002724 _____ () C:\Windows\System32\Tasks\PC SpeedUp Service Deactivator 2014-09-11 11:00 - 2014-09-11 11:00 - 00001055 _____ () C:\Users\PcUser\Desktop\PC Speed Up.lnk 2014-09-11 11:00 - 2014-09-11 11:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Speed Up 2014-09-11 09:51 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache 2014-09-11 08:42 - 2014-09-11 08:42 - 10036224 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe 2014-09-11 08:42 - 2013-09-12 08:36 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-09-11 08:42 - 2013-09-12 08:36 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-09-11 08:42 - 2013-09-12 08:36 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-09-10 18:46 - 2013-09-12 09:33 - 01592628 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2014-09-10 18:45 - 2014-06-06 13:07 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-09-10 08:18 - 2014-06-06 11:28 - 00000000 ____D () C:\Windows\system32\MRT 2014-09-10 08:17 - 2014-06-06 11:28 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-09-09 08:21 - 2010-11-21 05:47 - 00037824 _____ () C:\Windows\PFRO.log 2014-09-09 08:17 - 2014-09-09 08:17 - 00000000 ____D () C:\Users\PcUser\AppData\Roaming\SumatraPDF 2014-09-09 08:17 - 2014-09-09 08:17 - 00000000 ____D () C:\Users\PcUser\AppData\Roaming\PC Speed Maximizer 2014-09-09 08:13 - 2014-09-09 08:13 - 00001928 _____ () C:\Users\PcUser\Desktop\Play Goodgame Empire.lnk 2014-09-09 08:13 - 2014-09-09 08:13 - 00001805 _____ () C:\Users\PcUser\Desktop\Gameo.lnk 2014-09-09 08:13 - 2014-09-09 08:13 - 00001791 _____ () C:\Users\PcUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gameo.lnk 2014-09-09 08:13 - 2014-09-09 08:13 - 00000173 _____ () C:\Users\PcUser\Desktop\Play Games Online.url 2014-09-09 08:13 - 2014-09-09 08:13 - 00000173 _____ () C:\Users\PcUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Play Games Online.url 2014-09-09 08:13 - 2014-09-09 08:13 - 00000000 ___HD () C:\Users\PcUser\AppData\Roaming\GoldenGate 2014-09-09 08:13 - 2014-09-09 08:13 - 00000000 ____D () C:\Users\PcUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gameo 2014-09-09 08:13 - 2014-09-09 08:13 - 00000000 ____D () C:\Users\PcUser\AppData\Roaming\Gameo 2014-09-09 08:13 - 2014-09-09 08:13 - 00000000 ____D () C:\Users\PcUser\AppData\Roaming\0C1I1L1R1J0C1F1G1G1P1R2Z 2014-09-09 08:12 - 2014-09-09 08:12 - 00001124 _____ () C:\Users\PcUser\Desktop\PC Speed Maximizer.lnk 2014-09-09 08:12 - 2014-09-09 08:12 - 00001074 _____ () C:\Users\Public\Desktop\DriverRestore.lnk 2014-09-09 08:12 - 2014-09-09 08:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Speed Maximizer 2014-09-09 08:12 - 2014-09-09 08:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverRestore 2014-09-09 08:12 - 2014-09-03 15:46 - 00000000 ____D () C:\Program Files (x86)\PC Speed Maximizer 2014-09-09 08:00 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared 2014-09-09 07:59 - 2014-09-09 07:40 - 00000000 ____D () C:\Users\PcUser\AppData\Local\Genesis_09090540 2014-09-09 07:59 - 2014-09-04 07:24 - 00000000 ____D () C:\Users\PcUser\AppData\Roaming\Activeris 2014-09-09 07:47 - 2014-09-09 07:47 - 00853960 _____ (Reimage®) C:\Users\PcUser\Downloads\ReimageRepair.exe 2014-09-09 07:47 - 2014-09-09 07:47 - 00853960 _____ (Reimage®) C:\Users\PcUser\Downloads\ReimageRepair(1).exe 2014-09-09 07:41 - 2014-09-09 07:41 - 00004032 _____ () C:\Windows\System32\Tasks\LaunchSignup 2014-09-09 07:41 - 2014-09-09 07:41 - 00001976 _____ () C:\Users\PcUser\Desktop\Sync Folder.lnk 2014-09-09 07:40 - 2014-09-09 07:40 - 00001094 _____ () C:\Users\PcUser\Desktop\MyPC Backup.lnk 2014-09-09 07:40 - 2014-09-09 07:40 - 00000000 ____D () C:\Users\PcUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup 2014-09-09 07:40 - 2014-09-09 07:40 - 00000000 ____D () C:\Program Files (x86)\MyPC Backup 2014-09-09 07:39 - 2014-09-09 07:39 - 01255552 _____ () C:\Users\PcUser\Downloads\Setup(1).exe 2014-09-09 07:38 - 2014-09-09 07:37 - 01255552 _____ () C:\Users\PcUser\Downloads\Setup.exe 2014-09-08 14:18 - 2014-09-04 16:07 - 00000000 ___HD () C:\Windows\msdownld.tmp 2014-09-08 14:18 - 2014-06-06 11:59 - 00037103 _____ () C:\Windows\IE11_main.log 2014-09-08 13:32 - 2014-06-05 17:32 - 00063776 _____ () C:\Users\PcUser\AppData\Local\GDIPFONTCACHEV1.DAT 2014-09-08 13:32 - 2009-07-14 06:45 - 00287824 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-09-08 13:28 - 2014-09-08 13:28 - 00003154 _____ () C:\Windows\System32\Tasks\{405D3FA4-397D-4A16-9D21-7494A877FA1E} 2014-09-08 13:20 - 2014-06-06 11:08 - 00001339 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Browser 7 der Telekom.lnk 2014-09-08 13:20 - 2014-06-06 11:08 - 00001327 _____ () C:\Users\Public\Desktop\Browser 7 der Telekom.lnk 2014-09-08 13:19 - 2014-09-08 13:19 - 29689728 _____ (Deutsche Telekom AG) C:\Users\PcUser\Downloads\browser7-latest.exe 2014-09-08 11:33 - 2014-09-08 11:33 - 00718848 _____ ( ) C:\Users\PcUser\Downloads\IDM2-Win-EN.exe 2014-09-08 11:33 - 2014-09-08 11:33 - 00000000 ____D () C:\MININT 2014-09-08 11:33 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Resources 2014-09-08 09:56 - 2014-09-07 11:19 - 00000000 ____D () C:\Program Files\Reimage 2014-09-08 09:41 - 2014-09-08 09:41 - 00003328 _____ () C:\Windows\System32\Tasks\ASP 2014-09-08 09:41 - 2014-09-03 13:27 - 00000000 ____D () C:\Users\PcUser\AppData\Roaming\Systweak 2014-09-07 16:01 - 2014-09-04 16:01 - 00000376 _____ () C:\Windows\Tasks\APSnotifierPP3.job 2014-09-07 11:19 - 2014-09-06 15:00 - 00000000 ____D () C:\Program Files (x86)\ReimageExpress.com 2014-09-07 10:59 - 2014-09-07 10:59 - 00000000 ____D () C:\Users\PcUser\AppData\Roaming\DriverFinder 2014-09-07 08:42 - 2014-09-06 10:47 - 00001224 _____ () C:\Users\PcUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-09-07 08:42 - 2014-06-05 18:19 - 00001880 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-09-07 08:42 - 2014-06-05 18:19 - 00001868 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-09-06 20:50 - 2014-09-03 19:43 - 00000000 ____D () C:\Program Files (x86)\globalUpdate 2014-09-06 16:35 - 2014-09-06 16:35 - 00000000 ____D () C:\ProgramData\Telekom-Browser 7 2014-09-06 16:35 - 2014-06-06 11:08 - 00000000 ____D () C:\Users\PcUser\AppData\Roaming\Deutsche Telekom AG 2014-09-06 15:44 - 2014-09-06 15:44 - 00362592 _____ (Deutsche Telekom AG) C:\Users\PcUser\Downloads\browser7_setup.exe 2014-09-06 15:03 - 2014-06-07 15:37 - 00000000 ____D () C:\Windows\system32\appmgmt 2014-09-06 14:55 - 2014-09-05 08:05 - 00000000 ____D () C:\Program Files (x86)\Bench 2014-09-06 14:50 - 2013-09-12 08:33 - 00002051 _____ () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-09-06 14:50 - 2013-09-12 08:33 - 00002051 _____ () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-09-06 14:48 - 2014-09-04 16:55 - 00000000 ____D () C:\Program Files (x86)\CDC27E14-F7CE-431E-BBE0-76C7592FBEF6 2014-09-06 14:46 - 2014-09-06 14:45 - 00000000 ____D () C:\Program Files (x86)\Reimageplus.com 2014-09-06 11:03 - 2014-09-05 08:05 - 00000003 _____ () C:\Users\PcUser\AppData\Local\proxy.log 2014-09-06 11:01 - 2009-07-14 04:34 - 00000505 _____ () C:\Windows\win.ini 2014-09-06 10:49 - 2014-09-03 15:41 - 00000000 ____D () C:\Users\PcUser\AppData\Roaming\istartsurf 2014-09-06 10:48 - 2014-09-03 19:44 - 00000000 ____D () C:\Users\PcUser\AppData\Local\Smartbar 2014-09-06 10:45 - 2014-09-06 10:45 - 00000000 ____D () C:\ProgramData\374311380 2014-09-06 10:39 - 2014-09-03 15:43 - 00000000 ____D () C:\ProgramData\SaveClicker 2014-09-06 10:33 - 2014-09-06 10:33 - 00000000 ____D () C:\Program Files (x86)\SaveClicker 2014-09-06 10:33 - 2014-09-03 15:43 - 00000000 ____D () C:\ProgramData\4ef04fb202130dcc 2014-09-06 10:26 - 2014-09-06 10:26 - 00000000 ____D () C:\Program Files (x86)\predm 2014-09-06 10:26 - 2014-09-03 15:18 - 00000000 ____D () C:\Users\PcUser\AppData\Local\fabulous_09031318 2014-09-06 10:21 - 2014-09-03 19:43 - 00000000 ____D () C:\Program Files (x86)\videos MediaPlayer+ 2014-09-06 10:19 - 2014-09-03 15:41 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect 2014-09-06 10:16 - 2014-09-03 13:31 - 00000000 ____D () C:\ProgramData\Registry Helper 2014-09-06 07:53 - 2014-09-06 07:53 - 00000464 _____ () C:\Windows\system32\ScannerSettings 2014-09-05 12:26 - 2014-09-05 12:26 - 00000000 ____D () C:\Users\PcUser\AppData\Local\speed browser 2014-09-05 12:25 - 2014-09-05 12:25 - 01482656 _____ () C:\ProgramData\Setup.exe 2014-09-05 12:25 - 2014-09-05 12:25 - 00000000 ____D () C:\ProgramData\Browser 2014-09-05 08:48 - 2014-09-05 08:48 - 00000000 ____D () C:\TVWizard 2014-09-05 08:15 - 2014-09-03 13:14 - 00000000 ____D () C:\Program Files (x86)\FLVM Player 2014-09-05 08:05 - 2014-09-05 08:05 - 00000000 ____D () C:\Users\PcUser\AppData\Roaming\rightbackup 2014-09-05 08:05 - 2014-09-04 16:50 - 00000529 _____ () C:\END 2014-09-05 08:05 - 2014-09-03 19:45 - 00001889 _____ () C:\Users\PcUser\Desktop\Search.lnk 2014-09-05 08:05 - 2014-09-03 13:30 - 00000000 ____D () C:\ProgramData\DSearchLink 2014-09-05 08:03 - 2014-09-04 16:56 - 00000000 ____D () C:\Users\PcUser\AppData\Roaming\Probit Software 2014-09-05 04:10 - 2014-09-10 14:55 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-09-05 04:05 - 2014-09-10 14:55 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-09-04 19:53 - 2014-09-05 08:26 - 00061064 _____ (StdLib) C:\Windows\system32\Drivers\{e6ca9971-30ed-444a-9489-82fca50b2062}Gw64.sys 2014-09-04 17:34 - 2014-09-04 17:34 - 00000044 _____ () C:\Users\PcUser\AppData\Roaming\WB.CFG 2014-09-04 16:55 - 2014-09-04 16:55 - 00000000 ____D () C:\ProgramData\TEMP 2014-09-04 16:51 - 2014-09-04 16:51 - 01994136 _____ (HQPureQual) C:\Users\PcUser\AppData\Roaming\KWHF.exe 2014-09-04 16:51 - 2014-09-04 16:51 - 00001246 _____ () C:\Windows\Tasks\KWHF.job 2014-09-04 16:51 - 2014-09-04 16:51 - 00000000 ____D () C:\Program Files (x86)\Probit Software 2014-09-04 16:51 - 2014-09-04 16:50 - 00000000 ____D () C:\Program Files\005 2014-09-04 16:34 - 2014-09-04 16:34 - 00000000 _____ () C:\LIL4A39.tmp 2014-09-04 16:34 - 2014-09-04 16:34 - 00000000 _____ () C:\LIL4A0A.tmp 2014-09-04 16:34 - 2014-09-04 16:34 - 00000000 _____ () C:\LIL49DB.tmp 2014-09-04 16:33 - 2014-09-04 16:33 - 00000000 ____D () C:\33cb8ceb-6e1a-4e4c-9963-d32ad5205a76 2014-09-04 16:27 - 2014-09-04 16:27 - 00144760 _____ (Premium Installer ) C:\Users\PcUser\Downloads\javaupdate_setup.exe 2014-09-04 16:21 - 2014-09-04 16:01 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP1.job 2014-09-04 16:16 - 2014-09-04 16:16 - 00244400 _____ () C:\Users\PcUser\Downloads\Firefox Setup Stub 32.0.exe 2014-09-04 16:08 - 2014-09-04 16:01 - 00000376 _____ () C:\Windows\Tasks\APSnotifierPP2.job 2014-09-04 16:01 - 2014-09-04 16:01 - 00002832 _____ () C:\Windows\System32\Tasks\APSnotifierPP1 2014-09-04 16:01 - 2014-09-04 16:01 - 00002830 _____ () C:\Windows\System32\Tasks\APSnotifierPP3 2014-09-04 16:01 - 2014-09-04 16:01 - 00002830 _____ () C:\Windows\System32\Tasks\APSnotifierPP2 2014-09-04 16:00 - 2014-09-04 16:00 - 00575544 _____ (ClickMeIn Limited) C:\Users\PcUser\AppData\Local\nsrAD00.tmp 2014-09-04 07:27 - 2014-09-04 07:27 - 00000000 ____D () C:\Users\PcUser\AppData\Local\com 2014-09-04 07:25 - 2014-06-05 18:20 - 00000000 ____D () C:\Users\PcUser\AppData\Roaming\Mozilla 2014-09-04 07:20 - 2014-09-04 07:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InetStat 2014-09-03 19:42 - 2014-09-03 19:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PepperZip 2014-09-03 19:29 - 2014-09-03 19:29 - 00936136 _____ () C:\Windows\Minidump\090314-14008-01.dmp 2014-09-03 15:46 - 2014-09-03 15:46 - 00000000 ____D () C:\Users\PcUser\Documents\PC Speed Maximizer 2014-09-03 15:43 - 2014-09-03 15:43 - 00000000 ____D () C:\Users\PcUser\AppData\Local\Torch 2014-09-03 15:43 - 2014-09-03 15:43 - 00000000 ____D () C:\Users\PcUser\AppData\Local\Google 2014-09-03 15:43 - 2014-09-03 15:43 - 00000000 ____D () C:\Users\PcUser\AppData\Local\Comodo 2014-09-03 15:43 - 2014-09-03 15:43 - 00000000 ____D () C:\Users\PcUser\AppData\Local\Chromatic Browser 2014-09-03 15:43 - 2014-09-03 15:43 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Torch 2014-09-03 15:43 - 2014-09-03 15:43 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google 2014-09-03 15:43 - 2014-09-03 15:43 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo 2014-09-03 15:43 - 2014-09-03 15:43 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Chromatic Browser 2014-09-03 15:42 - 2014-09-03 15:42 - 00000000 ____D () C:\Users\PcUser\AppData\Local\globalUpdate 2014-09-03 15:42 - 2014-09-03 15:42 - 00000000 ____D () C:\ProgramData\IePluginServices 2014-09-03 15:42 - 2014-09-03 15:41 - 00000000 ____D () C:\Program Files (x86)\SupTab 2014-09-03 13:31 - 2014-09-03 13:31 - 00575544 _____ (ClickMeIn Limited) C:\Users\PcUser\AppData\Local\nsrAFFC.tmp 2014-09-03 13:31 - 2014-09-03 13:31 - 00000318 _____ () C:\Users\PcUser\AppData\Roaming\aps.uninstall.scan.results 2014-09-03 13:27 - 2014-09-03 13:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro 2014-09-03 13:20 - 2014-09-03 13:20 - 00000000 ____D () C:\Users\PcUser\Documents\Optimizer Pro 2014-09-03 02:49 - 2014-09-03 15:19 - 00061072 _____ (StdLib) C:\Windows\system32\Drivers\{c5e48979-bd7f-4cf7-9b73-2482a67a4f37}Gw64.sys 2014-09-02 17:06 - 2014-09-02 17:06 - 00000000 ____D () C:\Users\PcUser\AppData\Local\CrashRpt 2014-09-02 17:04 - 2014-09-02 17:04 - 00073728 _____ ( ) C:\Users\PcUser\Desktop\guiformat.exe 2014-09-02 14:11 - 2014-09-03 19:42 - 04823040 _____ () C:\Windows\score.exe 2014-09-02 10:05 - 2014-06-06 12:17 - 00000000 ____D () C:\It2001 2014-09-01 10:18 - 2014-09-01 10:18 - 00001248 _____ () C:\Users\PcUser\AppData\Roaming\KWHF 2014-09-01 08:38 - 2014-09-01 08:38 - 00000000 ____D () C:\Users\PcUser\AppData\Local\Adobe 2014-08-29 12:59 - 2014-08-29 12:59 - 02073521 _____ (Auerswald) C:\Users\PcUser\Downloads\Install.exe 2014-08-27 16:00 - 2014-08-27 15:59 - 01068280 _____ () C:\Windows\Minidump\082714-24024-01.dmp 2014-08-25 06:53 - 2010-11-21 05:27 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2014-08-23 04:07 - 2014-08-28 07:47 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2014-08-23 03:45 - 2014-08-28 07:47 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2014-08-23 02:59 - 2014-08-28 07:47 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys Files to move or delete: ==================== C:\ProgramData\Setup.exe Some content of TEMP: ==================== C:\Users\PcUser\AppData\Local\Temp\294823_.exe C:\Users\PcUser\AppData\Local\Temp\332023.exe.exe C:\Users\PcUser\AppData\Local\Temp\510_obw_webssearches11-6.exe C:\Users\PcUser\AppData\Local\Temp\AllDaySavings.exe C:\Users\PcUser\AppData\Local\Temp\BackupSetup.exe C:\Users\PcUser\AppData\Local\Temp\CloudBackup593.exe C:\Users\PcUser\AppData\Local\Temp\DRHelper_installFinish.exe C:\Users\PcUser\AppData\Local\Temp\DRHelper_installStart.exe C:\Users\PcUser\AppData\Local\Temp\ICSW_0C1I1L1R1J0C1F1G1G1P1R2Z.exe C:\Users\PcUser\AppData\Local\Temp\ins6F36.tmp.exe C:\Users\PcUser\AppData\Local\Temp\Launcher.exe C:\Users\PcUser\AppData\Local\Temp\nsg58FE.tmp.exe C:\Users\PcUser\AppData\Local\Temp\OnlineBackup.exe C:\Users\PcUser\AppData\Local\Temp\optprosetup.exe C:\Users\PcUser\AppData\Local\Temp\post1.exe C:\Users\PcUser\AppData\Local\Temp\post2.dll C:\Users\PcUser\AppData\Local\Temp\post2.exe C:\Users\PcUser\AppData\Local\Temp\ReimageExpressPackage.exe C:\Users\PcUser\AppData\Local\Temp\ReimageExpressSetup.exe C:\Users\PcUser\AppData\Local\Temp\ReimagePackage.exe C:\Users\PcUser\AppData\Local\Temp\rt-installer.exe C:\Users\PcUser\AppData\Local\Temp\Shop2.exe C:\Users\PcUser\AppData\Local\Temp\Softonic_DE_1-5-11_DE-Production_10_CleanRelease.exe C:\Users\PcUser\AppData\Local\Temp\System.Data.SQLite.dll C:\Users\PcUser\AppData\Local\Temp\System.Data.SQLite10413.dll C:\Users\PcUser\AppData\Local\Temp\System.Data.SQLite10830.dll C:\Users\PcUser\AppData\Local\Temp\System.Data.SQLite10963.dll C:\Users\PcUser\AppData\Local\Temp\System.Data.SQLite11111.dll C:\Users\PcUser\AppData\Local\Temp\System.Data.SQLite11324.dll C:\Users\PcUser\AppData\Local\Temp\System.Data.SQLite11424.dll C:\Users\PcUser\AppData\Local\Temp\System.Data.SQLite12460.dll C:\Users\PcUser\AppData\Local\Temp\System.Data.SQLite13890.dll C:\Users\PcUser\AppData\Local\Temp\System.Data.SQLite19289.dll C:\Users\PcUser\AppData\Local\Temp\System.Data.SQLite19536.dll C:\Users\PcUser\AppData\Local\Temp\System.Data.SQLite20833.dll C:\Users\PcUser\AppData\Local\Temp\System.Data.SQLite21755.dll C:\Users\PcUser\AppData\Local\Temp\System.Data.SQLite22111.dll C:\Users\PcUser\AppData\Local\Temp\System.Data.SQLite22994.dll C:\Users\PcUser\AppData\Local\Temp\System.Data.SQLite23785.dll C:\Users\PcUser\AppData\Local\Temp\System.Data.SQLite27527.dll C:\Users\PcUser\AppData\Local\Temp\System.Data.SQLite27824.dll C:\Users\PcUser\AppData\Local\Temp\System.Data.SQLite29607.dll C:\Users\PcUser\AppData\Local\Temp\System.Data.SQLite29971.dll C:\Users\PcUser\AppData\Local\Temp\System.Data.SQLite36167.dll C:\Users\PcUser\AppData\Local\Temp\System.Data.SQLite37796.dll C:\Users\PcUser\AppData\Local\Temp\System.Data.SQLite38292.dll C:\Users\PcUser\AppData\Local\Temp\System.Data.SQLite49748.dll C:\Users\PcUser\AppData\Local\Temp\System.Data.SQLite52964.dll C:\Users\PcUser\AppData\Local\Temp\System.Data.SQLite54966.dll C:\Users\PcUser\AppData\Local\Temp\System.Data.SQLite56438.dll C:\Users\PcUser\AppData\Local\Temp\System.Data.SQLite57155.dll C:\Users\PcUser\AppData\Local\Temp\System.Data.SQLite59499.dll C:\Users\PcUser\AppData\Local\Temp\System.Data.SQLite60321.dll C:\Users\PcUser\AppData\Local\Temp\System.Data.SQLite61327.dll C:\Users\PcUser\AppData\Local\Temp\System.Data.SQLite62501.dll C:\Users\PcUser\AppData\Local\Temp\System.Data.SQLite62637.dll C:\Users\PcUser\AppData\Local\Temp\System.Data.SQLite62901.dll C:\Users\PcUser\AppData\Local\Temp\System.Data.SQLite64115.dll C:\Users\PcUser\AppData\Local\Temp\System.Data.SQLite65148.dll C:\Users\PcUser\AppData\Local\Temp\System.Data.SQLite66181.dll C:\Users\PcUser\AppData\Local\Temp\System.Data.SQLite74865.dll C:\Users\PcUser\AppData\Local\Temp\System.Data.SQLite76010.dll C:\Users\PcUser\AppData\Local\Temp\System.Data.SQLite77804.dll C:\Users\PcUser\AppData\Local\Temp\System.Data.SQLite78893.dll C:\Users\PcUser\AppData\Local\Temp\System.Data.SQLite81326.dll C:\Users\PcUser\AppData\Local\Temp\System.Data.SQLite82756.dll C:\Users\PcUser\AppData\Local\Temp\System.Data.SQLite84451.dll C:\Users\PcUser\AppData\Local\Temp\System.Data.SQLite86737.dll C:\Users\PcUser\AppData\Local\Temp\System.Data.SQLite86905.dll C:\Users\PcUser\AppData\Local\Temp\System.Data.SQLite87589.dll C:\Users\PcUser\AppData\Local\Temp\System.Data.SQLite89086.dll C:\Users\PcUser\AppData\Local\Temp\System.Data.SQLite89208.dll C:\Users\PcUser\AppData\Local\Temp\System.Data.SQLite90816.dll C:\Users\PcUser\AppData\Local\Temp\System.Data.SQLite91583.dll C:\Users\PcUser\AppData\Local\Temp\System.Data.SQLite91869.dll C:\Users\PcUser\AppData\Local\Temp\System.Data.SQLite94357.dll C:\Users\PcUser\AppData\Local\Temp\System.Data.SQLite94552.dll C:\Users\PcUser\AppData\Local\Temp\System.Data.SQLite94710.dll C:\Users\PcUser\AppData\Local\Temp\System.Data.SQLite94896.dll C:\Users\PcUser\AppData\Local\Temp\System.Data.SQLite97107.dll C:\Users\PcUser\AppData\Local\Temp\System.Data.SQLite97198.dll C:\Users\PcUser\AppData\Local\Temp\System.Data.SQLite98329.dll C:\Users\PcUser\AppData\Local\Temp\System.Data.SQLite99223.dll C:\Users\PcUser\AppData\Local\Temp\System.Data.SQLite99475.dll C:\Users\PcUser\AppData\Local\Temp\UpdateOMG.exe C:\Users\PcUser\AppData\Local\Temp\vcredist_x64.exe C:\Users\PcUser\AppData\Local\Temp\Vuupc_setup.exe C:\Users\PcUser\AppData\Local\Temp\WebsSearches_Installer_20140723.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-09-17 11:49 ==================== End Of Log ============================ --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- Addition: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-09-2014 Ran by PcUser at 2014-09-20 10:13:11 Running from C:\Users\PcUser\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.152 - Adobe Systems Incorporated) Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated) Adobe Reader XI (11.0.09) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated) Browser 7 der Telekom 31.0.20 (x86 de) (HKLM-x32\...\Browser 7 der Telekom 31.0.20 (x86 de)) (Version: 31.0.20 - Deutsche Telekom AG) Browser 7 Maintenance Service (HKLM-x32\...\Browser7MaintenanceService) (Version: 31.0.19 - Deutsche Telekom AG) DriverRestore (HKLM\...\DriverRestore) (Version: 1.0 - 383 Media, Inc.) Easy PDF Reader Packages (HKCU\...\Easy PDF Reader Packages) (Version: - ) <==== ATTENTION Gameo (HKCU\...\Gameo) (Version: 0.9.1 - Fried Cookie Software) InfoTip 2001 (HKLM-x32\...\It2001) (Version: - ) istartsurf uninstall (HKLM-x32\...\istartsurf uninstall) (Version: - istartsurf) <==== ATTENTION MAGIX Foto & Grafik Designer 9 (HKLM-x32\...\MX.{E84F54E0-4BC7-4C19-A969-D22574CDC118}) (Version: 9.1.2.28274 - MAGIX AG) MAGIX Foto & Grafik Designer 9 (Version: 9.1.2.28274 - MAGIX AG) Hidden MAGIX Web Designer MX Premium (HKLM-x32\...\MAGIX_{4D5A1C12-2F7B-4A67-B186-ECAE22EF4FCB}) (Version: 8.0.2.21761 - MAGIX AG) MAGIX Web Designer MX Premium (Version: 8.0.2.21761 - MAGIX AG) Hidden McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.) Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Mozilla Firefox 32.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 32.0.2 (x86 de)) (Version: 32.0.2 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 32.0 - Mozilla) MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) MyPC Backup (HKLM\...\MyPC Backup) (Version: - JDi Backup Ltd) <==== ATTENTION PC Speed Maximizer v3.2 (HKLM-x32\...\PC Speed Maximizer_is1) (Version: 3.2 - Smart PC Solutions) PC Speed Up (HKLM\...\PCSU-SL_is1) (Version: 3.6.6.0 - Speedchecker Limited) Photo & Graphic Designer 9 Update (Version: 9.2.8.32681 - MAGIX Software GmbH) Hidden PIKO Master Control V2.0 v1.2.2.38199 (HKLM-x32\...\PIKO Master Control V2.0_is1) (Version: 1.2.2.38199 - KOSTAL Solar Electric GmbH) Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group) simplitec simplicheck (HKLM-x32\...\{183D780B-28F9-41BA-A2CB-605F324A5781}) (Version: 1.3.10.0 - simplitec GmbH) Software Version Updater (HKLM-x32\...\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}) (Version: 1.1.3.8 - ) <==== ATTENTION Web Designer Premium MX Update (Version: 8.1.5.31094 - MAGIX AG) Hidden ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 07-09-2014 05:50:26 Windows Defender Checkpoint 08-09-2014 07:48:44 Advanced-System Protector 08-09-2014 08:06:10 Removed Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 08-09-2014 12:26:08 Removed Microsoft Silverlight 09-09-2014 06:00:18 Removed Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 10-09-2014 06:16:46 Windows Update 10-09-2014 16:44:55 Windows Update 17-09-2014 06:11:01 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 04:34 - 2014-09-08 11:33 - 00000867 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 d3oxij66pru1i3.cloudfront.net ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {2A4D46E6-8FE6-40DD-A3B5-AC8F8EE8F7D1} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION Task: {3DE0C654-65C3-4DC0-BA6A-ED7D570CC9D0} - System32\Tasks\ASP => C:\Program Files (x86)\Tuneup Pro\systweakasp.exe Task: {4E4AE86A-7632-4E08-9764-6584860DDA84} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION Task: {5E3F9F07-75C9-445E-A111-E0E250E7E9F5} - System32\Tasks\DriverRestore_ScheduledScan => C:\Program Files (x86)\DriverRestore\DriverRestore.exe [2014-07-15] () Task: {6C3EFE4C-FB27-4E5E-BA51-850E1178EDCB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-11] (Adobe Systems Incorporated) Task: {7929E22C-9E3E-461B-BA2F-D97C10256833} - \ReimageUpdater No Task File <==== ATTENTION Task: {A1820847-BBED-4884-B07D-3C10505F6329} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe [2014-09-03] (MyPC Backup) <==== ATTENTION Task: {C589CB52-199A-4B7F-B043-3CCFA7869176} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION Task: {CBB2E0FD-42FD-4E94-8195-0F713F4F7247} - System32\Tasks\DriverRestore_DailyScan => C:\Program Files (x86)\DriverRestore\DriverRestore.exe [2014-07-15] () Task: {D8511953-6640-4969-95BD-A56F00F64566} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe Task: {DF95028E-2707-4B06-9739-E3D7ECB40BFE} - System32\Tasks\PC Speed Maximizer Schedule => C:\Program Files (x86)\PC Speed Maximizer\SPMLauncher.exe [2014-04-28] (Smart PC Solutions) Task: {EEBE72F4-74A5-4C29-B771-ED972BB6F001} - System32\Tasks\AmiUpdXp => C:\Users\PcUser\AppData\Local\20777\a12408.exe [2014-09-11] () <==== ATTENTION Task: {FFEBAE56-E35C-444C-9303-D2354008698E} - System32\Tasks\PC SpeedUp Service Deactivator => C:\Program Files (x86)\PC Speed Up\PCSUSD.exe [2014-08-08] () <==== ATTENTION Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\AmiUpdXp.job => C:\Users\PcUser\AppData\Local\20777\a12408.exe <==== ATTENTION Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION Task: C:\Windows\Tasks\KWHF.job => C:\Users\PcUser\AppData\Roaming\KWHF.exe Task: C:\Windows\Tasks\PC SpeedUp Service Deactivator.job => C:\Program Files (x86)\PC Speed Up\PCSUSD.exe ==================== Loaded Modules (whitelisted) ============= 2014-09-11 11:00 - 2014-08-08 13:43 - 00430888 _____ () C:\Program Files (x86)\PC Speed Up\PCSUService.exe 2014-07-31 22:20 - 2014-07-31 22:20 - 00172544 _____ () C:\Program Files (x86)\CDC27E14-F7CE-431E-BBE0-76C7592FBEF6\etmajyzoqm64.exe 2014-07-31 22:20 - 2014-07-31 22:20 - 00110080 _____ () C:\Program Files (x86)\CDC27E14-F7CE-431E-BBE0-76C7592FBEF6\nfapi.dll 2014-07-31 22:20 - 2014-07-31 22:20 - 00456192 _____ () C:\Program Files (x86)\CDC27E14-F7CE-431E-BBE0-76C7592FBEF6\ProtocolFilters.dll 2014-08-21 12:33 - 2014-09-03 15:42 - 00106376 _____ () C:\Program Files (x86)\SupTab\WindowsSupportDll64.dll 2014-09-09 08:13 - 2014-08-25 19:28 - 41402880 _____ () C:\Users\PcUser\AppData\Roaming\Gameo\gameo.exe 2014-09-11 11:00 - 2014-08-08 13:43 - 00300840 _____ () C:\Program Files (x86)\PC Speed Up\PCSUNotifier.exe 2014-09-03 19:39 - 2014-09-03 19:39 - 00012288 _____ () C:\Program Files (x86)\MyPC Backup\GetText.dll 2014-09-03 19:34 - 2014-09-03 19:34 - 01102336 _____ () C:\Program Files (x86)\MyPC Backup\x64\System.Data.SQLite.dll 2014-08-21 12:32 - 2014-09-03 15:41 - 00733576 _____ () C:\Program Files (x86)\SupTab\HpUI.exe 2014-07-16 10:55 - 2014-07-16 10:55 - 00073216 _____ () C:\Program Files (x86)\SupTab\Loader64.exe 2014-07-16 11:16 - 2014-07-16 11:16 - 00064000 _____ () C:\Program Files (x86)\SupTab\Loader32.exe 2014-09-03 19:42 - 2014-09-02 14:11 - 04823040 _____ () C:\Windows\score.exe 2014-09-11 11:00 - 2014-08-08 13:43 - 00585600 _____ () C:\Program Files (x86)\PC Speed Up\sqlite3.dll 2014-08-21 12:33 - 2014-09-03 15:42 - 00023944 _____ () C:\Program Files (x86)\SupTab\WindowsSupportDll32.dll 2014-09-11 11:00 - 2014-08-08 13:43 - 00348456 _____ () C:\Program Files (x86)\PC Speed Up\PopupNotification.dll 2014-09-09 08:13 - 2014-08-25 19:28 - 00900096 _____ () C:\Users\PcUser\AppData\Roaming\Gameo\libglesv2.dll 2014-09-09 08:13 - 2014-08-25 19:28 - 00102400 _____ () C:\Users\PcUser\AppData\Roaming\Gameo\libegl.dll 2014-09-09 08:13 - 2014-08-25 19:28 - 00882176 _____ () C:\Users\PcUser\AppData\Roaming\Gameo\ffmpegsumo.dll 2014-09-20 10:10 - 2014-09-20 10:10 - 00271872 _____ () C:\Users\PcUser\AppData\Local\Temp\nw1072_27683\node_modules\gameo_utils\Build\Release\gameo_utils_node.node 2014-09-20 10:10 - 2014-09-20 10:10 - 00095232 _____ () C:\Users\PcUser\AppData\Local\Temp\nw1072_27683\node_modules\gameo_utils\Build\Release\gameo_utils.dll 2014-09-20 10:10 - 2014-09-20 10:10 - 00074752 _____ () C:\Users\PcUser\AppData\Local\Temp\nw1072_27683\node_modules\goldengate\build\Release\gg.node 2014-09-20 10:10 - 2014-09-20 10:10 - 00402432 _____ () C:\Users\PcUser\AppData\Local\Temp\nw1072_27683\node_modules\goldengate\build\Release\GOLDENGATE.dll 2014-09-20 10:10 - 2014-09-20 10:10 - 16340144 _____ () C:\Users\PcUser\AppData\Local\Temp\nw1072_27683\plugins\NPSWF32_13_0_0_168.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ==================== Faulty Device Manager Devices ============= Name: ttnfd Description: ttnfd Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: ttnfd Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: Teredo Tunneling Pseudo-Interface Description: Microsoft-Teredo-Tunneling-Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (09/20/2014 10:12:29 AM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT-AUTORITÄT) Description: Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine Ereignisse übermittelt werden. Error: (09/20/2014 09:43:23 AM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT-AUTORITÄT) Description: Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine Ereignisse übermittelt werden. Error: (09/20/2014 07:55:12 AM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT-AUTORITÄT) Description: Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine Ereignisse übermittelt werden. Error: (09/19/2014 05:13:14 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (09/19/2014 05:13:07 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (09/19/2014 04:49:21 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 31.0.0.5358, Zeitstempel: 0x540837e7 Name des fehlerhaften Moduls: NPSWF32_15_0_0_152.dll, Version: 15.0.0.152, Zeitstempel: 0x53fe8213 Ausnahmecode: 0x80000003 Fehleroffset: 0x00357aad ID des fehlerhaften Prozesses: 0x13dc Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0 Pfad der fehlerhaften Anwendung: plugin-container.exe1 Pfad des fehlerhaften Moduls: plugin-container.exe2 Berichtskennung: plugin-container.exe3 Error: (09/19/2014 04:48:38 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 31.0.0.5358, Zeitstempel: 0x540837e7 Name des fehlerhaften Moduls: NPSWF32_15_0_0_152.dll, Version: 15.0.0.152, Zeitstempel: 0x53fe8213 Ausnahmecode: 0x80000003 Fehleroffset: 0x00357aad ID des fehlerhaften Prozesses: 0xbb8 Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0 Pfad der fehlerhaften Anwendung: plugin-container.exe1 Pfad des fehlerhaften Moduls: plugin-container.exe2 Berichtskennung: plugin-container.exe3 Error: (09/19/2014 07:54:12 AM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT-AUTORITÄT) Description: Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine Ereignisse übermittelt werden. Error: (09/18/2014 07:45:52 AM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT-AUTORITÄT) Description: Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine Ereignisse übermittelt werden. Error: (09/17/2014 08:07:46 AM) (Source: MsiInstaller) (EventID: 1024) (User: PcUser-PC) Description: Produkt: Adobe Reader XI (11.0.08) - Deutsch - Update "{AC76BA86-7AD7-0000-2550-7A8C40011009}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127 System errors: ============= Error: (09/20/2014 10:12:08 AM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: ttnfd Error: (09/20/2014 10:12:06 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Reimage Real Time Protector" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (09/20/2014 10:11:53 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "cyycfhtzro64" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (09/20/2014 10:11:53 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst cyycfhtzro64 erreicht. Error: (09/20/2014 10:11:17 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Computer Backup (MyPC Backup)" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (09/20/2014 10:11:17 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Computer Backup (MyPC Backup) erreicht. Error: (09/20/2014 09:42:01 AM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: ttnfd Error: (09/20/2014 09:42:00 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Reimage Real Time Protector" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (09/20/2014 08:47:19 AM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: ttnfd Error: (09/20/2014 08:47:19 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Reimage Real Time Protector" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Microsoft Office Sessions: ========================= Error: (09/20/2014 10:12:29 AM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT-AUTORITÄT) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/20/2014 09:43:23 AM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT-AUTORITÄT) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/20/2014 07:55:12 AM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT-AUTORITÄT) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/19/2014 05:13:14 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\PcUser\Desktop\esetsmartinstaller_deu.exe Error: (09/19/2014 05:13:07 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\PcUser\Downloads\esetsmartinstaller_deu.exe Error: (09/19/2014 04:49:21 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: plugin-container.exe31.0.0.5358540837e7NPSWF32_15_0_0_152.dll15.0.0.15253fe82138000000300357aad13dc01cfd418d87e3b37C:\Program Files (x86)\Deutsche Telekom AG\Browser 7\plugin-container.exeC:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll234117ff-400c-11e4-bd3d-001999962e10 Error: (09/19/2014 04:48:38 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: plugin-container.exe31.0.0.5358540837e7NPSWF32_15_0_0_152.dll15.0.0.15253fe82138000000300357aadbb801cfd417e0d5d892C:\Program Files (x86)\Deutsche Telekom AG\Browser 7\plugin-container.exeC:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll09ca037a-400c-11e4-bd3d-001999962e10 Error: (09/19/2014 07:54:12 AM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT-AUTORITÄT) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/18/2014 07:45:52 AM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT-AUTORITÄT) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/17/2014 08:07:46 AM) (Source: MsiInstaller) (EventID: 1024) (User: PcUser-PC) Description: Adobe Reader XI (11.0.08) - Deutsch{AC76BA86-7AD7-0000-2550-7A8C40011009}1625(NULL)(NULL)(NULL) ==================== Memory info =========================== Processor: Intel(R) Core(TM)2 Duo CPU E7500 @ 2.93GHz Percentage of memory in use: 31% Total physical RAM: 3967.61 MB Available physical RAM: 2733.03 MB Total Pagefile: 8233.41 MB Available Pagefile: 6934.52 MB Total Virtual: 8192 MB Available Virtual: 8191.84 MB ==================== Drives ================================ Drive c: (Windows) (Fixed) (Total:225.22 GB) (Free:180.32 GB) NTFS ==>[Drive with boot components (obtained from BCD)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 0841F56C) Partition 1: (Not Active) - (Size=7.7 GB) - (Type=27) Partition 2: (Active) - (Size=225.2 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Danke weiterhin für die Unterstützung. Gruß Geändert von root2 (20.09.2014 um 09:57 Uhr) |
20.09.2014, 17:33 | #4 |
/// the machine /// TB-Ausbilder | Befall von Malware (zym.tollbahsuburban.com) auf Windows 7 Professional PC Versuch es mal über Windows zu deinstallieren, ansonsten direkt weiter mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
20.09.2014, 19:42 | #5 |
| Befall von Malware (zym.tollbahsuburban.com) auf Windows 7 Professional PC Hi, deinstallieren mit Windows Bordmitteln hat funktioniert. Combofix ist durchgelaufen. Allerdings hat sich ein Programm (PC Speed Maximizer) automatisch beim Neutstart mit gestartet. Anbei das Combofix Logfile. Code:
ATTFilter ComboFix 14-09-18.01 - PcUser 20.09.2014 19:49:00.1.2 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.3968.2786 [GMT 2:00] ausgeführt von:: c:\users\PcUser\Desktop\ComboFix.exe SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . C:\END C:\LIL49DB.tmp C:\LIL4A0A.tmp C:\LIL4A39.tmp c:\program files (x86)\Probit Software\Easy Speed PC c:\program files (x86)\Probit Software\Easy Speed PC\ESPCSmartScan.exe c:\program files (x86)\SaveClicker c:\programdata\374311380 c:\programdata\374311380\BITEB19.tmp c:\programdata\IePluginServices c:\programdata\IePluginServices\PluginService.exe c:\programdata\SaveClicker c:\programdata\Setup.exe c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\bndmpmkpkcaipgdfamhmjdkeemneaeco c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\bndmpmkpkcaipgdfamhmjdkeemneaeco\2.1\background.html c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\bndmpmkpkcaipgdfamhmjdkeemneaeco\2.1\content.js c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\bndmpmkpkcaipgdfamhmjdkeemneaeco\2.1\jCFo.js c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\bndmpmkpkcaipgdfamhmjdkeemneaeco\2.1\lsdb.js c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\bndmpmkpkcaipgdfamhmjdkeemneaeco\2.1\manifest.json c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bndmpmkpkcaipgdfamhmjdkeemneaeco c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bndmpmkpkcaipgdfamhmjdkeemneaeco\2.1\background.html c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bndmpmkpkcaipgdfamhmjdkeemneaeco\2.1\content.js c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bndmpmkpkcaipgdfamhmjdkeemneaeco\2.1\jCFo.js c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bndmpmkpkcaipgdfamhmjdkeemneaeco\2.1\lsdb.js c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bndmpmkpkcaipgdfamhmjdkeemneaeco\2.1\manifest.json c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bndmpmkpkcaipgdfamhmjdkeemneaeco c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bndmpmkpkcaipgdfamhmjdkeemneaeco\2.1\background.html c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bndmpmkpkcaipgdfamhmjdkeemneaeco\2.1\content.js c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bndmpmkpkcaipgdfamhmjdkeemneaeco\2.1\jCFo.js c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bndmpmkpkcaipgdfamhmjdkeemneaeco\2.1\lsdb.js c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bndmpmkpkcaipgdfamhmjdkeemneaeco\2.1\manifest.json c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\bndmpmkpkcaipgdfamhmjdkeemneaeco c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\bndmpmkpkcaipgdfamhmjdkeemneaeco\2.1\background.html c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\bndmpmkpkcaipgdfamhmjdkeemneaeco\2.1\content.js c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\bndmpmkpkcaipgdfamhmjdkeemneaeco\2.1\jCFo.js c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\bndmpmkpkcaipgdfamhmjdkeemneaeco\2.1\lsdb.js c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\bndmpmkpkcaipgdfamhmjdkeemneaeco\2.1\manifest.json c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\bndmpmkpkcaipgdfamhmjdkeemneaeco c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\bndmpmkpkcaipgdfamhmjdkeemneaeco\2.1\background.html c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\bndmpmkpkcaipgdfamhmjdkeemneaeco\2.1\content.js c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\bndmpmkpkcaipgdfamhmjdkeemneaeco\2.1\jCFo.js c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\bndmpmkpkcaipgdfamhmjdkeemneaeco\2.1\lsdb.js c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\bndmpmkpkcaipgdfamhmjdkeemneaeco\2.1\manifest.json c:\users\PcUser\AppData\Local\Chromatic Browser\User Data\Default\Extensions\bndmpmkpkcaipgdfamhmjdkeemneaeco c:\users\PcUser\AppData\Local\Chromatic Browser\User Data\Default\Extensions\bndmpmkpkcaipgdfamhmjdkeemneaeco\2.1\background.html c:\users\PcUser\AppData\Local\Chromatic Browser\User Data\Default\Extensions\bndmpmkpkcaipgdfamhmjdkeemneaeco\2.1\content.js c:\users\PcUser\AppData\Local\Chromatic Browser\User Data\Default\Extensions\bndmpmkpkcaipgdfamhmjdkeemneaeco\2.1\jCFo.js c:\users\PcUser\AppData\Local\Chromatic Browser\User Data\Default\Extensions\bndmpmkpkcaipgdfamhmjdkeemneaeco\2.1\lsdb.js c:\users\PcUser\AppData\Local\Chromatic Browser\User Data\Default\Extensions\bndmpmkpkcaipgdfamhmjdkeemneaeco\2.1\manifest.json c:\users\PcUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bndmpmkpkcaipgdfamhmjdkeemneaeco c:\users\PcUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bndmpmkpkcaipgdfamhmjdkeemneaeco\2.1\background.html c:\users\PcUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bndmpmkpkcaipgdfamhmjdkeemneaeco\2.1\content.js c:\users\PcUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bndmpmkpkcaipgdfamhmjdkeemneaeco\2.1\jCFo.js c:\users\PcUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bndmpmkpkcaipgdfamhmjdkeemneaeco\2.1\lsdb.js c:\users\PcUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bndmpmkpkcaipgdfamhmjdkeemneaeco\2.1\manifest.json c:\users\PcUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bndmpmkpkcaipgdfamhmjdkeemneaeco c:\users\PcUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bndmpmkpkcaipgdfamhmjdkeemneaeco\2.1\background.html c:\users\PcUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bndmpmkpkcaipgdfamhmjdkeemneaeco\2.1\content.js c:\users\PcUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bndmpmkpkcaipgdfamhmjdkeemneaeco\2.1\jCFo.js c:\users\PcUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bndmpmkpkcaipgdfamhmjdkeemneaeco\2.1\lsdb.js c:\users\PcUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bndmpmkpkcaipgdfamhmjdkeemneaeco\2.1\manifest.json c:\users\PcUser\AppData\Local\Microsoft\Windows\Temporary Internet Files\ClearThink_iels c:\users\PcUser\AppData\Local\nsrAD00.tmp c:\users\PcUser\AppData\Local\nsrAFFC.tmp c:\users\PcUser\AppData\Local\Torch\User Data\Default\Extensions\bndmpmkpkcaipgdfamhmjdkeemneaeco c:\users\PcUser\AppData\Local\Torch\User Data\Default\Extensions\bndmpmkpkcaipgdfamhmjdkeemneaeco\2.1\background.html c:\users\PcUser\AppData\Local\Torch\User Data\Default\Extensions\bndmpmkpkcaipgdfamhmjdkeemneaeco\2.1\content.js c:\users\PcUser\AppData\Local\Torch\User Data\Default\Extensions\bndmpmkpkcaipgdfamhmjdkeemneaeco\2.1\jCFo.js c:\users\PcUser\AppData\Local\Torch\User Data\Default\Extensions\bndmpmkpkcaipgdfamhmjdkeemneaeco\2.1\lsdb.js c:\users\PcUser\AppData\Local\Torch\User Data\Default\Extensions\bndmpmkpkcaipgdfamhmjdkeemneaeco\2.1\manifest.json c:\users\PcUser\AppData\Local\Torch\User Data\Default\Preferences c:\users\PcUser\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\jstrj2otka@kuxbzdmdd-.com c:\users\PcUser\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\jstrj2otka@kuxbzdmdd-.com\bootstrap.js c:\users\PcUser\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\jstrj2otka@kuxbzdmdd-.com\chrome.manifest c:\users\PcUser\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\jstrj2otka@kuxbzdmdd-.com\content\bg.js c:\users\PcUser\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\jstrj2otka@kuxbzdmdd-.com\install.rdf c:\users\PcUser\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\searchplugins\trovi-search.xml c:\users\PcUser\Desktop\Search.lnk . . ((((((((((((((((((((((((((((((((((((((( Treiber/Dienste ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_PCSUService -------\Service_IePluginServices -------\Service_IePluginServices . . ((((((((((((((((((((((( Dateien erstellt von 2014-08-20 bis 2014-09-20 )))))))))))))))))))))))))))))) . . 2014-09-20 09:06 . 2014-09-20 09:06 -------- d-----w- c:\users\PcUser\AppData\Local\Diagnostics 2014-09-19 17:12 . 2014-09-19 17:12 -------- d-----w- c:\program files (x86)\VS Revo Group 2014-09-19 15:05 . 2014-09-20 17:43 -------- d-----w- C:\FRST 2014-09-19 05:57 . 2014-09-09 02:05 11578928 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E1200D46-6B7E-4E29-87B0-3DC8F6728A79}\mpengine.dll 2014-09-11 09:00 . 2014-09-20 09:18 -------- d-----w- c:\program files (x86)\PC Speed Up 2014-09-11 06:42 . 2014-09-11 06:42 10036224 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe 2014-09-10 16:46 . 2014-08-18 23:01 23591424 ----a-w- c:\windows\system32\mshtml.dll 2014-09-10 12:57 . 2014-08-01 11:53 1031168 ----a-w- c:\windows\system32\TSWorkspace.dll 2014-09-10 12:57 . 2014-08-01 11:35 793600 ----a-w- c:\windows\SysWow64\TSWorkspace.dll 2014-09-10 12:55 . 2014-06-24 03:29 2565120 ----a-w- c:\windows\system32\d3d10warp.dll 2014-09-10 12:55 . 2014-06-24 02:59 1987584 ----a-w- c:\windows\SysWow64\d3d10warp.dll 2014-09-10 12:55 . 2014-07-07 02:06 728064 ----a-w- c:\windows\system32\kerberos.dll 2014-09-10 12:55 . 2014-07-07 02:06 1460736 ----a-w- c:\windows\system32\lsasrv.dll 2014-09-10 12:55 . 2014-07-07 01:40 22016 ----a-w- c:\windows\SysWow64\secur32.dll 2014-09-10 12:55 . 2014-07-07 01:40 550912 ----a-w- c:\windows\SysWow64\kerberos.dll 2014-09-10 12:55 . 2014-07-07 01:39 96768 ----a-w- c:\windows\SysWow64\sspicli.dll 2014-09-10 12:55 . 2014-09-05 02:10 578048 ----a-w- c:\windows\system32\aepdu.dll 2014-09-10 12:55 . 2014-09-05 02:05 424448 ----a-w- c:\windows\system32\aeinv.dll 2014-09-10 06:17 . 2014-06-27 02:08 2777088 ----a-w- c:\windows\system32\msmpeg2vdec.dll 2014-09-10 06:17 . 2014-06-27 01:45 2285056 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll 2014-09-09 06:17 . 2014-09-09 06:17 -------- d-----w- c:\users\PcUser\AppData\Roaming\PC Speed Maximizer 2014-09-09 06:17 . 2014-09-09 06:17 -------- d-----w- c:\users\PcUser\AppData\Roaming\SumatraPDF 2014-09-09 06:13 . 2014-09-09 06:13 -------- d--h--w- c:\users\PcUser\AppData\Roaming\GoldenGate 2014-09-09 06:13 . 2014-09-20 08:49 -------- d-----w- c:\users\PcUser\AppData\Roaming\0C1I1L1R1J0C1F1G1G1P1R2Z 2014-09-09 06:13 . 2014-09-20 17:46 -------- d-----w- c:\users\PcUser\AppData\Local\Gameo 2014-09-09 06:13 . 2014-09-09 06:13 -------- d-----w- c:\users\PcUser\AppData\Roaming\Gameo 2014-09-09 06:12 . 2014-07-01 17:37 20872 ----a-w- c:\windows\SysWow64\drivers\DrvAgent64.SYS 2014-09-09 06:12 . 2014-09-20 06:14 -------- d-----w- c:\program files (x86)\DriverRestore 2014-09-09 05:40 . 2014-09-09 05:59 -------- d-----w- c:\users\PcUser\AppData\Local\Genesis_09090540 2014-09-08 09:33 . 2014-09-08 09:33 -------- d-----w- c:\programdata\OEM Links 2014-09-08 09:33 . 2014-09-08 09:33 -------- d-----w- C:\MININT 2014-09-07 09:19 . 2014-09-08 07:56 -------- d-----w- c:\program files\Reimage 2014-09-07 08:59 . 2014-09-07 08:59 -------- d-----w- c:\users\PcUser\AppData\Roaming\DriverFinder 2014-09-06 14:35 . 2014-09-06 14:35 -------- d-----w- c:\programdata\Telekom-Browser 7 2014-09-06 13:00 . 2014-09-07 09:19 -------- d-----w- c:\program files (x86)\ReimageExpress.com 2014-09-06 12:45 . 2014-09-06 12:46 -------- d-----w- c:\program files (x86)\Reimageplus.com 2014-09-06 08:26 . 2014-09-06 08:26 -------- d-----w- c:\program files (x86)\predm 2014-09-05 10:26 . 2014-09-05 10:26 -------- d-----w- c:\users\PcUser\AppData\Local\speed browser 2014-09-05 10:25 . 2014-09-05 10:25 -------- d-----w- c:\programdata\Browser 2014-09-05 06:48 . 2014-09-05 06:48 -------- d-----w- C:\TVWizard 2014-09-05 06:26 . 2014-09-04 17:53 61064 ----a-w- c:\windows\system32\drivers\{e6ca9971-30ed-444a-9489-82fca50b2062}Gw64.sys 2014-09-05 06:05 . 2014-09-05 06:05 -------- d-----w- c:\users\PcUser\AppData\Roaming\rightbackup 2014-09-05 06:05 . 2014-09-06 12:55 -------- d-----w- c:\program files (x86)\Bench 2014-09-04 14:56 . 2014-09-20 17:40 -------- d-----w- c:\program files\AllDaySavings 2014-09-04 14:56 . 2014-09-05 06:03 -------- d-----w- c:\users\PcUser\AppData\Roaming\Probit Software 2014-09-04 14:55 . 2014-09-06 12:48 -------- d-----w- c:\program files (x86)\CDC27E14-F7CE-431E-BBE0-76C7592FBEF6 2014-09-04 14:51 . 2014-09-04 14:51 1994136 ----a-w- c:\users\PcUser\AppData\Roaming\KWHF.exe 2014-09-04 14:51 . 2014-09-20 17:53 -------- d-----w- c:\program files (x86)\Probit Software 2014-09-04 14:50 . 2014-09-04 14:51 -------- d-----w- c:\program files\005 2014-09-04 14:33 . 2014-09-04 14:33 -------- d-----w- C:\33cb8ceb-6e1a-4e4c-9963-d32ad5205a76 2014-09-04 14:07 . 2014-09-08 12:18 -------- d--h--w- c:\windows\msdownld.tmp 2014-09-04 05:27 . 2014-09-04 05:27 -------- d-----w- c:\users\PcUser\AppData\Local\com 2014-09-04 05:24 . 2014-09-09 05:59 -------- d-----w- c:\users\PcUser\AppData\Roaming\Activeris 2014-09-03 17:44 . 2014-09-18 16:16 -------- d--h--w- c:\users\Public\Temp 2014-09-03 17:44 . 2014-09-06 08:48 -------- d-----w- c:\users\PcUser\AppData\Local\Smartbar 2014-09-03 17:43 . 2014-09-06 18:50 -------- d-----w- c:\program files (x86)\globalUpdate 2014-09-03 17:43 . 2014-09-06 08:21 -------- d-----w- c:\program files (x86)\videos MediaPlayer+ 2014-09-03 17:42 . 2014-09-02 12:11 4823040 ----a-w- c:\windows\score.exe 2014-09-03 13:46 . 2014-09-09 06:12 -------- d-----w- c:\program files (x86)\PC Speed Maximizer 2014-09-03 13:43 . 2014-09-06 08:33 -------- d-----w- c:\programdata\4ef04fb202130dcc 2014-09-03 13:43 . 2014-09-03 13:43 -------- d-----w- c:\users\PcUser\AppData\Local\Torch 2014-09-03 13:43 . 2014-09-03 13:43 -------- d-----w- c:\users\PcUser\AppData\Local\Comodo 2014-09-03 13:43 . 2014-09-03 13:43 -------- d-----w- c:\users\PcUser\AppData\Local\Chromatic Browser 2014-09-03 13:43 . 2014-09-03 13:43 -------- d-----w- c:\users\Administrator\AppData\Local\Torch 2014-09-03 13:43 . 2014-09-03 13:43 -------- d-----w- c:\users\Administrator\AppData\Local\Chromatic Browser 2014-09-03 13:43 . 2014-09-03 13:43 -------- d-----w- c:\users\PcUser\AppData\Local\Google 2014-09-03 13:43 . 2014-09-03 13:43 -------- d-----w- c:\users\Administrator\AppData\Local\Google 2014-09-03 13:43 . 2014-09-03 13:43 -------- d-----w- c:\users\Administrator\AppData\Local\Comodo 2014-09-03 13:42 . 2014-09-03 13:42 -------- d-----w- c:\users\PcUser\AppData\Local\globalUpdate 2014-09-03 13:41 . 2014-09-06 08:19 -------- d-----w- c:\programdata\WindowsMangerProtect 2014-09-03 13:41 . 2014-09-03 13:42 -------- d-----w- c:\program files (x86)\SupTab 2014-09-03 13:19 . 2014-09-03 00:49 61072 ----a-w- c:\windows\system32\drivers\{c5e48979-bd7f-4cf7-9b73-2482a67a4f37}Gw64.sys 2014-09-03 13:18 . 2014-09-06 08:26 -------- d-----w- c:\users\PcUser\AppData\Local\fabulous_09031318 2014-09-03 11:31 . 2014-09-03 11:31 -------- d-----w- c:\users\PcUser\AppData\Roaming\ap_logs 2014-09-03 11:31 . 2014-09-06 08:16 -------- d-----w- c:\programdata\Registry Helper 2014-09-03 11:30 . 2014-09-05 06:05 -------- d-----w- c:\programdata\DSearchLink 2014-09-03 11:27 . 2014-09-08 07:41 -------- d-----w- c:\users\PcUser\AppData\Roaming\Systweak 2014-09-03 11:27 . 2014-05-08 10:31 19968 ----a-w- c:\windows\system32\roboot64.exe 2014-09-03 11:15 . 2014-09-03 11:15 -------- d-----w- c:\program files (x86)\Common Files\Umbrella 2014-09-03 11:15 . 2014-09-03 11:15 -------- d-----w- c:\program files (x86)\Common Files\IMGUpdater 2014-09-03 11:14 . 2014-09-05 06:15 -------- d-----w- c:\program files (x86)\FLVM Player 2014-09-02 15:06 . 2014-09-02 15:06 -------- d-----w- c:\users\PcUser\AppData\Local\CrashRpt 2014-09-02 15:06 . 2014-09-11 09:02 -------- d-----w- c:\users\PcUser\AppData\Roaming\QuickScan 2014-09-01 06:38 . 2014-09-01 06:38 -------- d-----w- c:\users\PcUser\AppData\Local\Adobe 2014-08-28 05:47 . 2014-08-23 02:07 404480 ----a-w- c:\windows\system32\gdi32.dll 2014-08-28 05:47 . 2014-08-23 01:45 311808 ----a-w- c:\windows\SysWow64\gdi32.dll 2014-08-28 05:47 . 2014-08-23 00:59 3163648 ----a-w- c:\windows\system32\win32k.sys . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-09-11 06:42 . 2013-09-12 06:36 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2014-09-11 06:42 . 2013-09-12 06:36 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2014-09-10 06:17 . 2014-06-06 09:28 101694776 ----a-w- c:\windows\system32\MRT.exe 2014-08-25 04:53 . 2010-11-21 03:27 270496 ------w- c:\windows\system32\MpSigStub.exe 2014-07-31 20:20 . 2014-07-31 20:20 46376 ----a-w- c:\windows\system32\drivers\netfilter64.sys 2014-07-25 00:35 . 2014-07-25 00:35 875688 ----a-w- c:\windows\SysWow64\msvcr120_clr0400.dll 2014-07-24 21:47 . 2014-07-24 21:47 869544 ----a-w- c:\windows\system32\msvcr120_clr0400.dll 2014-07-16 03:23 . 2014-08-14 18:03 2048 ----a-w- c:\windows\system32\tzres.dll 2014-07-16 02:46 . 2014-08-14 18:03 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2014-07-14 02:02 . 2014-08-14 18:02 1216000 ----a-w- c:\windows\system32\rpcrt4.dll 2014-07-14 01:40 . 2014-08-14 18:02 664064 ----a-w- c:\windows\SysWow64\rpcrt4.dll 2014-07-09 02:03 . 2014-08-14 18:03 7168 ----a-w- c:\windows\system32\KBDYAK.DLL 2014-07-09 02:03 . 2014-08-14 18:03 7168 ----a-w- c:\windows\system32\KBDTAT.DLL 2014-07-09 02:03 . 2014-08-14 18:03 7168 ----a-w- c:\windows\system32\KBDRU1.DLL 2014-07-09 02:03 . 2014-08-14 18:03 6656 ----a-w- c:\windows\system32\KBDRU.DLL 2014-07-09 02:03 . 2014-08-14 18:03 7168 ----a-w- c:\windows\system32\KBDBASH.DLL 2014-07-09 01:31 . 2014-08-14 18:03 7168 ----a-w- c:\windows\SysWow64\KBDYAK.DLL 2014-07-09 01:31 . 2014-08-14 18:03 6656 ----a-w- c:\windows\SysWow64\KBDBASH.DLL 2014-06-30 22:24 . 2014-08-14 18:10 8856 ----a-w- c:\windows\system32\icardres.dll 2014-06-30 22:14 . 2014-08-14 18:10 8856 ----a-w- c:\windows\SysWow64\icardres.dll 2014-06-25 02:05 . 2014-08-14 18:02 14175744 ----a-w- c:\windows\system32\shell32.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0}] 2010-11-21 03:24 297808 ----a-w- c:\windows\System32\mscoree.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}] 2014-09-03 13:42 515464 ----a-w- c:\program files (x86)\SupTab\SupTab.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PC Speed Maximizer"="c:\program files (x86)\PC Speed Maximizer\SPMLauncher.exe" [2014-04-28 134968] "Gameo"="c:\users\PcUser\AppData\Roaming\Gameo\gameo.exe" [2014-08-25 41402880] "PCSpeedUp"="c:\program files (x86)\PC Speed Up\PCSUNotifier.exe" [2014-08-08 300840] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-08-21 959176] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . R1 ttnfd;ttnfd;c:\windows\system32\drivers\ttnfd.sys;c:\windows\SYSNATIVE\drivers\ttnfd.sys [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 ReimageRealTimeProtector;Reimage Real Time Protector;c:\program files\Reimage\Reimage Protector\ReiGuard.exe;c:\program files\Reimage\Reimage Protector\ReiGuard.exe [x] R3 Browser7Maintenance;Browser 7 Maintenance Service;c:\program files (x86)\Browser 7 Maintenance Service\maintenanceservice.exe;c:\program files (x86)\Browser 7 Maintenance Service\maintenanceservice.exe [x] R3 cpuz134;cpuz134;c:\users\PcUser\AppData\Local\Temp\cpuz134\cpuz134_x64.sys;c:\users\PcUser\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [x] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x] R3 DrvAgent64;DrvAgent64;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x] R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x] R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] S1 {c5e48979-bd7f-4cf7-9b73-2482a67a4f37}Gw64;{c5e48979-bd7f-4cf7-9b73-2482a67a4f37}Gw64;c:\windows\system32\drivers\{c5e48979-bd7f-4cf7-9b73-2482a67a4f37}Gw64.sys;c:\windows\SYSNATIVE\drivers\{c5e48979-bd7f-4cf7-9b73-2482a67a4f37}Gw64.sys [x] S1 {e6ca9971-30ed-444a-9489-82fca50b2062}Gw64;{e6ca9971-30ed-444a-9489-82fca50b2062}Gw64;c:\windows\system32\drivers\{e6ca9971-30ed-444a-9489-82fca50b2062}Gw64.sys;c:\windows\SYSNATIVE\drivers\{e6ca9971-30ed-444a-9489-82fca50b2062}Gw64.sys [x] S1 netfilter64;netfilter64;c:\windows\system32\drivers\netfilter64.sys;c:\windows\SYSNATIVE\drivers\netfilter64.sys [x] S2 AllDaySavingsService64;AllDaySavingsService64;c:\program files (x86)\CDC27E14-F7CE-431E-BBE0-76C7592FBEF6\etmajyzoqm64.exe;c:\program files (x86)\CDC27E14-F7CE-431E-BBE0-76C7592FBEF6\etmajyzoqm64.exe [x] S2 cyycfhtzro64;cyycfhtzro64;c:\program files\005\cyycfhtzro64.exe run options=01110010050000000000000000000000 sourceguid=CDC27E14-F7CE-431E-BBE0-76C7592FBEF6;c:\program files\005\cyycfhtzro64.exe run options=01110010050000000000000000000000 sourceguid=CDC27E14-F7CE-431E-BBE0-76C7592FBEF6 [x] S2 GlobalUpdater;GlobalUpdater;c:\program files (x86)\Common Files\IMGUpdater\IMGUpdater.exe;c:\program files (x86)\Common Files\IMGUpdater\IMGUpdater.exe [x] S2 scores;scores;c:\windows\score.exe;c:\windows\score.exe [x] S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys;c:\windows\SYSNATIVE\drivers\IntcHdmi.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] . . --- Andere Dienste/Treiber im Speicher --- . *NewlyCreated* - WS2IFSL . Inhalt des "geplante Tasks" Ordners . 2014-09-20 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-12 06:42] . 2014-09-04 c:\windows\Tasks\KWHF.job - c:\users\PcUser\AppData\Roaming\KWHF.exe [2014-09-04 14:51] . 2014-09-20 c:\windows\Tasks\PC SpeedUp Service Deactivator.job - c:\program files (x86)\PC Speed Up\PCSUSD.exe [2014-09-11 11:43] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Unattend0000000001{15346C6C-F853-4410-BF55-473812C60FF7}"="c:\restore\createrestore.exe" [2013-04-30 587912] . ------- Zusätzlicher Suchlauf ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.mystart.com/?pr=vmn&id=mystarttb&v=5_4&ent=hp_5108&src=5108 mDefault_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1409842302&from=obw&uid=WDCXWD2500AAJS-07M0A0_WD-WMAV2DU1265412654&q={searchTerms} mDefault_Page_URL = about:blank mStart Page = about:blank mLocal Page = c:\windows\SysWOW64\blank.htm mSearch Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1409842302&from=obw&uid=WDCXWD2500AAJS-07M0A0_WD-WMAV2DU1265412654&q={searchTerms} uInternet Settings,ProxyOverride = <-loopback> uSearchAssistant = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJ_l4MkPpONrsnaOi2aKJtss8TtA0GPrLhjCU0ALyib4jnlq109wosoT5F3TUS5eDDBEVsm9WlbCJFlcWYKrfpB9DipEMvosDUOqnmrEE1xLL646Penf6gjruOKEuDU0hyggl6E55d-bHbV4ytN2XwtR4MQA,,&q={searchTerms} TCP: DhcpNameServer = 192.168.2.1 192.168.2.1 FF - ProfilePath - c:\users\PcUser\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\ . - - - - Entfernte verwaiste Registrierungseinträge - - - - . BHO-{84FF7BD6-B47F-46F8-9130-01B2696B36CB} - (no file) Wow6432Node-HKLM-Run-mbot_de_53 - (no file) Wow6432Node-HKLM-Run-Registry Helper - c:\program files (x86)\Registry Helper\RegistryHelper.Exe Wow6432Node-HKLM-Run-AnyProtect Scanner - c:\program files (x86)\AnyProtectEx\AnyProtect.exe Wow6432Node-HKLM-Run-OneMoreGame - c:\users\PcUser\AppData\Roaming\OneMoreGame\OMG.exe BHO-{6CB99040-7828-4C37-AC01-F15758F43E4D} - c:\program files\TermTutor\IE\TermTutorClientIE.dll AddRemove-RegClean Pro_is1 - c:\program files (x86)\RCP\unins000.exe . . . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="BrowserHTM" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice] @Denied: (2) (LocalSystem) "Progid"="BrowserHTM" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="BrowserHTM" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice] @Denied: (2) (LocalSystem) "Progid"="BrowserHTM" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="BrowserHTM" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_152_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_152_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}] @Denied: (A 2) (Everyone) @="IFlashBroker6" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_152_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_152_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_152.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.15" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_152.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_152.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_152.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}] @Denied: (A 2) (Everyone) @="IFlashBroker6" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Weitere laufende Prozesse ------------------------ . c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe c:\program files (x86)\PC Speed Maximizer\PCSpeedMaximizer.exe c:\program files (x86)\PC Speed Maximizer\SPMSmartScan.exe . ************************************************************************** . Zeit der Fertigstellung: 2014-09-20 19:58:52 - PC wurde neu gestartet ComboFix-quarantined-files.txt 2014-09-20 17:58 . Vor Suchlauf: 13 Verzeichnis(se), 192.494.366.720 Bytes frei Nach Suchlauf: 19 Verzeichnis(se), 193.575.473.152 Bytes frei . - - End Of File - - 7252965DE256D2885D5DB2FD5B715037 A36C5E4F47E84449FF07ED3517B43A31 Besten Dank. Gruß. |
21.09.2014, 09:49 | #6 |
/// the machine /// TB-Ausbilder | Befall von Malware (zym.tollbahsuburban.com) auf Windows 7 Professional PC Alles deinstallieren mit Revo oder Windows. Soweit möglich. Dann: Downloade Dir bitte Malwarebytes Anti-Malware
Downloade Dir bitte AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ --> Befall von Malware (zym.tollbahsuburban.com) auf Windows 7 Professional PC |
21.09.2014, 15:20 | #7 |
| Befall von Malware (zym.tollbahsuburban.com) auf Windows 7 Professional PC Danke, hat alles wunderbar funktioniert, denke ich. Anbei die gewünschten Logs. Aus Größengründen sind die Logs im Anhang als ZIP Datei mit angehängt, da sie sowohl für den Post selbst, als auch für den Anhang zu groß gewesen wären. Bitte kurz Bescheid geben, wenn ich die Logs splitten soll, falls kein Zugriff auf die Anhänge möglich ist. Besten Dank bereits jetzt für den super Support. Gruß Geändert von root2 (21.09.2014 um 15:34 Uhr) |
21.09.2014, 19:29 | #8 |
| Befall von Malware (zym.tollbahsuburban.com) auf Windows 7 Professional PC Falls es die Sache leichter macht anbei nochmal die Logfiles in gesplitteter Form aufgeteilt auf mehrere Posts. MBAM Log Teil 1: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 21.09.2014 Suchlauf-Zeit: 15:22:59 Logdatei: mbam.txt Administrator: Ja Version: 2.00.2.1012 Malware Datenbank: v2014.09.21.03 Rootkit Datenbank: v2014.09.19.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Self-protection: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: PcUser Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 333749 Verstrichene Zeit: 6 Min, 51 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristics: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 4 PUP.Optional.AdPeak.A, C:\Program Files\005\cyycfhtzro64.exe, 1572, Löschen bei Neustart, [9bac09e71b60112548b69b51e02410f0] PUP.Optional.IMGUpdater.A, C:\Program Files (x86)\Common Files\IMGUpdater\IMGUpdater.exe, 1648, Löschen bei Neustart, [1334b53b205b0135699e286d7e839a66] Trojan.Agent, C:\Windows\score.exe, 1704, Löschen bei Neustart, [6dda5f91c4b779bd55546e4ff40d04fc] PUP.Optional.Adpeak.A, C:\Program Files (x86)\CDC27E14-F7CE-431E-BBE0-76C7592FBEF6\etmajyzoqm64.exe, 1536, Löschen bei Neustart, [0e39ea06a6d5a49222cb947c956e748c] Module: 0 (No malicious items detected) Registrierungsschlüssel: 94 PUP.Optional.AdPeak.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\cyycfhtzro64, In Quarantäne, [9bac09e71b60112548b69b51e02410f0], PUP.Optional.IMGUpdater.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\GlobalUpdater, In Quarantäne, [1334b53b205b0135699e286d7e839a66], Trojan.Agent, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\scores, In Quarantäne, [6dda5f91c4b779bd55546e4ff40d04fc], PUP.Optional.SearchProtect.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\CltMngSvc, In Quarantäne, [85c2ba36d2a96bcb86bb4f4e42bf30d0], PUP.Optional.TermTutor.A, HKLM\SOFTWARE\CLASSES\CLSID\{6CB99040-7828-4C37-AC01-F15758F43E4D}, In Quarantäne, [05428070512a9a9ca41b1a6e50b26a96], PUP.Optional.TermTutor.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{733413F4-5FB9-4EE9-8536-BF7AB1731A19}, In Quarantäne, [05428070512a9a9ca41b1a6e50b26a96], PUP.Optional.TermTutor.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{3DD26F46-6B41-49B2-878E-1883411BBB59}, In Quarantäne, [05428070512a9a9ca41b1a6e50b26a96], PUP.Optional.TermTutor.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{3DD26F46-6B41-49B2-878E-1883411BBB59}, In Quarantäne, [05428070512a9a9ca41b1a6e50b26a96], PUP.Optional.TermTutor.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{733413F4-5FB9-4EE9-8536-BF7AB1731A19}, In Quarantäne, [05428070512a9a9ca41b1a6e50b26a96], PUP.Optional.TermTutor.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{6CB99040-7828-4C37-AC01-F15758F43E4D}, In Quarantäne, [05428070512a9a9ca41b1a6e50b26a96], PUP.Optional.TermTutor.A, HKU\S-1-5-21-3299499388-507950971-3432295107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{6CB99040-7828-4C37-AC01-F15758F43E4D}, In Quarantäne, [05428070512a9a9ca41b1a6e50b26a96], PUP.Optional.TermTutor.A, HKU\S-1-5-21-3299499388-507950971-3432295107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{6CB99040-7828-4C37-AC01-F15758F43E4D}, In Quarantäne, [05428070512a9a9ca41b1a6e50b26a96], PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}, In Quarantäne, [79cebc34cdae1c1a2fafaa18d23050b0], PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\IminentWebBooster.BrowserHelperObject.1, In Quarantäne, [79cebc34cdae1c1a2fafaa18d23050b0], PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\IminentWebBooster.BrowserHelperObject, In Quarantäne, [79cebc34cdae1c1a2fafaa18d23050b0], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\IminentWebBooster.BrowserHelperObject, In Quarantäne, [79cebc34cdae1c1a2fafaa18d23050b0], PUP.Optional.Iminent.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}, In Quarantäne, [79cebc34cdae1c1a2fafaa18d23050b0], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}, In Quarantäne, [79cebc34cdae1c1a2fafaa18d23050b0], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\IminentWebBooster.BrowserHelperObject.1, In Quarantäne, [79cebc34cdae1c1a2fafaa18d23050b0], PUP.Optional.Iminent.A, HKU\S-1-5-21-3299499388-507950971-3432295107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}, In Quarantäne, [79cebc34cdae1c1a2fafaa18d23050b0], PUP.Optional.Iminent.A, HKU\S-1-5-21-3299499388-507950971-3432295107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}, In Quarantäne, [79cebc34cdae1c1a2fafaa18d23050b0], PUP.Optional.VMNToolBar.A, HKLM\SOFTWARE\CLASSES\CLSID\{ccb24e92-62c4-4c53-95d2-65f9eed476bc}, In Quarantäne, [5ee917d9601b0d29c73d01c403ff9c64], PUP.Optional.VMNToolBar.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{CCB24E92-62C4-4C53-95D2-65F9EED476BC}, In Quarantäne, [5ee917d9601b0d29c73d01c403ff9c64], PUP.Optional.DynConIE.A, HKLM\SOFTWARE\CLASSES\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}, In Quarantäne, [e85f8a6680fbeb4b48d32e61f9096997], PUP.Optional.DynConIE.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}, In Quarantäne, [e85f8a6680fbeb4b48d32e61f9096997], PUP.Optional.QuickShare.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}, In Quarantäne, [ec5b648c5e1d95a1778923a04ab8cd33], PUP.Optional.QuickShare.A, HKLM\SOFTWARE\CLASSES\IESmartBar.BHO, In Quarantäne, [ec5b648c5e1d95a1778923a04ab8cd33], PUP.Optional.QuickShare.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}, In Quarantäne, [ec5b648c5e1d95a1778923a04ab8cd33], PUP.Optional.QuickShare.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\IESmartBar.BHO, In Quarantäne, [ec5b648c5e1d95a1778923a04ab8cd33], PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, In Quarantäne, [7fc82fc1f685f1450185117d1fe3eb15], PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, In Quarantäne, [7fc82fc1f685f1450185117d1fe3eb15], PUP.Optional.Snapdo.T, HKU\S-1-5-21-3299499388-507950971-3432295107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{006ee092-9658-4fd6-bd8e-a21a348e59f5}, In Quarantäne, [b493a8480c6f58defaf0576f2ad8c63a], PUP.Optional.Snapdo.T, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{006EE092-9658-4FD6-BD8E-A21A348E59F5}, In Quarantäne, [b493a8480c6f58defaf0576f2ad8c63a], PUP.Optional.SearchProtect.A, HKU\S-1-5-21-3299499388-507950971-3432295107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}, In Quarantäne, [46017f710d6e14227db593f7a16160a0], PUP.Optional.Babylon.A, HKU\S-1-5-21-3299499388-507950971-3432295107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}, In Quarantäne, [3b0c0ee24b302c0a3ec5a3e7eb17659b], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{68B81CCD-A80C-4060-8947-5AE69ED01199}, In Quarantäne, [f7500de3fb8075c176414e7509f9669a], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E6B969FB-6D33-48d2-9061-8BBD4899EB08}, In Quarantäne, [82c508e8106bfd39477103c0fa08e41c], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}, In Quarantäne, [5ceb5898c0bb41f56ce0c6fd936fdf21], PUP.Optional.Sanbreel.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{c5e48979-bd7f-4cf7-9b73-2482a67a4f37}Gw64, In Quarantäne, [c285b33d02792313121220f08d7639c7], PUP.Optional.Sanbreel.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{e6ca9971-30ed-444a-9489-82fca50b2062}Gw64, In Quarantäne, [c97e9f5182f90036d84c13fd6c97f808], PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\SearchProtect, In Quarantäne, [90b715dbf7848da95fea74e60cf835cb], PUP.Optional.Adpeak.A, HKLM\SOFTWARE\AllDaySavings, In Quarantäne, [1b2c3ab6364573c3eefccf41d13243bd], PUP.Optional.Iminent.A, HKLM\SOFTWARE\Iminent, In Quarantäne, [b295e10f9cdf51e5fadb4af0a55ec23e], PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\Iminent, In Quarantäne, [d770b838fb807eb8a98d194c9e66ed13], PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\IminentWebBooster.ScriptExtender, In Quarantäne, [7dca747c8feced4943fa0b4642c2d030], PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\IminentWebBooster.ScriptExtender.1, In Quarantäne, [0d3a9060a1da3204b08da9a81ce87c84], PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\APPID\Iminent.WebBooster.InternetExplorer.DLL, In Quarantäne, [d077b937c6b5b08689963f1a0df76997], PUP.Optional.SearchProtect, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}, In Quarantäne, [9aad1bd5166514228d14c3b140c44eb2], PUP.Optional.SearchProtect, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{cf2797aa-b7ec-e311-8ed9-005056c00008}, In Quarantäne, [a3a48e62d1aa4aec752bff7533d1966a], PUP.Optional.Adpeak.A, HKLM\SOFTWARE\WOW6432NODE\AllDaySavings, In Quarantäne, [31167e725f1cb680e802ee2241c2c937], PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\WOW6432NODE\istartsurfSoftware, In Quarantäne, [034429c7bbc057df9b3a6aa17291be42], PUP.Optional.MBot.A, HKLM\SOFTWARE\WOW6432NODE\MYBESTOFFERSTODAY, In Quarantäne, [f1566f810f6c3600ceb6b85321e243bd], PUP.Optional.SafetySearch.A, HKLM\SOFTWARE\WOW6432NODE\SafetySearch, In Quarantäne, [dc6ba54bf9821125829830e00cf750b0], PUP.Optional.WPM.A, HKLM\SOFTWARE\WOW6432NODE\supWindowsMangerProtect, In Quarantäne, [86c1846cd5a6340271dd7ff10cf835cb], PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\supWPM, In Quarantäne, [b790de12adcef145b85b1af036cdf709], PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\WOW6432NODE\webssearchesSoftware, In Quarantäne, [17305f91de9d1b1bdb99b6772dd68977], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Iminent, In Quarantäne, [60e720d01f5c49ed8fa7f372d4305aa6], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\IminentWebBooster.ScriptExtender, In Quarantäne, [7bccdf115f1ce254e657cb8657adae52], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\IminentWebBooster.ScriptExtender.1, In Quarantäne, [fd4ac927601be94dfa4357fa659f25db], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\Iminent.WebBooster.InternetExplorer.DLL, In Quarantäne, [291e7e725b202b0ba07f92c79074946c], PUP.Optional.VNMToolbar.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\dghncoeocefmhkhiphdgikkamjeglbfh, In Quarantäne, [ae999f51156696a0acdce72e34cfc739], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\ehhlaekjfiiojlddgndcnefflngfmhen, In Quarantäne, [e95e6d836b10999dc9b07c89e41f40c0], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\nbljechdpodpbchbmjcoamidppmpnmlc, In Quarantäne, [d275c927403bec4a2c4ce61f3dc641bf], PUP.Optional.IMGUpdater.A, HKLM\SOFTWARE\WOW6432NODE\IMGUPDATER, In Quarantäne, [46012bc53e3dbc7a7069fe1c709339c7], PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\WOW6432NODE\SEARCHPROTECT, In Quarantäne, [4700d41c2853c472dbad65b1d62dd32d], PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPDP, In Quarantäne, [31169c543b4058dec21d44c549ba53ad], PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPTAB, In Quarantäne, [ed5a529e1665d75f32e09773e81b9c64], PUP.Optional.RegCleanPro.A, HKLM\SOFTWARE\WOW6432NODE\SYSTWEAK\RegClean Pro, In Quarantäne, [ec5bd818a1da53e33407fe1640c36997], PUP.Optional.SystemSpeedup, HKLM\SOFTWARE\WOW6432NODE\SYSTWEAK\ssd, In Quarantäne, [d176975902793ef8d8bb5eb6659eca36], PUP.Optional.Umbrella.A, HKLM\SOFTWARE\WOW6432NODE\UMBRELLA, In Quarantäne, [c87fd818116a58ded001242d3cc847b9], PUP.Optional.Adpeak.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\AllDaySavingsService64, In Quarantäne, [0e39ea06a6d5a49222cb947c956e748c], PUP.Optional.SearchProtect, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SPPD, In Quarantäne, [1e29945cf3889c9a06c82de2d82b4ab6], PUP.Optional.TermTutor.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TTNFD, In Quarantäne, [55f238b8413ae5518ae87a8dd82b20e0], PUP.Optional.BrowsersApp.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Browsers Apps -, In Quarantäne, [f15658985d1ee5517e2bf01e3fc4827e], PUP.Optional.1ClickMovieDownload.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\ClickMovie1-Downloaderv10, In Quarantäne, [36119957d4a75dd93109838ea45fd32d], PUP.Optional.ClipHD.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Clip-High_D_06, In Quarantäne, [5bec935d0c6f1f17e55082970bf8ae52], PUP.Optional.SmartSaver.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\SmartSaver+ 21, In Quarantäne, [64e318d8700bd0667882ba79a36021df], PUP.Optional.VideosMediaPlayer.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\videos MediaPlayer+, In Quarantäne, [49fe747c5b2079bdf858f413b84b817f], PUP.Optional.1ClickDownload.A, HKU\S-1-5-21-3299499388-507950971-3432295107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\1ClickDownload, In Quarantäne, [ca7d2bc5a8d3e155246dde7364a0a45c], PUP.Optional.Iminent.A, HKU\S-1-5-21-3299499388-507950971-3432295107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Iminent, In Quarantäne, [a89f42ae8bf0f73fa82ebd7de51e33cd], PUP.Optional.WebSearches.A, HKU\S-1-5-21-3299499388-507950971-3432295107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SupHpUISoft, In Quarantäne, [ea5de709770447efdff050bbc93a946c], PUP.Optional.Tuto4PC.A, HKU\S-1-5-21-3299499388-507950971-3432295107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\TutoTag, In Quarantäne, [301705eb5c1fdd5910985f147094af51], PUP.Optional.MultiIE.A, HKU\S-1-5-21-3299499388-507950971-3432295107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\DynConIE, In Quarantäne, [82c5ae42374486b0515ca2cba85c20e0], PUP.Optional.VideosMediaPlayer.A, HKU\S-1-5-21-3299499388-507950971-3432295107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\videos MediaPlayer+, In Quarantäne, [2a1d4ca41269be78a7a9e91e06fd6a96], PUP.Optional.InstallCore.A, HKU\S-1-5-21-3299499388-507950971-3432295107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, In Quarantäne, [3b0c9b55295265d1627f97a2768d55ab], PUP.Optional.InstallCore.A, HKU\S-1-5-21-3299499388-507950971-3432295107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, In Quarantäne, [9fa801ef16656cca28193c14c341ca36], PUP.Optional.Ciuvo.A, HKU\S-1-5-21-3299499388-507950971-3432295107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\ciuvo.com, In Quarantäne, [6fd85b95f8831224fa4bbc5ac142e818], PUP.Optional.SuperFish.A, HKU\S-1-5-21-3299499388-507950971-3432295107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com, In Quarantäne, [e85f37b95c1f42f4ef55be5824dfd62a], PUP.Optional.Iminent.A, HKU\S-1-5-21-3299499388-507950971-3432295107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOWREGISTRY\Iminent, In Quarantäne, [7ec9ca26abd01e18d4cf4fd6c43f7789], PUP.Optional.Superfish.A, HKU\S-1-5-21-3299499388-507950971-3432295107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOWREGISTRY\DOMSTORAGE\superfish.com, In Quarantäne, [7ccbe40c7efd14220da8680d5aaab947], PUP.Optional.FastStart.A, HKU\S-1-5-21-3299499388-507950971-3432295107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\EXTENDS, In Quarantäne, [e562ae420a71171f43c0b15659aacf31], PUP.Optional.Softonic.A, HKU\S-1-5-21-3299499388-507950971-3432295107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader, In Quarantäne, [074035bbb2c978bea46c4fdabc47ee12], PUP.Optional.RegCleanerPro.A, HKU\S-1-5-21-3299499388-507950971-3432295107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SYSTWEAK\RegClean Pro, In Quarantäne, [91b645abe19a22144e98163f7d877e82], PUP.Optional.SystemSpeedup, HKU\S-1-5-21-3299499388-507950971-3432295107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SYSTWEAK\ssd, In Quarantäne, [00479f5188f30b2ba6ec967ea261c63a], Registrierungswerte: 14 PUP.Optional.SmartBar, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{ae07101b-46d4-4a98-af68-0333ea26e113}, Smartbar, In Quarantäne, [371036ba3a41c274683645c358ab8878] PUP.Optional.IMGUpdater.A, HKLM\SOFTWARE\WOW6432NODE\IMGUPDATER|ConfigBlockJSN, { "MAIN_SWITCH" : true, "UPDATABLE" : { "064A36CC-4404-42F9-B26E-3BFD515F2447" : { "lastupdated" : 0, "mindeltatime" : 259200 }, "2C200CBA-D536-40C8-902D-9C34FD10AD85" : { "lastupdated" : 0, "localversion" : "0", "mindeltatime" : 259200 }, "4C973056-22D8-488C-A358-AEA00CC2EC7D" : { "lastupdated" : 0, "mindeltatime" : 259200 } } } , In Quarantäne, [46012bc53e3dbc7a7069fe1c709339c7] PUP.Optional.SmartBar, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{ae07101b-46d4-4a98-af68-0333ea26e113}, Smartbar, In Quarantäne, [da6d8e621764e056ccd225e355aee21e] PUP.Optional.TermTutor.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|termtutor@termtutor.com, C:\Program Files (x86)\Mozilla Firefox\extensions\termtutor@termtutor.com, In Quarantäne, [87c0d21e6417270f2a4650b71be8c33d] PUP.Optional.FastStart.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|faststartff@gmail.com, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com, In Quarantäne, [56f10be5d7a414220660402fa55f29d7] PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\WOW6432NODE\SEARCHPROTECT|InstallDir, C:\PROGRA~2\SearchProtect, In Quarantäne, [4700d41c2853c472dbad65b1d62dd32d] PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPDP|dir, C:\Program Files (x86)\SupTab, In Quarantäne, [31169c543b4058dec21d44c549ba53ad] PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPTAB|ptid, bdo, In Quarantäne, [ed5a529e1665d75f32e09773e81b9c64] PUP.Optional.Umbrella.A, HKLM\SOFTWARE\WOW6432NODE\UMBRELLA|MUpdBlock, { "MASSUPDATE" : { "CHROME_MBAR" : { "Checked" : 1, "RetryIdx" : 0, "Version" : 1 }, "FIREFOX_MBAR" : { "Checked" : 1, "RetryIdx" : 0, "Version" : 3 }, "IEXPLORE_BHO" : { "Checked" : 1, "RetryIdx" : 0, "Version" : 4 } } } , In Quarantäne, [c87fd818116a58ded001242d3cc847b9] PUP.Optional.IMGUpdater.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\GLOBALUPDATER|ImagePath, C:\Program Files (x86)\Common Files\IMGUpdater\IMGUpdater.exe, In Quarantäne, [97b0e9076417f73fbae198836f9411ef] PUP.Optional.SearchProtect, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SPPD|ImagePath, \??\C:\Windows\system32\drivers\SPPD.sys, In Quarantäne, [1e29945cf3889c9a06c82de2d82b4ab6] PUP.Optional.TermTutor.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TTNFD|ImagePath, system32\drivers\ttnfd.sys, In Quarantäne, [55f238b8413ae5518ae87a8dd82b20e0] PUP.Optional.InstallCore.A, HKU\S-1-5-21-3299499388-507950971-3432295107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0H1N1M, In Quarantäne, [9fa801ef16656cca28193c14c341ca36] PUP.Optional.FastStart.A, HKU\S-1-5-21-3299499388-507950971-3432295107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\EXTENDS|appid, faststartff@gmail.com, In Quarantäne, [e562ae420a71171f43c0b15659aacf31] Registrierungsdaten: 8 PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|AppInit_DLLs, C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll, Gut: (), Schlecht: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll),Ersetzt,[a3a41fd1720968cec57c7825af52629e] PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|AppInit_DLLs, C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll, Gut: (), Schlecht: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll),Ersetzt,[b592fcf4e49762d49ca5663706fba35d] PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://istart.webssearches.com/web/?type=ds&ts=1409842302&from=obw&uid=WDCXWD2500AAJS-07M0A0_WD-WMAV2DU1265412654&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://istart.webssearches.com/web/?type=ds&ts=1409842302&from=obw&uid=WDCXWD2500AAJS-07M0A0_WD-WMAV2DU1265412654&q={searchTerms}),Ersetzt,[82c51bd5eb901323eb616c916b99649c] PUP.Optional.SnapDo.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJ_l4MkPpONrsnaOi2aKJtss8TtA0GPrLhjCU0ALyib4jnlq109wosoT5F3TUS5eDDBEVsm9WlbCJFlcWYKrfpB9DipEMvosDUOqnmrEE1xLL646Penf6gjruOKEuDU0hyggl6E55d-bHbV4ytN2XwtR4MRw,,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJ_l4MkPpONrsnaOi2aKJtss8TtA0GPrLhjCU0ALyib4jnlq109wosoT5F3TUS5eDDBEVsm9WlbCJFlcWYKrfpB9DipEMvosDUOqnmrEE1xLL646Penf6gjruOKEuDU0hyggl6E55d-bHbV4ytN2XwtR4MRw,,&q={searchTerms}),Ersetzt,[92b511df1e5d77bf7c0bd528f212c43c] PUP.Optional.Trovi.A, HKU\S-1-5-21-3299499388-507950971-3432295107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.trovi.com/?gd=&ctid=CT3331213&octid=EB_ORIGINAL_CTID&ISID=M4E3EA60A-2801-4BD7-9720-DEC41FBC6C39&SearchSource=55&CUI=&UM=6&UP=SP112CE4EF-E5BD-45FB-ABB0-95811604E4E9&SSPV=, Gut: (www.google.com), Schlecht: (hxxp://www.trovi.com/?gd=&ctid=CT3331213&octid=EB_ORIGINAL_CTID&ISID=M4E3EA60A-2801-4BD7-9720-DEC41FBC6C39&SearchSource=55&CUI=&UM=6&UP=SP112CE4EF-E5BD-45FB-ABB0-95811604E4E9&SSPV=),Ersetzt,[380f43adde9ddf573587ed0f3bc9c53b] PUP.Optional.Snapdo, HKU\S-1-5-21-3299499388-507950971-3432295107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJ_l4MkPpONrsnaOi2aKJtss8TtA0GPrLhjCU0ALyib4jnlq109wosoT5F3TUS5eDDBEVsm9WlbCJFlcWYKrfpB9DipEMvosDUOqnmrEE1xLL646Penf6gjruOKEuDU0hyggl6E55d-bHbV4ytN2XwtR4MQA,,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJ_l4MkPpONrsnaOi2aKJtss8TtA0GPrLhjCU0ALyib4jnlq109wosoT5F3TUS5eDDBEVsm9WlbCJFlcWYKrfpB9DipEMvosDUOqnmrEE1xLL646Penf6gjruOKEuDU0hyggl6E55d-bHbV4ytN2XwtR4MQA,,&q={searchTerms}),Ersetzt,[3b0cac442754092def00000615f0629e] PUP.Optional.Snapdo, HKU\S-1-5-21-3299499388-507950971-3432295107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJ_l4MkPpONrsnaOi2aKJtss8TtA0GPrLhjCU0ALyib4jnlq109wosoT5F3TUS5eDDBEVsm9WlbCJFlcWYKrfpB9DipEMvosDUOqnmrEE1xLL646Penf6gjruOKEuDU0hyggl6E55d-bHbV4ytN2XwtR4MQA,,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJ_l4MkPpONrsnaOi2aKJtss8TtA0GPrLhjCU0ALyib4jnlq109wosoT5F3TUS5eDDBEVsm9WlbCJFlcWYKrfpB9DipEMvosDUOqnmrEE1xLL646Penf6gjruOKEuDU0hyggl6E55d-bHbV4ytN2XwtR4MQA,,&q={searchTerms}),Ersetzt,[0c3b39b7ef8c9a9cc22e32d4e61fc13f] PUP.Optional.SnapDo.A, HKU\S-1-5-21-3299499388-507950971-3432295107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJ_l4MkPpONrsnaOi2aKJtss8TtA0GPrLhjCU0ALyib4jnlq109wosoT5F3TUS5eDDBEVsm9WlbCJFlcWYKrfpB9DipEMvosDUOqnmrEE1xLL646Penf6gjruOKEuDU0hyggl6E55d-bHbV4ytN2XwtR4MQA,,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJ_l4MkPpONrsnaOi2aKJtss8TtA0GPrLhjCU0ALyib4jnlq109wosoT5F3TUS5eDDBEVsm9WlbCJFlcWYKrfpB9DipEMvosDUOqnmrEE1xLL646Penf6gjruOKEuDU0hyggl6E55d-bHbV4ytN2XwtR4MQA,,&q={searchTerms}),Ersetzt,[cb7c965a5922dd59a4e4a65753b1e917] Ordner: 131 PUP.Optional.RegCleanPro.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro, In Quarantäne, [52f523cd46351e189c5273ae7b884eb2], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect, Löschen bei Neustart, [90b715dbf7848da95fea74e60cf835cb], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main, Löschen bei Neustart, [90b715dbf7848da95fea74e60cf835cb], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\bin, Löschen bei Neustart, [90b715dbf7848da95fea74e60cf835cb], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\rep, In Quarantäne, [90b715dbf7848da95fea74e60cf835cb], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect, Löschen bei Neustart, [90b715dbf7848da95fea74e60cf835cb], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin, Löschen bei Neustart, [90b715dbf7848da95fea74e60cf835cb], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\rep, In Quarantäne, [90b715dbf7848da95fea74e60cf835cb], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI, Löschen bei Neustart, [90b715dbf7848da95fea74e60cf835cb], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\bin, Löschen bei Neustart, [90b715dbf7848da95fea74e60cf835cb], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs, In Quarantäne, [90b715dbf7848da95fea74e60cf835cb], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Consent, In Quarantäne, [90b715dbf7848da95fea74e60cf835cb], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images, In Quarantäne, [90b715dbf7848da95fea74e60cf835cb], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs, In Quarantäne, [90b715dbf7848da95fea74e60cf835cb], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protection, In Quarantäne, [90b715dbf7848da95fea74e60cf835cb], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS, In Quarantäne, [90b715dbf7848da95fea74e60cf835cb], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\settings, In Quarantäne, [90b715dbf7848da95fea74e60cf835cb], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall, In Quarantäne, [90b715dbf7848da95fea74e60cf835cb], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\rep, In Quarantäne, [90b715dbf7848da95fea74e60cf835cb], PUP.Optional.SmartBar.A, C:\Users\Minnich\AppData\Local\Smartbar, In Quarantäne, [55f26a8628538ea88932c3132ad8d729], PUP.Optional.SmartBar.A, C:\Users\Minnich\AppData\Local\Smartbar\Application, In Quarantäne, [55f26a8628538ea88932c3132ad8d729], PUP.Optional.RegCleanerPro.A, C:\Users\Minnich\AppData\Roaming\Systweak\RegClean Pro, In Quarantäne, [05425799255687afeb6d2cab22e0e818], PUP.Optional.RegCleanerPro.A, C:\Users\Minnich\AppData\Roaming\Systweak\RegClean Pro\Version 6.1, In Quarantäne, [05425799255687afeb6d2cab22e0e818], PUP.Optional.RegCleanerPro.A, C:\Users\Minnich\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\Partial Backups, In Quarantäne, [05425799255687afeb6d2cab22e0e818], PUP.Optional.RegCleanerPro.A, C:\Users\Minnich\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\voice, In Quarantäne, [05425799255687afeb6d2cab22e0e818], PUP.Optional.RegCleanerPro.A, C:\Users\Minnich\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\voice\de, In Quarantäne, [05425799255687afeb6d2cab22e0e818], PUP.Optional.SearchProtect.A, C:\Users\Minnich\AppData\Local\SearchProtect, Löschen bei Neustart, [4ef9e709e992ca6c34616b8154ae817f], PUP.Optional.SearchProtect.A, C:\Users\Minnich\AppData\Local\SearchProtect\SearchProtect, Löschen bei Neustart, [4ef9e709e992ca6c34616b8154ae817f], PUP.Optional.SearchProtect.A, C:\Users\Minnich\AppData\Local\SearchProtect\SearchProtect\rep, In Quarantäne, [4ef9e709e992ca6c34616b8154ae817f], PUP.Optional.SearchProtect.A, C:\Users\Minnich\AppData\Local\SearchProtect\SearchProtect\STG, In Quarantäne, [4ef9e709e992ca6c34616b8154ae817f], PUP.Optional.SearchProtect.A, C:\Users\Minnich\AppData\Local\SearchProtect\UI, In Quarantäne, [4ef9e709e992ca6c34616b8154ae817f], PUP.Optional.SearchProtect.A, C:\Users\Minnich\AppData\Local\SearchProtect\UI\rep, In Quarantäne, [4ef9e709e992ca6c34616b8154ae817f], PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4], PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\chrome, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4], PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\chrome\content, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4], PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\chrome\content\include, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4], PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\chrome\content\include\tools, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4], PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\chrome\content\js, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4], PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\chrome\content\js\lib, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4], PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\chrome\content\js\module, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4], PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\chrome\content\js\pack, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4], PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\chrome\locale, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4], PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\chrome\locale\en, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4], PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\chrome\locale\en-US, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4], PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\chrome\locale\es, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4], PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\chrome\locale\es-419, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4], PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\chrome\locale\fr, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4], PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\chrome\locale\fr-BE, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4], PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\chrome\locale\fr-CA, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4], PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\chrome\locale\fr-CH, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4], PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\chrome\locale\fr-LU, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4], PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\chrome\locale\it, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4], PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\chrome\locale\it-CH, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4], PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\chrome\locale\pl, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4], PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\chrome\locale\pt-BR, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4], PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\chrome\locale\ru, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4], PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\chrome\locale\ru-MO, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4], PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\chrome\locale\tr, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4], PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\chrome\locale\vi, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4], PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\chrome\locale\zh-CN, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4], PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\chrome\locale\zh-TW, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4], PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\chrome\skin, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4], PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\defaults, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4], PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\defaults\preferences, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4], PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\modules, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4], PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect, In Quarantäne, [e067ee02b4c7122441c3dc13eb179f61], PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\log, In Quarantäne, [e067ee02b4c7122441c3dc13eb179f61], PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\update, In Quarantäne, [e067ee02b4c7122441c3dc13eb179f61], PUP.Optional.SystemSpeedup, C:\Users\Minnich\AppData\Roaming\Systweak\ssd, In Quarantäne, [89bec22ecface74f119558973ec4bf41], PUP.Optional.Fabulous.Discounts.T, C:\Users\Minnich\AppData\Local\fabulous_09031318, In Quarantäne, [e76048a8dd9ec17506d51ed28c7659a7], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\content, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\content\browser, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\content\data, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\content\external, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\content\newtab, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\external, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\gallery, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\icons, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\newtab, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\newtab\css, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\newtab\images, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\newtab\images\patterns, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\newtab\resources, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\plugins, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\plugins\css, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\plugins\images, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\plugins\images\chrome, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\plugins\images\favorites, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\plugins\images\info, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\plugins\resources, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\_locales, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\_locales\en-US, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\nspdlgrvrio, In Quarantäne, [2e190fe14338132349281fd370928b75], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\nspdlgrvrio\fav_thumbs, In Quarantäne, [2e190fe14338132349281fd370928b75], PUP.Optional.Adpeak.A, C:\Program Files\AllDaySavings, In Quarantäne, [e26507e982f941f54b3fcb27d72b49b7], PUP.Optional.Adpeak.A, C:\Program Files\AllDaySavings\SSL, In Quarantäne, [e26507e982f941f54b3fcb27d72b49b7], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab, In Quarantäne, [272003edf388320438ea8c69887adf21], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin, In Quarantäne, [272003edf388320438ea8c69887adf21], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\image, In Quarantäne, [272003edf388320438ea8c69887adf21], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web, In Quarantäne, [272003edf388320438ea8c69887adf21], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img, In Quarantäne, [272003edf388320438ea8c69887adf21], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js, In Quarantäne, [272003edf388320438ea8c69887adf21], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales, In Quarantäne, [272003edf388320438ea8c69887adf21], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\en-US, In Quarantäne, [272003edf388320438ea8c69887adf21], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-419, In Quarantäne, [272003edf388320438ea8c69887adf21], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-ES, In Quarantäne, [272003edf388320438ea8c69887adf21], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-BE, In Quarantäne, [272003edf388320438ea8c69887adf21], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CA, In Quarantäne, [272003edf388320438ea8c69887adf21], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CH, In Quarantäne, [272003edf388320438ea8c69887adf21], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-FR, In Quarantäne, [272003edf388320438ea8c69887adf21], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-LU, In Quarantäne, [272003edf388320438ea8c69887adf21], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-CH, In Quarantäne, [272003edf388320438ea8c69887adf21], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-IT, In Quarantäne, [272003edf388320438ea8c69887adf21], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pl, In Quarantäne, [272003edf388320438ea8c69887adf21], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt, In Quarantäne, [272003edf388320438ea8c69887adf21], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt-BR, In Quarantäne, [272003edf388320438ea8c69887adf21], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru, In Quarantäne, [272003edf388320438ea8c69887adf21], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru-MO, In Quarantäne, [272003edf388320438ea8c69887adf21], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\tr-TR, In Quarantäne, [272003edf388320438ea8c69887adf21], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\vi-VI, In Quarantäne, [272003edf388320438ea8c69887adf21], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-CN, In Quarantäne, [272003edf388320438ea8c69887adf21], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-TW, In Quarantäne, [272003edf388320438ea8c69887adf21], PUP.Optional.CrossRider.A, C:\Users\Minnich\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnanplinmmnjhobaliikmelmmjpoogkb, In Quarantäne, [ba8d8a664932f1457e422fc83ec4fb05], PUP.Optional.CrossRider.A, C:\Users\Minnich\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnanplinmmnjhobaliikmelmmjpoogkb\1.26.39_0, In Quarantäne, [ba8d8a664932f1457e422fc83ec4fb05], PUP.Optional.GenesisOffers, C:\Users\Minnich\AppData\Local\Genesis_09090540, In Quarantäne, [074099579edd0333d2f5ce2b53afca36], PUP.Optional.FLVMPlayer, C:\Program Files (x86)\FLVM Player, In Quarantäne, [d275aa4655268bab9af9feff4bb736ca], PUP.Optional.VideosMediaPlayer.A, C:\Program Files (x86)\videos MediaPlayer+, In Quarantäne, [69dee10f413ab2840b228b75c340926e], PUP.Optional.DSearchLink.A, C:\ProgramData\DSearchLink, In Quarantäne, [3710747c3e3d4fe716277888a75cd52b], PUP.Optional.AllDaySavings.A, C:\Program Files (x86)\CDC27E14-F7CE-431E-BBE0-76C7592FBEF6, Löschen bei Neustart, [8bbc618f522960d66288639e30d30ef2], |
21.09.2014, 19:33 | #9 |
| Befall von Malware (zym.tollbahsuburban.com) auf Windows 7 Professional PC MBAM Log Teil 2: Code:
ATTFilter Dateien: 418 PUP.Optional.AdPeak.A, C:\Program Files\005\cyycfhtzro64.exe, Löschen bei Neustart, [9bac09e71b60112548b69b51e02410f0], PUP.Optional.IMGUpdater.A, C:\Program Files (x86)\Common Files\IMGUpdater\IMGUpdater.exe, Löschen bei Neustart, [1334b53b205b0135699e286d7e839a66], Trojan.Agent, C:\Windows\score.exe, Löschen bei Neustart, [6dda5f91c4b779bd55546e4ff40d04fc], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe, Löschen bei Neustart, [85c2ba36d2a96bcb86bb4f4e42bf30d0], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe, Löschen bei Neustart, [70d745abe695ea4c6bd6acf171907d83], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe, Löschen bei Neustart, [bc8b6d833b405dd9073a920b857c40c0], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32.dll, Löschen bei Neustart, [390e539dee8d2b0b94ad7e1f9e637888], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll, In Quarantäne, [a3a41fd1720968cec57c7825af52629e], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll, In Quarantäne, [b592fcf4e49762d49ca5663706fba35d], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\SupTab.dll, In Quarantäne, [7fc82fc1f685f1450185117d1fe3eb15], PUP.Optional.Delta.A, C:\ProgramData\DSearchLink\DSearchLink.exe, In Quarantäne, [252258987209c67069a90ead4abafe02], PUP.Optional.HQPure.A, C:\Users\Minnich\AppData\Roaming\KWHF.exe, In Quarantäne, [f15659972f4ca690b834427890717789], PUP.Optional.NSXgen, C:\Program Files (x86)\Reimageplus.com\reiextsetup.exe, In Quarantäne, [430410e0c1ba38fece9663553bc640c0], PUP.Optional.Skytech.A, C:\Program Files (x86)\SupTab\DpInterface32.dll, In Quarantäne, [88bfeb053c3f0e28a1ed2a6c44bd0df3], PUP.Optional.Skytech.A, C:\Program Files (x86)\SupTab\DpInterface64.dll, In Quarantäne, [87c0be32ee8d91a592fc65312ed3e818], PUP.Optional.IEPluginService.A, C:\Program Files (x86)\SupTab\RSHP.exe, In Quarantäne, [7acdbe3263182016e9d275041de44cb4], PUP.Optional.Skytech.A, C:\Program Files (x86)\SupTab\SearchProtect32.dll, In Quarantäne, [44034ba5abd07eb8bdd1781e8a778c74], PUP.Optional.Skytech.A, C:\Program Files (x86)\SupTab\SearchProtect64.dll, In Quarantäne, [76d1cb25275441f5eea05e3840c18b75], PUP.Optional.IePluginService.A, C:\Program Files (x86)\SupTab\SupIePluginServiceUpdate.exe, In Quarantäne, [242313ddb3c8a88eac67bfa8976aeb15], PUP.Optional.VideosMediaPlayer.A, C:\Program Files (x86)\videos MediaPlayer+\videos MediaPlayer+-bg.exe, In Quarantäne, [57f0bd339cdfb38309598436fa07ad53], PUP.Optional.VideosMediaPlayer.A, C:\Program Files (x86)\videos MediaPlayer+\videos MediaPlayer+-bho.dll, In Quarantäne, [c18631bf2c4f4cea2b37a911d72a57a9], PUP.Optional.VideosMediaPlayer.A, C:\Program Files (x86)\videos MediaPlayer+\videos MediaPlayer+-bho64.dll, In Quarantäne, [a99ef4fc5229cd691c46ae0cbb464fb1], PUP.Optional.OptimunInstaller, C:\Users\Minnich\Downloads\javaupdate_setup.exe, In Quarantäne, [ba8d638d7209ee486b6d72d7659b48b8], PUP.Optional.DomaIQ, C:\Users\Minnich\Downloads\Setup(1).exe, In Quarantäne, [e265c32daecd73c3e5b8cd8609f7e818], PUP.Optional.DomaIQ, C:\Users\Minnich\Downloads\Setup.exe, In Quarantäne, [291e39b78bf045f1e4b9c48f1ee2b64a], PUP.Optional.SearchProtect.A, C:\Windows\AppPatch\AppPatch64\SPVCLdr64.dll, In Quarantäne, [cf78ef01710afe3870d16439a06112ee], PUP.Optional.OnlySearch.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\searchplugins\onlysearchkms.xml, In Quarantäne, [153226ca81faf83edae10aff1de69a66], PUP.Optional.Iminent.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\firefoxmini@go.im.xpi, In Quarantäne, [182f8a66a2d90531b011c9427d864db3], PUP.Optional.RegCleanerPro, C:\Windows\System32\Tasks\ASP, In Quarantäne, [86c135bbdba0a88e31aedf2dbe4553ad], PUP.Optional.IStartSurf.A, C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\istartsurf.xml, In Quarantäne, [98aff9f7651648ee1af042cb907333cd], PUP.Optional.Proxy.A, C:\Users\Minnich\AppData\Local\proxy.log, In Quarantäne, [2324b838ee8df145bb768489778c9769], PUP.Optional.Sanbreel.A, C:\Windows\System32\drivers\{c5e48979-bd7f-4cf7-9b73-2482a67a4f37}Gw64.sys, In Quarantäne, [c285b33d02792313121220f08d7639c7], PUP.Optional.Sanbreel.A, C:\Windows\System32\drivers\{e6ca9971-30ed-444a-9489-82fca50b2062}Gw64.sys, In Quarantäne, [c97e9f5182f90036d84c13fd6c97f808], PUP.Optional.RegCleanPro.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro\Register RegClean Pro.lnk, In Quarantäne, [52f523cd46351e189c5273ae7b884eb2], PUP.Optional.RegCleanPro.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro\RegClean Pro entfernen.lnk, In Quarantäne, [52f523cd46351e189c5273ae7b884eb2], PUP.Optional.RegCleanPro.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro\RegClean Pro.lnk, In Quarantäne, [52f523cd46351e189c5273ae7b884eb2], PUP.Optional.Iminent.A, C:\Program Files (x86)\Common Files\Umbrella\Umbrella268.exe, In Quarantäne, [113647a9196288ae44b8cd5f689b15eb], PUP.Optional.Iminent.A, C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\StartWeb.xml, In Quarantäne, [3c0be7093348de58f45744f56a9921df], PUP.Optional.MyStartTB.A, C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\mystarttb.xml, In Quarantäne, [54f3549c87f4ef47be93a991af54b44c], PUP.Optional.Iminent.A, C:\Program Files (x86)\Mozilla Firefox\defaults\pref\all-iminent.js, In Quarantäne, [c48346aa611a7bbb4e58f85551b3d62a], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\EULA.txt, In Quarantäne, [90b715dbf7848da95fea74e60cf835cb], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\bin\SPTool.dll, In Quarantäne, [90b715dbf7848da95fea74e60cf835cb], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\bin\uninstall.exe, In Quarantäne, [90b715dbf7848da95fea74e60cf835cb], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\rep\SystemRepository.dat, In Quarantäne, [90b715dbf7848da95fea74e60cf835cb], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPTool64.exe, In Quarantäne, [90b715dbf7848da95fea74e60cf835cb], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64.dll, In Quarantäne, [90b715dbf7848da95fea74e60cf835cb], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\settings.html, In Quarantäne, [90b715dbf7848da95fea74e60cf835cb], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\style.css, In Quarantäne, [90b715dbf7848da95fea74e60cf835cb], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Consent\consent.css, In Quarantäne, [90b715dbf7848da95fea74e60cf835cb], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Consent\consent.html, In Quarantäne, [90b715dbf7848da95fea74e60cf835cb], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Consent\consent.js, In Quarantäne, [90b715dbf7848da95fea74e60cf835cb], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Consent\defaults.js, In Quarantäne, [90b715dbf7848da95fea74e60cf835cb], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgUninstall.png, In Quarantäne, [90b715dbf7848da95fea74e60cf835cb], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez-def-grey.png, In Quarantäne, [90b715dbf7848da95fea74e60cf835cb], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-default.png, In Quarantäne, [90b715dbf7848da95fea74e60cf835cb], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-onclick.png, In Quarantäne, [90b715dbf7848da95fea74e60cf835cb], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-Rollover.png, In Quarantäne, [90b715dbf7848da95fea74e60cf835cb], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg-dia.png, In Quarantäne, [90b715dbf7848da95fea74e60cf835cb], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg-uninstall.png, In Quarantäne, [90b715dbf7848da95fea74e60cf835cb], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg-with-logo.png, In Quarantäne, [90b715dbf7848da95fea74e60cf835cb], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg.png, In Quarantäne, [90b715dbf7848da95fea74e60cf835cb], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgNotif.png, In Quarantäne, [90b715dbf7848da95fea74e60cf835cb], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgSettings.png, In Quarantäne, [90b715dbf7848da95fea74e60cf835cb], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgSettingsDS.png, In Quarantäne, [90b715dbf7848da95fea74e60cf835cb], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnBlue.png, In Quarantäne, [90b715dbf7848da95fea74e60cf835cb], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnClose.png, In Quarantäne, [90b715dbf7848da95fea74e60cf835cb], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnSilver.png, In Quarantäne, [90b715dbf7848da95fea74e60cf835cb], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\button-bg.png, In Quarantäne, [90b715dbf7848da95fea74e60cf835cb], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox.png, In Quarantäne, [90b715dbf7848da95fea74e60cf835cb], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox_checked.png, In Quarantäne, [90b715dbf7848da95fea74e60cf835cb], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox_def.png, In Quarantäne, [90b715dbf7848da95fea74e60cf835cb], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\close-win-def.png, In Quarantäne, [90b715dbf7848da95fea74e60cf835cb], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\close-win-over-click.png, In Quarantäne, [90b715dbf7848da95fea74e60cf835cb], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\gray-bg.png, In Quarantäne, [90b715dbf7848da95fea74e60cf835cb], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez-def.png, In Quarantäne, [90b715dbf7848da95fea74e60cf835cb], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez-selected.png, In Quarantäne, [90b715dbf7848da95fea74e60cf835cb], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez.png, In Quarantäne, [90b715dbf7848da95fea74e60cf835cb], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\icon-win.png, In Quarantäne, [90b715dbf7848da95fea74e60cf835cb], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\info-icon.png, In Quarantäne, [90b715dbf7848da95fea74e60cf835cb], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\menu-rollover.png, In Quarantäne, [90b715dbf7848da95fea74e60cf835cb], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\menu-selected.png, In Quarantäne, [90b715dbf7848da95fea74e60cf835cb], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button-def.png, In Quarantäne, [90b715dbf7848da95fea74e60cf835cb], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button-selected.png, In Quarantäne, [90b715dbf7848da95fea74e60cf835cb], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button.png, In Quarantäne, [90b715dbf7848da95fea74e60cf835cb], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button2.png, In Quarantäne, [90b715dbf7848da95fea74e60cf835cb], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Settings-icon.png, In Quarantäne, [90b715dbf7848da95fea74e60cf835cb], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\SP_DialogBG.png, In Quarantäne, [90b715dbf7848da95fea74e60cf835cb], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\text-field.png, In Quarantäne, [90b715dbf7848da95fea74e60cf835cb], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\v.png, In Quarantäne, [90b715dbf7848da95fea74e60cf835cb], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\x.png, In Quarantäne, [90b715dbf7848da95fea74e60cf835cb], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\defaults.js, In Quarantäne, [90b715dbf7848da95fea74e60cf835cb], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\dialogUtils.js, In Quarantäne, [90b715dbf7848da95fea74e60cf835cb], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\jquery.1.7.1.min.js, In Quarantäne, [90b715dbf7848da95fea74e60cf835cb], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\json2.min.js, In Quarantäne, [90b715dbf7848da95fea74e60cf835cb], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\main.js, In Quarantäne, [90b715dbf7848da95fea74e60cf835cb], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\SPDialogAPI.js, In Quarantäne, [90b715dbf7848da95fea74e60cf835cb], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\defaults.js, In Quarantäne, [90b715dbf7848da95fea74e60cf835cb], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.css, In Quarantäne, [90b715dbf7848da95fea74e60cf835cb], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.html, In Quarantäne, [90b715dbf7848da95fea74e60cf835cb], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.js, In Quarantäne, [90b715dbf7848da95fea74e60cf835cb], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\defaults.js, In Quarantäne, [90b715dbf7848da95fea74e60cf835cb], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.css, In Quarantäne, [90b715dbf7848da95fea74e60cf835cb], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.html, In Quarantäne, [90b715dbf7848da95fea74e60cf835cb], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.js, In Quarantäne, [90b715dbf7848da95fea74e60cf835cb], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\defaults.js, In Quarantäne, [90b715dbf7848da95fea74e60cf835cb], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.css, In Quarantäne, [90b715dbf7848da95fea74e60cf835cb], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.html, In Quarantäne, [90b715dbf7848da95fea74e60cf835cb], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.js, In Quarantäne, [90b715dbf7848da95fea74e60cf835cb], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\defaults.js, In Quarantäne, [90b715dbf7848da95fea74e60cf835cb], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.css, In Quarantäne, [90b715dbf7848da95fea74e60cf835cb], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.html, In Quarantäne, [90b715dbf7848da95fea74e60cf835cb], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.js, In Quarantäne, [90b715dbf7848da95fea74e60cf835cb], PUP.Optional.SearchProtect, C:\Windows\AppPatch\Custom\Custom64\{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb, In Quarantäne, [5dea04ec4c2fef47baea90e4a0644fb1], PUP.Optional.Adpeak.A, C:\Program Files (x86)\CDC27E14-F7CE-431E-BBE0-76C7592FBEF6\etmajyzoqm64.exe, Löschen bei Neustart, [0e39ea06a6d5a49222cb947c956e748c], PUP.Optional.SmartBar.A, C:\Users\Minnich\AppData\Local\Smartbar\Application\SmartbarInternetExplorerBHO.dll, In Quarantäne, [55f26a8628538ea88932c3132ad8d729], PUP.Optional.RegCleanerPro.A, C:\Users\Minnich\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\backup0.bin, In Quarantäne, [05425799255687afeb6d2cab22e0e818], PUP.Optional.RegCleanerPro.A, C:\Users\Minnich\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\backup3.bin, In Quarantäne, [05425799255687afeb6d2cab22e0e818], PUP.Optional.RegCleanerPro.A, C:\Users\Minnich\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\backup4.bin, In Quarantäne, [05425799255687afeb6d2cab22e0e818], PUP.Optional.RegCleanerPro.A, C:\Users\Minnich\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\backup6.bin, In Quarantäne, [05425799255687afeb6d2cab22e0e818], PUP.Optional.RegCleanerPro.A, C:\Users\Minnich\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\ExcludeList.rcp, In Quarantäne, [05425799255687afeb6d2cab22e0e818], PUP.Optional.RegCleanerPro.A, C:\Users\Minnich\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\German_rcp.dat, In Quarantäne, [05425799255687afeb6d2cab22e0e818], PUP.Optional.RegCleanerPro.A, C:\Users\Minnich\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\log_09-03-2014.log, In Quarantäne, [05425799255687afeb6d2cab22e0e818], PUP.Optional.RegCleanerPro.A, C:\Users\Minnich\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\rcpupdate.ini, In Quarantäne, [05425799255687afeb6d2cab22e0e818], PUP.Optional.RegCleanerPro.A, C:\Users\Minnich\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\results.rcp, In Quarantäne, [05425799255687afeb6d2cab22e0e818], PUP.Optional.RegCleanerPro.A, C:\Users\Minnich\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\TempHLList.rcp, In Quarantäne, [05425799255687afeb6d2cab22e0e818], PUP.Optional.RegCleanerPro.A, C:\Users\Minnich\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\Partial Backups\00000001.rmx, In Quarantäne, [05425799255687afeb6d2cab22e0e818], PUP.Optional.RegCleanerPro.A, C:\Users\Minnich\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\Partial Backups\00000001.rxb, In Quarantäne, [05425799255687afeb6d2cab22e0e818], PUP.Optional.RegCleanerPro.A, C:\Users\Minnich\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\voice\de\voice.wav, In Quarantäne, [05425799255687afeb6d2cab22e0e818], PUP.Optional.SearchProtect.A, C:\Users\Minnich\AppData\Local\SearchProtect\SearchProtect\rep\UserRepository.dat, In Quarantäne, [4ef9e709e992ca6c34616b8154ae817f], PUP.Optional.SearchProtect.A, C:\Users\Minnich\AppData\Local\SearchProtect\SearchProtect\rep\UserSettings.dat, In Quarantäne, [4ef9e709e992ca6c34616b8154ae817f], PUP.Optional.SearchProtect.A, C:\Users\Minnich\AppData\Local\SearchProtect\UI\rep\UIRepository.dat, In Quarantäne, [4ef9e709e992ca6c34616b8154ae817f], PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\chrome.manifest, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4], PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\install.rdf, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4], PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\chrome\content\index.html, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4], PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\chrome\content\quick_start.js, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4], PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\chrome\content\quick_start.xul, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4], PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\chrome\content\include\speed_dial.js, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4], PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\chrome\content\include\tools\about_blank_hook.js, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4], PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\chrome\content\include\tools\misc.js, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4], PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\chrome\content\include\tools\popup_image_helper.js, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4], PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\chrome\content\include\tools\urlrequestor.js, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4], PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\chrome\content\js\js.js, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4], PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\chrome\content\js\lib\doT.min.js, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4], PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\chrome\content\js\lib\jquery-2.1.0.min.js, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4], PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\chrome\content\js\lib\jquery.autocomplete.js, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4], PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\chrome\content\js\module\hotSearch.js, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4], PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\chrome\content\js\module\mostgrid.js, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4], PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\chrome\content\js\module\search.js, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4], PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\chrome\content\js\module\stat.js, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4], PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\chrome\content\js\pack\common.js, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4], PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\chrome\content\js\pack\ga.js, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4], PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\chrome\content\js\pack\xagainit.js, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4], PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\chrome\locale\en\locale.properties, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4], PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\chrome\locale\en-US\locale.properties, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4], PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\chrome\locale\es\locale.properties, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4], PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\chrome\locale\es-419\locale.properties, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4], PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\chrome\locale\fr\locale.properties, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4], PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\chrome\locale\fr-BE\locale.properties, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4], PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\chrome\locale\fr-CA\locale.properties, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4], PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\chrome\locale\fr-CH\locale.properties, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4], PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\chrome\locale\fr-LU\locale.properties, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4], PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\chrome\locale\it\locale.properties, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4], PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\chrome\locale\it-CH\locale.properties, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4], PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\chrome\locale\pl\locale.properties, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4], PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\chrome\locale\pt-BR\locale.properties, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4], PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\chrome\locale\ru\locale.properties, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4], PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\chrome\locale\ru-MO\locale.properties, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4], PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\chrome\locale\tr\locale.properties, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4], PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\chrome\locale\vi\locale.properties, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4], PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\chrome\locale\zh-CN\locale.properties, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4], PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\chrome\locale\zh-TW\locale.properties, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4], PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\chrome\skin\default_logo.png, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4], PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\chrome\skin\googlelogo.png, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4], PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\chrome\skin\google_trends.png, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4], PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\chrome\skin\icon.png, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4], PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\chrome\skin\loading.gif, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4], PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\chrome\skin\logo.png, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4], PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\chrome\skin\newtab.ico, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4], PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\chrome\skin\simple.css, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4], PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\chrome\skin\style.css, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4], PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\defaults\preferences\fvd.js, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4], PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\defaults\preferences\preferences.js, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4], PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\modules\addonmanager.js, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4], PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\modules\aes.js, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4], PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\modules\config.js, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4], PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\modules\dialogs.js, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4], PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\modules\last_tab.js, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4], PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\modules\misc.js, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4], PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\modules\properties.js, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4], PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\modules\remoterequest.js, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4], PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\modules\restoreprefs.js, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4], PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\modules\settings.js, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4], PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\log\ProtectWindowsManager_2014-09-03[15-41-58-052].log, In Quarantäne, [e067ee02b4c7122441c3dc13eb179f61], PUP.Optional.SystemSpeedup, C:\Users\Minnich\AppData\Roaming\Systweak\ssd\SSDPTstub.exe, In Quarantäne, [89bec22ecface74f119558973ec4bf41], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\bootstrap.js, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\chrome.manifest, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\install.rdf, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\content\browser\background.9.5.7.jsm, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\content\browser\background.js, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\content\browser\browser.js, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\content\browser\header.9.5.7.jsm, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\content\browser\header.js, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\content\browser\timer.jsm, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\content\data\favorites_de.json, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\content\data\favorites_en-gb.json, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\content\data\favorites_en_us.json, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\content\data\favorites_fr.json, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\content\data\favorites_he.json, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\content\data\favorites_it.json, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\content\data\favorites_pt-br.json, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\content\data\favorites_ru.json, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\content\data\favorites_tr.json, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\content\external\crypto-js.js, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\content\external\jquery-2.1.0.min.js, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\content\external\jquery.autocomplete.min.js, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\content\external\jquery.balloon.min.js, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\content\external\jquery.fittext.js, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\content\external\jquery.Jcrop.min.js, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\content\external\jquery.simplecolorpicker.min.js, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\content\external\mustache.min.js, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\content\external\string.min.js, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\content\external\underscore-min.js, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\content\newtab\gallery.html, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\content\newtab\gallery.min.js, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\content\newtab\newtab.html, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\content\newtab\newtab.min.js, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\external\foundation.min.css, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\external\indicator.gif, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\external\Jcrop.gif, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\external\jquery.autocomplete.css, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\external\jquery.Jcrop.min.css, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\external\jquery.simplecolorpicker.css, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\external\normalize.css, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\gallery\arrow-gallery-cat-selected.png, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\gallery\arrow.png, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\gallery\emptyArea.png, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\gallery\gallery.css, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\gallery\gallery_templates.html, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\gallery\icon-gallery-search.png, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\gallery\not_available_32.png, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\gallery\plus.png, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\gallery\X.png, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\icons\16.png, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\icons\32.png, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\icons\64.png, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\newtab\css\buttons.css, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\newtab\css\footer.css, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\newtab\css\header.css, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\newtab\css\list.css, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\newtab\css\newtab.css, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\newtab\css\search.css, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\newtab\css\themes.css, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\newtab\images\ajax-loader-2.gif, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\newtab\images\ajax-loader-bar.gif, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\newtab\images\ajax-loader-medium.gif, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\newtab\images\ajax-loader-small.gif, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\newtab\images\ajax-loader.gif, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\newtab\images\arrow-footer.png, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\newtab\images\arrow-header.png, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\newtab\images\attachment.png, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\newtab\images\close-bar2.png, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\newtab\images\close.png, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\newtab\images\edit-button.png, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\newtab\images\icon-apps-dark.png, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\newtab\images\icon-apps.png, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\newtab\images\icon-close.png, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\newtab\images\icon-contents-light.png, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\newtab\images\icon-contents.png, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\newtab\images\icon-edit.png, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\newtab\images\icon-layout.png, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\newtab\images\icon-plus-dark.png, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\newtab\images\icon-plus.png, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\newtab\images\icon-right.png, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\newtab\images\icon-search.png, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\newtab\images\icon-settings.png, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\newtab\images\icon-theme.png, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\newtab\images\menu_v.png, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\newtab\images\menu_v_white.png, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\newtab\images\x-button.png, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\newtab\images\patterns\arab_tile.png, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\newtab\images\patterns\batthern_@2X.png, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\newtab\images\patterns\bo_play_pattern_@2X.png, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\newtab\images\patterns\dark_wood_@2X.jpg, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\newtab\images\patterns\diagonal_striped_brick.png, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\newtab\images\patterns\escheresque_ste_@2X.png, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\newtab\images\patterns\gold_scale.png, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\newtab\images\patterns\purty_wood_@2X.jpg, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\newtab\images\patterns\readme.txt, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\newtab\images\patterns\starring_@2X.png, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\newtab\images\patterns\tileable_wood_texture_@2X.jpg, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\newtab\images\patterns\weave_@2X.png, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\newtab\images\patterns\wild_oliva_@2X.jpg, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\newtab\images\patterns\woven.png, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\newtab\resources\groups.html, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\newtab\resources\list.html, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\newtab\resources\menu.html, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\plugins\css\activetabs.css, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\plugins\css\favorites.css, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\plugins\css\layout.css, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\plugins\css\modal-fav-add.css, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\plugins\css\modal-fav-edit.css, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\plugins\css\modal-fav-group.css, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\plugins\css\readitlater.css, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\plugins\css\recentlyclosed.css, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\plugins\css\theme.css, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\plugins\css\webapps.css, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\plugins\images\chrome\bookmarks.png, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\plugins\images\chrome\download.png, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\plugins\images\chrome\downloads.png, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\plugins\images\chrome\downloas.png, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\plugins\images\chrome\extensions.png, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\plugins\images\chrome\history.png, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\plugins\images\chrome\settings.png, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\plugins\images\chrome\trash.png, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\plugins\images\favorites\empty.png, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\plugins\images\favorites\error.png, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\plugins\images\favorites\shadow.png, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\plugins\images\info\contactus.png, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\plugins\images\info\facebook.ico, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\plugins\images\info\rateus.png, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\plugins\images\info\twitter.ico, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\plugins\resources\activetabs.html, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\plugins\resources\favorites.html, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\plugins\resources\layout.html, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\plugins\resources\modal-fav-add.html, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\plugins\resources\modal-fav-edit.html, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\plugins\resources\modal-fav-group.html, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\plugins\resources\readitlater.html, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\plugins\resources\readitlater_content.html, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\plugins\resources\readitlater_menu.html, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\plugins\resources\recentlyclosed.html, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\plugins\resources\theme.html, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\plugins\resources\webapps.html, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\plugins\resources\webapps_contextmenu.html, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\_locales\en-US\translations.dtd, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\nspdlgrvrio\fav-groups, In Quarantäne, [2e190fe14338132349281fd370928b75], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\nspdlgrvrio\favs##e772710adb81c6d279f230dc32cb4135, In Quarantäne, [2e190fe14338132349281fd370928b75], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\nspdlgrvrio\redirects, In Quarantäne, [2e190fe14338132349281fd370928b75], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\nspdlgrvrio\fav_thumbs\855c31e799b8ea47263c5f03576135c7, In Quarantäne, [2e190fe14338132349281fd370928b75], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\nspdlgrvrio\fav_thumbs\0ebbe2ca1048db1f9f7eb86fcb5a86ab, In Quarantäne, [2e190fe14338132349281fd370928b75], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\nspdlgrvrio\fav_thumbs\129ba1f18a30101036f2a44edc8158a7, In Quarantäne, [2e190fe14338132349281fd370928b75], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\nspdlgrvrio\fav_thumbs\2128d6ad825134ff6be62c16bf06685f, In Quarantäne, [2e190fe14338132349281fd370928b75], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\nspdlgrvrio\fav_thumbs\58bf1114897c81e4ddfa70bfc953d334, In Quarantäne, [2e190fe14338132349281fd370928b75], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\nspdlgrvrio\fav_thumbs\6a7a1d99b0843521668176547a9270d9, In Quarantäne, [2e190fe14338132349281fd370928b75], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\nspdlgrvrio\fav_thumbs\6c89ae1b8607d2e435e2bb60d5d11dad, In Quarantäne, [2e190fe14338132349281fd370928b75], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\nspdlgrvrio\fav_thumbs\6dff9f32ff79e1b286ccb5bde1202dfb, In Quarantäne, [2e190fe14338132349281fd370928b75], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\nspdlgrvrio\fav_thumbs\6f759a4bd3cad59498a470569a16e7f0, In Quarantäne, [2e190fe14338132349281fd370928b75], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\nspdlgrvrio\fav_thumbs\9623fed0cb0405769fa92250d3a7847c, In Quarantäne, [2e190fe14338132349281fd370928b75], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\nspdlgrvrio\fav_thumbs\986b3987ac2891f56a84449ccf1ed50b, In Quarantäne, [2e190fe14338132349281fd370928b75], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\nspdlgrvrio\fav_thumbs\9d0ef6f05a61e592bd30126b65f06399, In Quarantäne, [2e190fe14338132349281fd370928b75], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\nspdlgrvrio\fav_thumbs\c968bf6abf6d2f76c8cf6938e8761f42, In Quarantäne, [2e190fe14338132349281fd370928b75], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\nspdlgrvrio\fav_thumbs\cfc7e49dd22193d90fb50d245b1f6c90, In Quarantäne, [2e190fe14338132349281fd370928b75], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\nspdlgrvrio\fav_thumbs\e0a63eb99d3922f986330f66c05b97de, In Quarantäne, [2e190fe14338132349281fd370928b75], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\nspdlgrvrio\fav_thumbs\e790cf7a56c57d597a2ebc9dc36aeffa, In Quarantäne, [2e190fe14338132349281fd370928b75], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\HpUI.exe, In Quarantäne, [272003edf388320438ea8c69887adf21], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\ient.json, In Quarantäne, [272003edf388320438ea8c69887adf21], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\install.data, In Quarantäne, [272003edf388320438ea8c69887adf21], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\Loader32.exe, In Quarantäne, [272003edf388320438ea8c69887adf21], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\Loader64.exe, In Quarantäne, [272003edf388320438ea8c69887adf21], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\msvcp110.dll, In Quarantäne, [272003edf388320438ea8c69887adf21], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\msvcr110.dll, In Quarantäne, [272003edf388320438ea8c69887adf21], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\uninstall.exe, In Quarantäne, [272003edf388320438ea8c69887adf21], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\WindowsSupportDll32.dll, In Quarantäne, [272003edf388320438ea8c69887adf21], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\WindowsSupportDll64.dll, In Quarantäne, [272003edf388320438ea8c69887adf21], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\bk_shadow.png, In Quarantäne, [272003edf388320438ea8c69887adf21], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\btn.png, In Quarantäne, [272003edf388320438ea8c69887adf21], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\close.png, In Quarantäne, [272003edf388320438ea8c69887adf21], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\main.xml, In Quarantäne, [272003edf388320438ea8c69887adf21], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\main.xml.bak, In Quarantäne, [272003edf388320438ea8c69887adf21], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\image\ck_box.png, In Quarantäne, [272003edf388320438ea8c69887adf21], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\image\ck_check.png, In Quarantäne, [272003edf388320438ea8c69887adf21], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\image\radio_bk.png, In Quarantäne, [272003edf388320438ea8c69887adf21], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\image\radio_check.png, In Quarantäne, [272003edf388320438ea8c69887adf21], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\data.html, In Quarantäne, [272003edf388320438ea8c69887adf21], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\indexIE.html, In Quarantäne, [272003edf388320438ea8c69887adf21], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\indexIE8.html, In Quarantäne, [272003edf388320438ea8c69887adf21], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\main.css, In Quarantäne, [272003edf388320438ea8c69887adf21], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\ver.txt, In Quarantäne, [272003edf388320438ea8c69887adf21], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\google_trends.png, In Quarantäne, [272003edf388320438ea8c69887adf21], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\icon128.png, In Quarantäne, [272003edf388320438ea8c69887adf21], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\icon16.png, In Quarantäne, [272003edf388320438ea8c69887adf21], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\icon48.png, In Quarantäne, [272003edf388320438ea8c69887adf21], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\loading.gif, In Quarantäne, [272003edf388320438ea8c69887adf21], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\logo32.ico, In Quarantäne, [272003edf388320438ea8c69887adf21], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\common.js, In Quarantäne, [272003edf388320438ea8c69887adf21], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\ga.js, In Quarantäne, [272003edf388320438ea8c69887adf21], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\jquery-1.11.0.min.js, In Quarantäne, [272003edf388320438ea8c69887adf21], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\jquery.autocomplete.js, In Quarantäne, [272003edf388320438ea8c69887adf21], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\js.js, In Quarantäne, [272003edf388320438ea8c69887adf21], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\library.js, In Quarantäne, [272003edf388320438ea8c69887adf21], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\xagainit-ie8.js, In Quarantäne, [272003edf388320438ea8c69887adf21], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\xagainit2.0.js, In Quarantäne, [272003edf388320438ea8c69887adf21], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\en-US\messages.json, In Quarantäne, [272003edf388320438ea8c69887adf21], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-419\messages.json, In Quarantäne, [272003edf388320438ea8c69887adf21], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-ES\messages.json, In Quarantäne, [272003edf388320438ea8c69887adf21], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-BE\messages.json, In Quarantäne, [272003edf388320438ea8c69887adf21], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CA\messages.json, In Quarantäne, [272003edf388320438ea8c69887adf21], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CH\messages.json, In Quarantäne, [272003edf388320438ea8c69887adf21], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-FR\messages.json, In Quarantäne, [272003edf388320438ea8c69887adf21], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-LU\messages.json, In Quarantäne, [272003edf388320438ea8c69887adf21], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-CH\messages.json, In Quarantäne, [272003edf388320438ea8c69887adf21], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-IT\messages.json, In Quarantäne, [272003edf388320438ea8c69887adf21], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pl\messages.json, In Quarantäne, [272003edf388320438ea8c69887adf21], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt\messages.json, In Quarantäne, [272003edf388320438ea8c69887adf21], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt-BR\messages.json, In Quarantäne, [272003edf388320438ea8c69887adf21], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru\messages.json, In Quarantäne, [272003edf388320438ea8c69887adf21], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru-MO\messages.json, In Quarantäne, [272003edf388320438ea8c69887adf21], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\tr-TR\messages.json, In Quarantäne, [272003edf388320438ea8c69887adf21], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\vi-VI\messages.json, In Quarantäne, [272003edf388320438ea8c69887adf21], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-CN\messages.json, In Quarantäne, [272003edf388320438ea8c69887adf21], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-TW\messages.json, In Quarantäne, [272003edf388320438ea8c69887adf21], PUP.Optional.DSearchLink.A, C:\ProgramData\DSearchLink\Search.lnk, In Quarantäne, [3710747c3e3d4fe716277888a75cd52b], PUP.Optional.AllDaySavings.A, C:\Program Files (x86)\CDC27E14-F7CE-431E-BBE0-76C7592FBEF6\libeay32.dll, Löschen bei Neustart, [8bbc618f522960d66288639e30d30ef2], PUP.Optional.AllDaySavings.A, C:\Program Files (x86)\CDC27E14-F7CE-431E-BBE0-76C7592FBEF6\nfapi.dll, Löschen bei Neustart, [8bbc618f522960d66288639e30d30ef2], PUP.Optional.AllDaySavings.A, C:\Program Files (x86)\CDC27E14-F7CE-431E-BBE0-76C7592FBEF6\ProtocolFilters.dll, Löschen bei Neustart, [8bbc618f522960d66288639e30d30ef2], PUP.Optional.AllDaySavings.A, C:\Program Files (x86)\CDC27E14-F7CE-431E-BBE0-76C7592FBEF6\ssleay32.dll, Löschen bei Neustart, [8bbc618f522960d66288639e30d30ef2], PUP.Optional.Trovi.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\prefs.js, Gut: (), Schlecht: (user_pref("browser.newtab.url", "hxxp://www.trovi.com/?gd=&ctid=CT3331213&octid=EB_ORIGINAL_CTID&ISID=M4E3EA60A-2801-4BD7-9720-DEC41FBC6C39&SearchSource=69&CUI=&SSPV=&Lay=1&UM=6&UP=SP112CE4EF-E5BD-45FB-ABB0-95811604E4E9");), Ersetzt,[cf78589845363df991cd74c6fd08e41c] PUP.Optional.CrossRider.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.crossrider.bic", "1483bc0d82ce7c79a8696560a94538d5");), Ersetzt,[6cdb638d89f24cea2797bd7da75eef11] Physische Sektoren: 0 (No malicious items detected) (end) Code:
ATTFilter # AdwCleaner v3.310 - Bericht erstellt am 21/09/2014 um 15:40:31 # Aktualisiert 12/09/2014 von Xplode # Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits) # Benutzername : Minnich - MINNICH-PC # Gestartet von : C:\Users\Minnich\Desktop\AdwCleaner_3.310.exe # Option : Löschen ***** [ Dienste ] ***** Dienst Gelöscht : netfilter64 ***** [ Dateien / Ordner ] ***** Ordner Gelöscht : C:\TVWizard Ordner Gelöscht : C:\ProgramData\Browser Ordner Gelöscht : C:\ProgramData\Registry Helper Ordner Gelöscht : C:\ProgramData\simplitec Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InetStat Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PepperZip Ordner Gelöscht : C:\Program Files (x86)\Bench Ordner Gelöscht : C:\Program Files (x86)\globalUpdate Ordner Gelöscht : C:\Program Files (x86)\predm Ordner Gelöscht : C:\Program Files (x86)\Probit Software Ordner Gelöscht : C:\Program Files (x86)\Common Files\IMGUpdater Ordner Gelöscht : C:\Program Files (x86)\Common Files\Umbrella Ordner Gelöscht : C:\Program Files\Reimage Ordner Gelöscht : C:\Users\Administrator\AppData\Local\Chromatic Browser Ordner Gelöscht : C:\Users\Administrator\AppData\Local\torch Ordner Gelöscht : C:\Users\Minnich\AppData\Local\Chromatic Browser Ordner Gelöscht : C:\Users\Minnich\AppData\Local\globalUpdate Ordner Gelöscht : C:\Users\Minnich\AppData\Local\torch Ordner Gelöscht : C:\Users\Minnich\AppData\LocalLow\Smartbar Ordner Gelöscht : C:\Users\Minnich\AppData\Roaming\Activeris Ordner Gelöscht : C:\Users\Minnich\AppData\Roaming\ap_logs Ordner Gelöscht : C:\Users\Minnich\AppData\Roaming\Probit Software Ordner Gelöscht : C:\Users\Minnich\AppData\Roaming\rightbackup Ordner Gelöscht : C:\Users\Minnich\AppData\Roaming\simplitec Ordner Gelöscht : C:\Users\Minnich\AppData\Roaming\Systweak Ordner Gelöscht : C:\Users\Minnich\Documents\Optimizer Pro Ordner Gelöscht : C:\Users\Minnich\Documents\PC Speed Maximizer Ordner Gelöscht : C:\Users\Minnich\AppData\Local\Google\Chrome\User Data\Default\Extensions\bndmpmkpkcaipgdfamhmjdkeemneaeco Datei Gelöscht : C:\Windows\SysWOW64\RegistryHelperLM.ocx Datei Gelöscht : C:\Windows\System32\drivers\netfilter64.sys Datei Gelöscht : C:\Windows\System32\roboot64.exe Datei Gelöscht : C:\Users\Minnich\AppData\Roaming\aps.uninstall.scan.results Datei Gelöscht : C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\user.js ***** [ Tasks ] ***** Task Gelöscht : ASP Task Gelöscht : LaunchSignup ***** [ Verknüpfungen ] ***** Verknüpfung Desinfiziert : C:\Users\Minnich\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Search.lnk ***** [ Registrierungsdatenbank ] ***** Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.bandobjectattribute Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.dockingpanel Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbar Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbarbandobject Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.smartbardisplaystate Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.smartbarmenuform Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\speedupmypc Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\smartbar_rasapi32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\smartbar_rasmancs Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WajamInternetEnhancer_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WajamInternetEnhancer_RASMANCS Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{01994268-3C10-4044-A1EA-7A9C1B739A11} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5C176BA0-6FC0-4EBD-8ACF-24AC592506B6} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C3AFAA96-AC05-E73F-7C2C-592C2DDA4DDE} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{A9CAF365-EA35-45DA-BD8B-2EFA09D374AC} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C3AFAA96-AC05-E73F-7C2C-592C2DDA4DDE} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C3AFAA96-AC05-E73F-7C2C-592C2DDA4DDE} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C3AFAA96-AC05-E73F-7C2C-592C2DDA4DDE} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{62155D33-3CE2-401E-8967-5A270628A3D5} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{5C176BA0-6FC0-4EBD-8ACF-24AC592506B6} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{C3AFAA96-AC05-E73F-7C2C-592C2DDA4DDE} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{460C3D19-B3D4-4964-A550-77D263B0CCCB} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CC865B26-C31D-4D23-B17B-96548EEF03F6} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{62155D33-3CE2-401E-8967-5A270628A3D5} Schlüssel Gelöscht : HKCU\Software\AnyProtect Schlüssel Gelöscht : HKCU\Software\ClickConnect Schlüssel Gelöscht : HKCU\Software\eSupport.com Schlüssel Gelöscht : HKCU\Software\Fabulous Schlüssel Gelöscht : HKCU\Software\genesis Schlüssel Gelöscht : HKCU\Software\GlobalUpdate Schlüssel Gelöscht : HKCU\Software\InetStat Schlüssel Gelöscht : HKCU\Software\MyBestOffersToday Schlüssel Gelöscht : HKCU\Software\Optimizer Pro Schlüssel Gelöscht : HKCU\Software\Softonic Schlüssel Gelöscht : HKCU\Software\systweak Schlüssel Gelöscht : HKCU\Software\Tune Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F} Schlüssel Gelöscht : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F} Schlüssel Gelöscht : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0} Schlüssel Gelöscht : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C} Schlüssel Gelöscht : HKLM\SOFTWARE\AdvertisingSupport Schlüssel Gelöscht : HKLM\SOFTWARE\EZ Software Updater Schlüssel Gelöscht : HKLM\SOFTWARE\GlobalUpdate Schlüssel Gelöscht : HKLM\SOFTWARE\Registry Helper Schlüssel Gelöscht : HKLM\SOFTWARE\systweak Schlüssel Gelöscht : HKLM\SOFTWARE\Tune Schlüssel Gelöscht : HKLM\SOFTWARE\Tutorials Schlüssel Gelöscht : HKLM\SOFTWARE\Uniblue Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RegClean Pro_is1 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\AllDaySavings Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467 ***** [ Browser ] ***** -\\ Internet Explorer v11.0.9600.17280 Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] -\\ Mozilla Firefox v32.0.2 (x86 de) [ Datei : C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\prefs.js ] Zeile gelöscht : user_pref("browser.newtab.url", "hxxp://www.trovi.com/?gd=&ctid=CT3331213&octid=EB_ORIGINAL_CTID&ISID=M4E3EA60A-2801-4BD7-9720-DEC41FBC6C39&SearchSource=69&CUI=&SSPV=&Lay=1&UM=6&UP=SP112CE4EF-E5BD-45F[...] Zeile gelöscht : user_pref("extensions.crossrider.bic", "1483bc0d82ce7c79a8696560a94538d5"); Zeile gelöscht : user_pref("extensions.helperbar.DockingPositionDown", false); Zeile gelöscht : user_pref("extensions.helperbar.SmartbarDisabled", false); Zeile gelöscht : user_pref("extensions.helperbar.SmartbarStateMinimaized", false); Zeile gelöscht : user_pref("extensions.helperbar.Visibility", false); Zeile gelöscht : user_pref("extensions.helperbar.backPageCapacity", 3); Zeile gelöscht : user_pref("extensions.helperbar.backPageCounter", 0); Zeile gelöscht : user_pref("extensions.helperbar.backPageDay", 3); Zeile gelöscht : user_pref("extensions.helperbar.backPageLastEvent", "1409594197345"); Zeile gelöscht : user_pref("extensions.helperbar.backPageMinInterval", 15); Zeile gelöscht : user_pref("extensions.helperbar.barcodeid", "148594"); Zeile gelöscht : user_pref("extensions.helperbar.countryiso", "de"); Zeile gelöscht : user_pref("extensions.helperbar.downloadprovider", "ob_119_ch"); Zeile gelöscht : user_pref("extensions.helperbar.externalJsFiles", "{\"d\":\"[{\\\"ExcludeDomains\\\":[\\\"snap.do\\\",\\\"snapdo.com\\\",\\\".search.yahoo.com\\\\\\/yhs\\\\\\/search?hspart=lkry\\\",\\\"www.only-apart[...] Zeile gelöscht : user_pref("extensions.helperbar.fromautoupdate", "false"); Zeile gelöscht : user_pref("extensions.helperbar.installationid", "84f4b8f1-a21b-e236-bcfd-a0f084f562de"); Zeile gelöscht : user_pref("extensions.helperbar.installdate", "03/09/2014"); Zeile gelöscht : user_pref("extensions.helperbar.iswinxp", "false"); Zeile gelöscht : user_pref("extensions.helperbar.keepAliveLastevent", "1409766997"); Zeile gelöscht : user_pref("extensions.helperbar.lastExternalJsUpdate", "1409837982711"); Zeile gelöscht : user_pref("extensions.helperbar.publisher", "shoppinghelper"); Zeile gelöscht : user_pref("extensions.m8B5c.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorobo.n[...] Zeile gelöscht : user_pref("extensions.quick_start.enable_search1", false); Zeile gelöscht : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false); Zeile gelöscht : user_pref("iminent.BirthDate", "1409742909"); Zeile gelöscht : user_pref("iminent.LayoutId", "1"); Zeile gelöscht : user_pref("iminent.ShowThankyouPixel", "0"); Zeile gelöscht : user_pref("iminent._oaZGabJJ8Q_", "{\"cpt\":0,\"cpr\":0,\"s\":0,\"es\":1}"); Zeile gelöscht : user_pref("iminent.enableToolbar", "false"); Zeile gelöscht : user_pref("iminent.enabledAds", "obsolete"); Zeile gelöscht : user_pref("iminent.externalScripts", "{\"value\":[{\"addonUid\":\"b7110a40-a16f-4a12-a411-bd0b6014905a\",\"name\":\"Superfish\",\"addonId\":2,\"url\":\"//www.superfish.com/ws/sf_main.jsp\",\"queryStri[...] Zeile gelöscht : user_pref("iminent.newtabredirect", "true"); Zeile gelöscht : user_pref("iminent.nomsi", "true"); Zeile gelöscht : user_pref("iminent.registerToolbarEvent101", "1411144780004"); Zeile gelöscht : user_pref("iminent.registerToolbarEvent102", "1410156663137"); Zeile gelöscht : user_pref("iminent.registerToolbarEvent140", "1410079337805"); Zeile gelöscht : user_pref("iminent.searchindex", "1"); Zeile gelöscht : user_pref("iminent.trackingInfo", "{\"state\":0,\"samplingRate\":0}"); Zeile gelöscht : user_pref("iminent.version", "8.38.3.2"); Zeile gelöscht : user_pref("iminent.versioning", "{\"CurrentVersion\":\"8.35.5.1\",\"InstallEventCTime\":1411144814116,\"InstallEvent\":\"True\",\"UpdateEventCTime\":1411305587814}"); -\\ Google Chrome v ************************* AdwCleaner[R0].txt - [15782 octets] - [21/09/2014 15:38:46] AdwCleaner[S0].txt - [14628 octets] - [21/09/2014 15:40:31] ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [14689 octets] ########## JRT Log: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.1.9 (09.20.2014:1) OS: Windows 7 Professional x64 Ran by Minnich on 21.09.2014 at 15:45:32,91 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\ClearThink_RASAPI32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\ClearThink_RASMANCS Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\updateClearThink_RASAPI32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\updateClearThink_RASMANCS Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\utilClearThink_RASAPI32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\utilClearThink_RASMANCS Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\ClearThink_RASAPI32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\ClearThink_RASMANCS Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\updateClearThink_RASAPI32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\updateClearThink_RASMANCS Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\utilClearThink_RASAPI32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\utilClearThink_RASMANCS Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{2B37E792-BCB1-4CE3-A0BA-E9C5B53FA524} ~~~ Files ~~~ Folders ~~~ FireFox Successfully deleted the following from C:\Users\Minnich\AppData\Roaming\mozilla\firefox\profiles\e5fvsnq2.default\prefs.js user_pref("iminent.adapters", "{\"start.iminent.com\":{\"CountryCode\":\"DE\",\"NoAds\":false,\"Status\":1,\"AdapterKey\":\"iminent\",\"v\":true,\"p\":0,\"t\":1,\"th\":1.1,\"e Emptied folder: C:\Users\Minnich\AppData\Roaming\mozilla\firefox\profiles\e5fvsnq2.default\minidumps [2 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 21.09.2014 at 15:53:38,98 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
21.09.2014, 19:35 | #10 |
| Befall von Malware (zym.tollbahsuburban.com) auf Windows 7 Professional PCFRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-09-2014 Ran by Minnich (administrator) on MINNICH-PC on 21-09-2014 15:57:10 Running from C:\Users\Minnich\Desktop Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\reader_sl.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKCU - 569F02B720D640868C23E94F03F2C832 URL = hxxp://groovorio.com/results.php?f=4&q={searchTerms}&a=grv_bndl1_14_26&cd=2XzuyEtN2Y1L1QzutDtDtCzyzyzyzyyCtB0EtCtDtDtByBzytN0D0Tzu0SzyyBzztN1L2XzutAtFtBtFtCtFtDtN1L1Czu1N1C2X1V1S1G1Q1ItC1VtCyE1VtByCtN1L1G1B1V1N2Y1L1Qzu2SyDtDyC0Dzy0CyBzytGzyyDyEyDtGzzyCzy0AtGtCyCzyyEtGtAyDtByCyDtBtByBtA0A0Bzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzztC0Fzzzz0DtByDtG0E0CtAyDtGyEtCyD0AtGzytC0AyDtG0ByEyB0EtAyBzy0DyEtD0C0F2Q&cr=1773006457&ir= BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default FF SelectedSearchEngine: Google FF Homepage: about:home FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll () FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Users\Minnich\AppData\Roaming\mozilla\plugins\np-mswmp.dll (Microsoft Corporation) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Internet Download Manager Squared - C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\Extensions\idmsq@idmsq.com [2014-09-08] FF Extension: 123b222059cb11dbb0de0800200c9a66 - C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\Extensions\{123b2220-59cb-11db-b0de-0800200c9a66} [2014-09-08] FF Extension: AF445D67154C4c69A17B7F392BCC36A3 - C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\Extensions\{AF445D67-154C-4c69-A17B-7F392BCC36A3} [2014-09-07] FF Extension: NoScript - C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-09-19] FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04] Chrome: ======= CHR Profile: C:\Users\Minnich\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (No Name) - C:\Users\Minnich\AppData\Local\Google\Chrome\User Data\Default\Extensions\bndmpmkpkcaipgdfamhmjdkeemneaeco [2014-09-03] CHR Extension: (No Name) - C:\Users\Minnich\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnjjngeaknajbdcgpfkgnonkmififhfo [2014-09-08] CHR Extension: (No Name) - C:\Users\Minnich\AppData\Local\Google\Chrome\User Data\Default\Extensions\mblbciejcodpealifnhfjbdlkedplodp [2014-09-07] CHR Extension: (No Name) - C:\Users\Minnich\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdapmeleikeppmfgadilffngabfpibok [2014-09-07] CHR Extension: (No Name) - C:\Users\Minnich\AppData\Local\Google\Chrome\User Data\Default\Extensions\mflbcmpjneookibbaeopkfcnegknkgog [2014-09-10] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 Browser7Maintenance; C:\Program Files (x86)\Browser 7 Maintenance Service\maintenanceservice.exe [118584 2014-09-12] (Deutsche Telekom AG) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.) S2 ReimageRealTimeProtector; C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.) S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 cpuz134; \??\C:\Users\Minnich\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-21 15:54 - 2014-09-21 15:54 - 00002568 _____ () C:\Users\Minnich\Desktop\JRT_anonym.txt 2014-09-21 15:53 - 2014-09-21 15:53 - 00002571 _____ () C:\Users\Minnich\Desktop\JRT.txt 2014-09-21 15:45 - 2014-09-21 15:45 - 00000000 ____D () C:\Windows\ERUNT 2014-09-21 15:44 - 2014-09-21 15:44 - 01027006 _____ (Thisisu) C:\Users\Minnich\Desktop\JRT.exe 2014-09-21 15:43 - 2014-09-21 15:43 - 00127016 _____ () C:\Users\Minnich\Desktop\mbam_anonym.txt 2014-09-21 15:42 - 2014-09-21 15:42 - 00014830 _____ () C:\Users\Minnich\Desktop\AdwCleaner[S0]_anonym.txt 2014-09-21 15:38 - 2014-09-21 15:40 - 00000000 ____D () C:\AdwCleaner 2014-09-21 15:36 - 2014-09-21 15:38 - 00127342 _____ () C:\Users\Minnich\Desktop\mbam.txt 2014-09-21 15:21 - 2014-09-21 15:35 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-09-21 15:21 - 2014-09-21 15:21 - 00001109 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-09-21 15:21 - 2014-09-21 15:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-09-21 15:21 - 2014-09-21 15:21 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-09-21 15:21 - 2014-09-21 15:21 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-09-21 15:21 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-09-21 15:21 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-09-21 15:21 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-09-21 15:04 - 2014-09-21 15:04 - 00000000 ____D () C:\Program Files (x86)\DriverRestore 2014-09-20 20:31 - 2014-09-20 20:31 - 00032959 _____ () C:\post01.txt 2014-09-20 20:00 - 2014-09-20 20:00 - 00032480 _____ () C:\ComboFix_anonym.txt 2014-09-20 19:58 - 2014-09-20 19:58 - 00032550 _____ () C:\ComboFix.txt 2014-09-20 19:47 - 2014-09-20 19:58 - 00000000 ____D () C:\Qoobox 2014-09-20 19:47 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe 2014-09-20 19:47 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe 2014-09-20 19:47 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2014-09-20 19:47 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2014-09-20 19:47 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2014-09-20 19:47 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe 2014-09-20 19:47 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe 2014-09-20 19:47 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe 2014-09-20 19:46 - 2014-09-20 19:57 - 00000000 ____D () C:\Windows\erdnt 2014-09-20 10:31 - 2014-09-20 10:32 - 05578824 ____R (Swearware) C:\Users\Minnich\Desktop\ComboFix.exe 2014-09-19 19:12 - 2014-09-19 19:12 - 00001271 _____ () C:\Users\Minnich\Desktop\Revo Uninstaller.lnk 2014-09-19 19:12 - 2014-09-19 19:12 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2014-09-19 19:11 - 2014-09-19 19:11 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Minnich\Desktop\revosetup95.exe 2014-09-19 19:00 - 2014-09-19 19:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-09-19 17:14 - 2014-09-19 17:14 - 00709564 _____ () C:\Users\Minnich\Desktop\delfix_10.8.exe 2014-09-19 17:13 - 2014-09-19 17:13 - 02347384 _____ (ESET) C:\Users\Minnich\Desktop\esetsmartinstaller_deu.exe 2014-09-19 17:13 - 2014-09-19 17:13 - 00448512 _____ (OldTimer Tools) C:\Users\Minnich\Desktop\TFC.exe 2014-09-19 17:12 - 2014-09-19 17:12 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Minnich\Desktop\mbam-setup-2.0.2.1012.exe 2014-09-19 17:09 - 2014-09-19 17:09 - 01373475 _____ () C:\Users\Minnich\Desktop\AdwCleaner_3.310.exe 2014-09-19 17:05 - 2014-09-21 15:57 - 00006837 _____ () C:\Users\Minnich\Desktop\FRST.txt 2014-09-19 17:05 - 2014-09-21 15:57 - 00000000 ____D () C:\FRST 2014-09-19 17:05 - 2014-09-20 19:43 - 00065593 _____ () C:\Users\Minnich\Desktop\FRST_.txt 2014-09-19 17:05 - 2014-09-20 19:43 - 00024782 _____ () C:\Users\Minnich\Desktop\Addition_.txt 2014-09-19 17:04 - 2014-09-19 17:04 - 02105856 _____ (Farbar) C:\Users\Minnich\Desktop\FRST64.exe 2014-09-19 16:57 - 2014-09-19 17:26 - 00000333 _____ () C:\Users\Minnich\Desktop\mal.txt 2014-09-19 16:52 - 2014-09-19 16:52 - 00000000 ____D () C:\Users\Minnich\Desktop\Alte Browser7-Daten 2014-09-14 07:56 - 2014-09-14 07:56 - 01651552 _____ () C:\Windows\Minidump\091414-19156-01.dmp 2014-09-11 08:42 - 2014-09-11 08:42 - 10036224 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe 2014-09-10 18:47 - 2014-08-19 20:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-09-10 18:47 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-09-10 18:47 - 2014-08-19 00:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-09-10 18:47 - 2014-08-19 00:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-09-10 18:47 - 2014-08-19 00:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-09-10 18:47 - 2014-08-19 00:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-09-10 18:47 - 2014-08-19 00:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-09-10 18:47 - 2014-08-19 00:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-09-10 18:47 - 2014-08-19 00:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-09-10 18:47 - 2014-08-19 00:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-09-10 18:47 - 2014-08-19 00:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-09-10 18:47 - 2014-08-19 00:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-09-10 18:47 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-09-10 18:47 - 2014-08-18 23:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-09-10 18:47 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-09-10 18:47 - 2014-08-18 23:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-09-10 18:47 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-09-10 18:47 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-09-10 18:47 - 2014-08-18 23:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-09-10 18:47 - 2014-08-18 23:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-09-10 18:47 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-09-10 18:47 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-09-10 18:47 - 2014-08-18 23:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-09-10 18:47 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-09-10 18:47 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-09-10 18:47 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-09-10 18:47 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-09-10 18:47 - 2014-08-18 23:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-09-10 18:47 - 2014-08-18 23:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-09-10 18:47 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-09-10 18:47 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-09-10 18:47 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-09-10 18:47 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-09-10 18:47 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-09-10 18:46 - 2014-08-19 01:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-09-10 18:46 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-09-10 18:46 - 2014-08-19 00:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-09-10 18:46 - 2014-08-19 00:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-09-10 18:46 - 2014-08-19 00:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-09-10 18:46 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-09-10 18:46 - 2014-08-19 00:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-09-10 18:46 - 2014-08-18 23:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-09-10 18:46 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-09-10 18:46 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-09-10 18:46 - 2014-08-18 23:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-09-10 18:46 - 2014-08-18 23:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-09-10 18:46 - 2014-08-18 23:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-09-10 18:46 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-09-10 18:46 - 2014-08-18 23:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-09-10 18:46 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-09-10 18:46 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-09-10 18:46 - 2014-08-18 22:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-09-10 18:46 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-09-10 18:46 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-09-10 18:46 - 2014-08-18 22:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-09-10 18:46 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-09-10 14:57 - 2014-08-01 13:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll 2014-09-10 14:57 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll 2014-09-10 14:55 - 2014-09-05 04:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-09-10 14:55 - 2014-09-05 04:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-09-10 14:55 - 2014-07-07 04:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-09-10 14:55 - 2014-07-07 04:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-09-10 14:55 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-09-10 14:55 - 2014-07-07 03:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2014-09-10 14:55 - 2014-07-07 03:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2014-09-10 14:55 - 2014-06-24 05:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll 2014-09-10 14:55 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll 2014-09-10 08:17 - 2014-06-27 04:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll 2014-09-10 08:17 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll 2014-09-09 08:17 - 2014-09-09 08:17 - 00000000 ____D () C:\Users\Minnich\AppData\Roaming\SumatraPDF 2014-09-09 08:13 - 2014-09-21 14:57 - 00000000 ____D () C:\Users\Minnich\AppData\Local\Gameo 2014-09-09 08:13 - 2014-09-20 10:49 - 00000000 ____D () C:\Users\Minnich\AppData\Roaming\0C1I1L1R1J0C1F1G1G1P1R2Z 2014-09-09 08:13 - 2014-09-09 08:13 - 00000173 _____ () C:\Users\Minnich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Play Games Online.url 2014-09-09 08:13 - 2014-09-09 08:13 - 00000000 ___HD () C:\Users\Minnich\AppData\Roaming\GoldenGate 2014-09-09 08:12 - 2014-09-21 15:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverRestore 2014-09-09 08:12 - 2014-07-01 19:37 - 00020872 _____ (Phoenix Technologies) C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS 2014-09-09 07:47 - 2014-09-09 07:47 - 00853960 _____ (Reimage®) C:\Users\Minnich\Downloads\ReimageRepair.exe 2014-09-09 07:47 - 2014-09-09 07:47 - 00853960 _____ (Reimage®) C:\Users\Minnich\Downloads\ReimageRepair(1).exe 2014-09-08 13:28 - 2014-09-08 13:28 - 00003154 _____ () C:\Windows\System32\Tasks\{405D3FA4-397D-4A16-9D21-7494A877FA1E} 2014-09-08 13:19 - 2014-09-08 13:19 - 29689728 _____ (Deutsche Telekom AG) C:\Users\Minnich\Downloads\browser7-latest.exe 2014-09-08 11:33 - 2014-09-08 11:33 - 00718848 _____ ( ) C:\Users\Minnich\Downloads\IDM2-Win-EN.exe 2014-09-08 11:33 - 2014-09-08 11:33 - 00000000 ____D () C:\MININT 2014-09-07 10:59 - 2014-09-07 10:59 - 00000000 ____D () C:\Users\Minnich\AppData\Roaming\DriverFinder 2014-09-06 16:35 - 2014-09-06 16:35 - 00000000 ____D () C:\ProgramData\Telekom-Browser 7 2014-09-06 15:44 - 2014-09-06 15:44 - 00362592 _____ (Deutsche Telekom AG) C:\Users\Minnich\Downloads\browser7_setup.exe 2014-09-06 15:00 - 2014-09-07 11:19 - 00000000 ____D () C:\Program Files (x86)\ReimageExpress.com 2014-09-06 14:45 - 2014-09-06 14:46 - 00000000 ____D () C:\Program Files (x86)\Reimageplus.com 2014-09-06 10:47 - 2014-09-07 08:42 - 00001224 _____ () C:\Users\Minnich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-09-06 07:53 - 2014-09-06 07:53 - 00000464 _____ () C:\Windows\system32\ScannerSettings 2014-09-05 12:26 - 2014-09-05 12:26 - 00000000 ____D () C:\Users\Minnich\AppData\Local\speed browser 2014-09-04 17:34 - 2014-09-04 17:34 - 00000044 _____ () C:\Users\Minnich\AppData\Roaming\WB.CFG 2014-09-04 16:55 - 2014-09-04 16:55 - 00000000 ____D () C:\ProgramData\TEMP 2014-09-04 16:51 - 2014-09-04 16:51 - 00001246 _____ () C:\Windows\Tasks\KWHF.job 2014-09-04 16:50 - 2014-09-21 15:33 - 00000000 ____D () C:\Program Files\005 2014-09-04 16:33 - 2014-09-04 16:33 - 00000000 ____D () C:\33cb8ceb-6e1a-4e4c-9963-d32ad5205a76 2014-09-04 16:16 - 2014-09-04 16:16 - 00244400 _____ () C:\Users\Minnich\Downloads\Firefox Setup Stub 32.0.exe 2014-09-04 16:07 - 2014-09-08 14:18 - 00000000 ___HD () C:\Windows\msdownld.tmp 2014-09-04 07:27 - 2014-09-04 07:27 - 00000000 ____D () C:\Users\Minnich\AppData\Local\com 2014-09-03 19:44 - 2014-09-18 18:16 - 00000000 ___HD () C:\Users\Public\Temp 2014-09-03 19:29 - 2014-09-03 19:29 - 00936136 _____ () C:\Windows\Minidump\090314-14008-01.dmp 2014-09-03 15:43 - 2014-09-06 10:33 - 00000000 ____D () C:\ProgramData\4ef04fb202130dcc 2014-09-03 15:43 - 2014-09-03 15:43 - 00000000 ____D () C:\Users\Minnich\AppData\Local\Google 2014-09-03 15:43 - 2014-09-03 15:43 - 00000000 ____D () C:\Users\Minnich\AppData\Local\Comodo 2014-09-03 15:43 - 2014-09-03 15:43 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google 2014-09-03 15:43 - 2014-09-03 15:43 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo 2014-09-02 17:06 - 2014-09-11 11:02 - 00000000 ____D () C:\Users\Minnich\AppData\Roaming\QuickScan 2014-09-02 17:06 - 2014-09-02 17:06 - 00000000 ____D () C:\Users\Minnich\AppData\Local\CrashRpt 2014-09-02 17:04 - 2014-09-02 17:04 - 00073728 _____ ( ) C:\Users\Minnich\Desktop\guiformat.exe 2014-09-01 10:18 - 2014-09-01 10:18 - 00001248 _____ () C:\Users\Minnich\AppData\Roaming\KWHF 2014-09-01 08:38 - 2014-09-01 08:38 - 00000000 ____D () C:\Users\Minnich\AppData\Local\Adobe 2014-08-29 12:59 - 2014-08-29 12:59 - 02073521 _____ (Auerswald) C:\Users\Minnich\Downloads\Install.exe 2014-08-28 07:47 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2014-08-28 07:47 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2014-08-28 07:47 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-08-27 15:59 - 2014-08-27 16:00 - 01068280 _____ () C:\Windows\Minidump\082714-24024-01.dmp ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-21 15:57 - 2014-09-19 17:05 - 00006837 _____ () C:\Users\Minnich\Desktop\FRST.txt 2014-09-21 15:57 - 2014-09-19 17:05 - 00000000 ____D () C:\FRST 2014-09-21 15:56 - 2013-09-12 10:48 - 00030239 _____ () C:\Windows\setupact.log 2014-09-21 15:56 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-09-21 15:55 - 2014-06-05 16:01 - 01181906 _____ () C:\Windows\WindowsUpdate.log 2014-09-21 15:54 - 2014-09-21 15:54 - 00002568 _____ () C:\Users\Minnich\Desktop\JRT_anonym.txt 2014-09-21 15:53 - 2014-09-21 15:53 - 00002571 _____ () C:\Users\Minnich\Desktop\JRT.txt 2014-09-21 15:48 - 2009-07-14 06:45 - 00032352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-09-21 15:48 - 2009-07-14 06:45 - 00032352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-09-21 15:45 - 2014-09-21 15:45 - 00000000 ____D () C:\Windows\ERUNT 2014-09-21 15:44 - 2014-09-21 15:44 - 01027006 _____ (Thisisu) C:\Users\Minnich\Desktop\JRT.exe 2014-09-21 15:43 - 2014-09-21 15:43 - 00127016 _____ () C:\Users\Minnich\Desktop\mbam_anonym.txt 2014-09-21 15:42 - 2014-09-21 15:42 - 00014830 _____ () C:\Users\Minnich\Desktop\AdwCleaner[S0]_anonym.txt 2014-09-21 15:42 - 2013-09-12 08:36 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-09-21 15:41 - 2010-11-21 05:47 - 00232006 _____ () C:\Windows\PFRO.log 2014-09-21 15:40 - 2014-09-21 15:38 - 00000000 ____D () C:\AdwCleaner 2014-09-21 15:38 - 2014-09-21 15:36 - 00127342 _____ () C:\Users\Minnich\Desktop\mbam.txt 2014-09-21 15:35 - 2014-09-21 15:21 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-09-21 15:33 - 2014-09-04 16:50 - 00000000 ____D () C:\Program Files\005 2014-09-21 15:33 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-09-21 15:21 - 2014-09-21 15:21 - 00001109 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-09-21 15:21 - 2014-09-21 15:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-09-21 15:21 - 2014-09-21 15:21 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-09-21 15:21 - 2014-09-21 15:21 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-09-21 15:04 - 2014-09-21 15:04 - 00000000 ____D () C:\Program Files (x86)\DriverRestore 2014-09-21 15:04 - 2014-09-09 08:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverRestore 2014-09-21 14:57 - 2014-09-09 08:13 - 00000000 ____D () C:\Users\Minnich\AppData\Local\Gameo 2014-09-20 20:31 - 2014-09-20 20:31 - 00032959 _____ () C:\post01.txt 2014-09-20 20:00 - 2014-09-20 20:00 - 00032480 _____ () C:\ComboFix_anonym.txt 2014-09-20 19:58 - 2014-09-20 19:58 - 00032550 _____ () C:\ComboFix.txt 2014-09-20 19:58 - 2014-09-20 19:47 - 00000000 ____D () C:\Qoobox 2014-09-20 19:58 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default 2014-09-20 19:57 - 2014-09-20 19:46 - 00000000 ____D () C:\Windows\erdnt 2014-09-20 19:55 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini 2014-09-20 19:54 - 2009-07-14 04:34 - 56098816 _____ () C:\Windows\system32\config\SOFTWARE.bak 2014-09-20 19:54 - 2009-07-14 04:34 - 14155776 _____ () C:\Windows\system32\config\SYSTEM.bak 2014-09-20 19:54 - 2009-07-14 04:34 - 00524288 _____ () C:\Windows\system32\config\DEFAULT.bak 2014-09-20 19:54 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak 2014-09-20 19:54 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak 2014-09-20 19:43 - 2014-09-19 17:05 - 00065593 _____ () C:\Users\Minnich\Desktop\FRST_.txt 2014-09-20 19:43 - 2014-09-19 17:05 - 00024782 _____ () C:\Users\Minnich\Desktop\Addition_.txt 2014-09-20 11:01 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF 2014-09-20 10:49 - 2014-09-09 08:13 - 00000000 ____D () C:\Users\Minnich\AppData\Roaming\0C1I1L1R1J0C1F1G1G1P1R2Z 2014-09-20 10:32 - 2014-09-20 10:31 - 05578824 ____R (Swearware) C:\Users\Minnich\Desktop\ComboFix.exe 2014-09-20 09:47 - 2011-04-12 09:43 - 00699092 _____ () C:\Windows\system32\perfh007.dat 2014-09-20 09:47 - 2011-04-12 09:43 - 00149232 _____ () C:\Windows\system32\perfc007.dat 2014-09-20 09:47 - 2009-07-14 07:13 - 01619284 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-09-20 08:46 - 2014-06-05 18:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-09-19 19:12 - 2014-09-19 19:12 - 00001271 _____ () C:\Users\Minnich\Desktop\Revo Uninstaller.lnk 2014-09-19 19:12 - 2014-09-19 19:12 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2014-09-19 19:11 - 2014-09-19 19:11 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Minnich\Desktop\revosetup95.exe 2014-09-19 19:00 - 2014-09-19 19:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-09-19 17:26 - 2014-09-19 16:57 - 00000333 _____ () C:\Users\Minnich\Desktop\mal.txt 2014-09-19 17:14 - 2014-09-19 17:14 - 00709564 _____ () C:\Users\Minnich\Desktop\delfix_10.8.exe 2014-09-19 17:13 - 2014-09-19 17:13 - 02347384 _____ (ESET) C:\Users\Minnich\Desktop\esetsmartinstaller_deu.exe 2014-09-19 17:13 - 2014-09-19 17:13 - 00448512 _____ (OldTimer Tools) C:\Users\Minnich\Desktop\TFC.exe 2014-09-19 17:12 - 2014-09-19 17:12 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Minnich\Desktop\mbam-setup-2.0.2.1012.exe 2014-09-19 17:09 - 2014-09-19 17:09 - 01373475 _____ () C:\Users\Minnich\Desktop\AdwCleaner_3.310.exe 2014-09-19 17:04 - 2014-09-19 17:04 - 02105856 _____ (Farbar) C:\Users\Minnich\Desktop\FRST64.exe 2014-09-19 16:52 - 2014-09-19 16:52 - 00000000 ____D () C:\Users\Minnich\Desktop\Alte Browser7-Daten 2014-09-18 18:16 - 2014-09-03 19:44 - 00000000 ___HD () C:\Users\Public\Temp 2014-09-18 07:56 - 2013-09-12 08:35 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2014-09-18 07:56 - 2013-09-12 08:35 - 00002026 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk 2014-09-18 07:56 - 2013-09-12 08:35 - 00000000 ____D () C:\ProgramData\Adobe 2014-09-18 07:54 - 2014-06-05 17:32 - 00000000 ____D () C:\Users\Minnich\AppData\Roaming\Adobe 2014-09-15 14:12 - 2014-06-10 09:56 - 00000000 ____D () C:\Users\Minnich\Documents\Loewe 2014-09-15 12:44 - 2014-07-07 13:17 - 00001099 _____ () C:\Users\Minnich\AppData\Roaming\ShiftN.ini 2014-09-14 07:56 - 2014-09-14 07:56 - 01651552 _____ () C:\Windows\Minidump\091414-19156-01.dmp 2014-09-14 07:56 - 2014-06-11 17:27 - 4161772523 _____ () C:\Windows\MEMORY.DMP 2014-09-14 07:56 - 2014-06-11 17:27 - 00000000 ____D () C:\Windows\Minidump 2014-09-13 07:51 - 2014-06-06 11:08 - 00000000 ____D () C:\Program Files (x86)\Browser 7 Maintenance Service 2014-09-11 11:02 - 2014-09-02 17:06 - 00000000 ____D () C:\Users\Minnich\AppData\Roaming\QuickScan 2014-09-11 09:51 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache 2014-09-11 08:42 - 2014-09-11 08:42 - 10036224 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe 2014-09-11 08:42 - 2013-09-12 08:36 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-09-11 08:42 - 2013-09-12 08:36 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-09-11 08:42 - 2013-09-12 08:36 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-09-10 18:46 - 2013-09-12 09:33 - 01592628 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2014-09-10 18:45 - 2014-06-06 13:07 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-09-10 08:18 - 2014-06-06 11:28 - 00000000 ____D () C:\Windows\system32\MRT 2014-09-10 08:17 - 2014-06-06 11:28 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-09-09 08:17 - 2014-09-09 08:17 - 00000000 ____D () C:\Users\Minnich\AppData\Roaming\SumatraPDF 2014-09-09 08:13 - 2014-09-09 08:13 - 00000173 _____ () C:\Users\Minnich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Play Games Online.url 2014-09-09 08:13 - 2014-09-09 08:13 - 00000000 ___HD () C:\Users\Minnich\AppData\Roaming\GoldenGate 2014-09-09 08:00 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared 2014-09-09 07:47 - 2014-09-09 07:47 - 00853960 _____ (Reimage®) C:\Users\Minnich\Downloads\ReimageRepair.exe 2014-09-09 07:47 - 2014-09-09 07:47 - 00853960 _____ (Reimage®) C:\Users\Minnich\Downloads\ReimageRepair(1).exe 2014-09-08 14:18 - 2014-09-04 16:07 - 00000000 ___HD () C:\Windows\msdownld.tmp 2014-09-08 14:18 - 2014-06-06 11:59 - 00037103 _____ () C:\Windows\IE11_main.log 2014-09-08 13:32 - 2014-06-05 17:32 - 00063776 _____ () C:\Users\Minnich\AppData\Local\GDIPFONTCACHEV1.DAT 2014-09-08 13:32 - 2009-07-14 06:45 - 00287824 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-09-08 13:28 - 2014-09-08 13:28 - 00003154 _____ () C:\Windows\System32\Tasks\{405D3FA4-397D-4A16-9D21-7494A877FA1E} 2014-09-08 13:20 - 2014-06-06 11:08 - 00001339 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Browser 7 der Telekom.lnk 2014-09-08 13:20 - 2014-06-06 11:08 - 00001327 _____ () C:\Users\Public\Desktop\Browser 7 der Telekom.lnk 2014-09-08 13:19 - 2014-09-08 13:19 - 29689728 _____ (Deutsche Telekom AG) C:\Users\Minnich\Downloads\browser7-latest.exe 2014-09-08 11:33 - 2014-09-08 11:33 - 00718848 _____ ( ) C:\Users\Minnich\Downloads\IDM2-Win-EN.exe 2014-09-08 11:33 - 2014-09-08 11:33 - 00000000 ____D () C:\MININT 2014-09-08 11:33 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Resources 2014-09-07 11:19 - 2014-09-06 15:00 - 00000000 ____D () C:\Program Files (x86)\ReimageExpress.com 2014-09-07 10:59 - 2014-09-07 10:59 - 00000000 ____D () C:\Users\Minnich\AppData\Roaming\DriverFinder 2014-09-07 08:42 - 2014-09-06 10:47 - 00001224 _____ () C:\Users\Minnich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-09-07 08:42 - 2014-06-05 18:19 - 00001880 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-09-07 08:42 - 2014-06-05 18:19 - 00001868 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-09-06 16:35 - 2014-09-06 16:35 - 00000000 ____D () C:\ProgramData\Telekom-Browser 7 2014-09-06 16:35 - 2014-06-06 11:08 - 00000000 ____D () C:\Users\Minnich\AppData\Roaming\Deutsche Telekom AG 2014-09-06 15:44 - 2014-09-06 15:44 - 00362592 _____ (Deutsche Telekom AG) C:\Users\Minnich\Downloads\browser7_setup.exe 2014-09-06 15:03 - 2014-06-07 15:37 - 00000000 ____D () C:\Windows\system32\appmgmt 2014-09-06 14:50 - 2013-09-12 08:33 - 00002051 _____ () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-09-06 14:50 - 2013-09-12 08:33 - 00002051 _____ () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-09-06 14:46 - 2014-09-06 14:45 - 00000000 ____D () C:\Program Files (x86)\Reimageplus.com 2014-09-06 11:01 - 2009-07-14 04:34 - 00000505 _____ () C:\Windows\win.ini 2014-09-06 10:33 - 2014-09-03 15:43 - 00000000 ____D () C:\ProgramData\4ef04fb202130dcc 2014-09-06 07:53 - 2014-09-06 07:53 - 00000464 _____ () C:\Windows\system32\ScannerSettings 2014-09-05 12:26 - 2014-09-05 12:26 - 00000000 ____D () C:\Users\Minnich\AppData\Local\speed browser 2014-09-05 04:10 - 2014-09-10 14:55 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-09-05 04:05 - 2014-09-10 14:55 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-09-04 17:34 - 2014-09-04 17:34 - 00000044 _____ () C:\Users\Minnich\AppData\Roaming\WB.CFG 2014-09-04 16:55 - 2014-09-04 16:55 - 00000000 ____D () C:\ProgramData\TEMP 2014-09-04 16:51 - 2014-09-04 16:51 - 00001246 _____ () C:\Windows\Tasks\KWHF.job 2014-09-04 16:33 - 2014-09-04 16:33 - 00000000 ____D () C:\33cb8ceb-6e1a-4e4c-9963-d32ad5205a76 2014-09-04 16:16 - 2014-09-04 16:16 - 00244400 _____ () C:\Users\Minnich\Downloads\Firefox Setup Stub 32.0.exe 2014-09-04 07:27 - 2014-09-04 07:27 - 00000000 ____D () C:\Users\Minnich\AppData\Local\com 2014-09-04 07:25 - 2014-06-05 18:20 - 00000000 ____D () C:\Users\Minnich\AppData\Roaming\Mozilla 2014-09-03 19:29 - 2014-09-03 19:29 - 00936136 _____ () C:\Windows\Minidump\090314-14008-01.dmp 2014-09-03 15:43 - 2014-09-03 15:43 - 00000000 ____D () C:\Users\Minnich\AppData\Local\Google 2014-09-03 15:43 - 2014-09-03 15:43 - 00000000 ____D () C:\Users\Minnich\AppData\Local\Comodo 2014-09-03 15:43 - 2014-09-03 15:43 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google 2014-09-03 15:43 - 2014-09-03 15:43 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo 2014-09-02 17:06 - 2014-09-02 17:06 - 00000000 ____D () C:\Users\Minnich\AppData\Local\CrashRpt 2014-09-02 17:04 - 2014-09-02 17:04 - 00073728 _____ ( ) C:\Users\Minnich\Desktop\guiformat.exe 2014-09-02 10:05 - 2014-06-06 12:17 - 00000000 ____D () C:\It2001 2014-09-01 10:18 - 2014-09-01 10:18 - 00001248 _____ () C:\Users\Minnich\AppData\Roaming\KWHF 2014-09-01 08:38 - 2014-09-01 08:38 - 00000000 ____D () C:\Users\Minnich\AppData\Local\Adobe 2014-08-29 12:59 - 2014-08-29 12:59 - 02073521 _____ (Auerswald) C:\Users\Minnich\Downloads\Install.exe 2014-08-27 16:00 - 2014-08-27 15:59 - 01068280 _____ () C:\Windows\Minidump\082714-24024-01.dmp 2014-08-25 06:53 - 2010-11-21 05:27 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2014-08-23 04:07 - 2014-08-28 07:47 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2014-08-23 03:45 - 2014-08-28 07:47 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2014-08-23 02:59 - 2014-08-28 07:47 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys Some content of TEMP: ==================== C:\Users\Minnich\AppData\Local\Temp\DRHelper_uninstallComplete.exe C:\Users\Minnich\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-09-17 11:49 ==================== End Of Log ============================ Addition.txt: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-09-2014 Ran by Minnich at 2014-09-21 15:57:57 Running from C:\Users\Minnich\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.152 - Adobe Systems Incorporated) Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated) Adobe Reader XI (11.0.09) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated) Browser 7 der Telekom 31.0.20 (x86 de) (HKLM-x32\...\Browser 7 der Telekom 31.0.20 (x86 de)) (Version: 31.0.20 - Deutsche Telekom AG) Browser 7 Maintenance Service (HKLM-x32\...\Browser7MaintenanceService) (Version: 31.0.19 - Deutsche Telekom AG) InfoTip 2001 (HKLM-x32\...\It2001) (Version: - ) MAGIX Foto & Grafik Designer 9 (HKLM-x32\...\MX.{E84F54E0-4BC7-4C19-A969-D22574CDC118}) (Version: 9.1.2.28274 - MAGIX AG) MAGIX Foto & Grafik Designer 9 (Version: 9.1.2.28274 - MAGIX AG) Hidden MAGIX Web Designer MX Premium (HKLM-x32\...\MAGIX_{4D5A1C12-2F7B-4A67-B186-ECAE22EF4FCB}) (Version: 8.0.2.21761 - MAGIX AG) MAGIX Web Designer MX Premium (Version: 8.0.2.21761 - MAGIX AG) Hidden Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation) McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.) Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Mozilla Firefox 32.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 32.0.2 (x86 de)) (Version: 32.0.2 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 32.0 - Mozilla) MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) Photo & Graphic Designer 9 Update (Version: 9.2.8.32681 - MAGIX Software GmbH) Hidden PIKO Master Control V2.0 v1.2.2.38199 (HKLM-x32\...\PIKO Master Control V2.0_is1) (Version: 1.2.2.38199 - KOSTAL Solar Electric GmbH) Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group) Web Designer Premium MX Update (Version: 8.1.5.31094 - MAGIX AG) Hidden ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 17-09-2014 06:11:01 Windows Update 20-09-2014 08:47:52 Revo Uninstaller's restore point - Easy PDF Reader Packages 20-09-2014 08:49:38 Revo Uninstaller's restore point - istartsurf uninstall 20-09-2014 08:52:05 Revo Uninstaller's restore point - Software Version Updater 21-09-2014 12:55:56 Revo Uninstaller's restore point - Gameo 21-09-2014 12:57:22 Revo Uninstaller's restore point - PC Speed Maximizer v3.2 21-09-2014 13:06:58 Revo Uninstaller's restore point - simplitec simplicheck 21-09-2014 13:07:12 Removed simplitec simplicheck ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 04:34 - 2014-09-20 19:55 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {6C3EFE4C-FB27-4E5E-BA51-850E1178EDCB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-11] (Adobe Systems Incorporated) Task: {7929E22C-9E3E-461B-BA2F-D97C10256833} - \ReimageUpdater No Task File <==== ATTENTION Task: {D8511953-6640-4969-95BD-A56F00F64566} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\KWHF.job => C:\Users\Minnich\AppData\Roaming\KWHF.exe ==================== Loaded Modules (whitelisted) ============= ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\startupreg: Unattend0000000001{15346C6C-F853-4410-BF55-473812C60FF7} => %SYSTEMDRIVE%\restore\createrestore.exe /r ==================== Faulty Device Manager Devices ============= Name: Teredo Tunneling Pseudo-Interface Description: Microsoft-Teredo-Tunneling-Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. ==================== Event log errors: ========================= Application errors: ================== System errors: ============= Error: (09/21/2014 03:56:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Reimage Real Time Protector" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Microsoft Office Sessions: ========================= CodeIntegrity Errors: =================================== Date: 2014-09-20 19:53:14.000 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2014-09-20 19:53:13.954 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. ==================== Memory info =========================== Processor: Intel(R) Core(TM)2 Duo CPU E7500 @ 2.93GHz Percentage of memory in use: 21% Total physical RAM: 3967.61 MB Available physical RAM: 3108.38 MB Total Pagefile: 7933.41 MB Available Pagefile: 7019.59 MB Total Virtual: 8192 MB Available Virtual: 8191.83 MB ==================== Drives ================================ Drive c: (Windows) (Fixed) (Total:225.22 GB) (Free:185.6 GB) NTFS ==>[Drive with boot components (obtained from BCD)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 0841F56C) Partition 1: (Not Active) - (Size=7.7 GB) - (Type=27) Partition 2: (Active) - (Size=225.2 GB) - (Type=07 NTFS) ==================== End Of Log ============================ |
22.09.2014, 09:42 | #11 |
/// the machine /// TB-Ausbilder | Befall von Malware (zym.tollbahsuburban.com) auf Windows 7 Professional PCESET Online Scanner
Downloade Dir bitte SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
22.09.2014, 17:33 | #12 |
| Befall von Malware (zym.tollbahsuburban.com) auf Windows 7 Professional PC Hi, ESET hat noch fast 20 Bedrohungen erkannt. ESET Log: Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7623 # api_version=3.0.2 # EOSSerial=efa8f8009494484eb3c17fd0db5face9 # engine=20247 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2014-09-22 04:19:35 # local_time=2014-09-22 06:19:35 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1031 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='' # compatibility_mode=5893 16776573 100 94 85091 163032625 0 0 # scanned=151584 # found=19 # cleaned=0 # scan_time=1730 sh=99414731D83EBD1177112CFE7E3D849C4DC156F5 ft=1 fh=fbdf85939d27573c vn="Variante von Win64/Systweak.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\System32\roboot64.exe.vir" sh=8B67C4946B050285FE89EFE36AB6DC2F7B3E2D2F ft=1 fh=d91722da20002316 vn="Variante von Win64/Riskware.NetFilter.F Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\System32\drivers\netfilter64.sys.vir" sh=7F8E18A2E0BA11295D0CDAA81104E4896B84AC2F ft=1 fh=473853ca0f47624e vn="Win32/SearchPlugin.A evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\ReimageExpress.com\ExpressSetup.exe" sh=B018ADBCA951AC0EB0757AFFD7EAB8FC0228CA91 ft=1 fh=fda9a5748d3eb594 vn="Variante von Win32/Adware.SpeedingUpMyPC.C Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\Probit Software\Easy Speed PC\ESPCSmartScan.exe.vir" sh=36F969E522FD53A189312D946C430EFD02D5A982 ft=1 fh=5d022c015afe1524 vn="Variante von Win32/ELEX.AV evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\ProgramData\IePluginServices\PluginService.exe.vir" sh=7028F239FAC673EE7DC7772ACC75D759EA73837D ft=1 fh=e769f095fe49f653 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Minnich\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4JLGS9U4\spstub[1].exe" sh=5D1F071AF658A18DAA3C5BB68316CCBA3A48AA28 ft=1 fh=fb52270167c4e8d1 vn="Variante von Win32/BrowseFox.O evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Minnich\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4JLGS9U4\SunriseBrowse[1].dll" sh=7028F239FAC673EE7DC7772ACC75D759EA73837D ft=1 fh=e769f095fe49f653 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Minnich\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FK80VV1E\spstub[1].exe" sh=54BE56B6705EB161677DEE881A9E7B72E5861179 ft=1 fh=f0ed7077fc73dcf1 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Minnich\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KWH45R1F\SPSetup[1].exe" sh=54BE56B6705EB161677DEE881A9E7B72E5861179 ft=1 fh=f0ed7077fc73dcf1 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Minnich\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QE4VSUIX\SPSetup[1].exe" sh=ADD584BDB3CF5550D6835065051A551D3BE0369F ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Visicom.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Minnich\AppData\Local\Mozilla\Firefox\Profiles\e5fvsnq2.default\cache2\entries\DA3D0634E1E1F5126E557AED536ECCF78549AE57" sh=78E29B91D2854331B7F28B9FE6B3EEE2EB158CE3 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Iminent.I evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Minnich\AppData\Local\Mozilla\Firefox\Profiles\e5fvsnq2.default\cache2\entries\ED96577D1C76EC0B52951D819D12338706A165A1" sh=4D61862340A8C252665F1927CACB3038D474F2EA ft=1 fh=6d632a397799bb5e vn="Variante von Win32/Bundled.Toolbar.Ask.G potenziell unsichere Anwendung" ac=I fn="C:\Users\Minnich\Documents\MAGIX Downloads\Installationsmanager\Foto_Grafik_Designer_9_DLV_de-DE_130611_10-14_9_1_2_28274.exe" sh=907DF0456F03AEAA8E44D2D9D3CD4558BA07B2DB ft=1 fh=6012deb93b048baa vn="Variante von Win32/InstallCore.PX evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Minnich\Downloads\IDM2-Win-EN.exe" sh=4D61862340A8C252665F1927CACB3038D474F2EA ft=1 fh=6d632a397799bb5e vn="Variante von Win32/Bundled.Toolbar.Ask.G potenziell unsichere Anwendung" ac=I fn="E:\# Backup Minnich PC\Documents\MAGIX Downloads\Installationsmanager\Foto_Grafik_Designer_9_DLV_de-DE_130611_10-14_9_1_2_28274.exe" sh=907DF0456F03AEAA8E44D2D9D3CD4558BA07B2DB ft=1 fh=6012deb93b048baa vn="Variante von Win32/InstallCore.PX evtl. unerwünschte Anwendung" ac=I fn="E:\# Backup Minnich PC\Downloads\IDM2-Win-EN.exe" sh=BFA542DBC16C89A48B530FC9994CA9FED8075DAC ft=1 fh=adb9f53f93ace214 vn="Variante von Win32/AdWare.iBryte.BI Anwendung" ac=I fn="E:\# Backup Minnich PC\Downloads\javaupdate_setup.exe" sh=6D3D4498134083CBAE385671D554842C6FEB459F ft=1 fh=67d76dabf1ab7c07 vn="Variante von Win32/SoftPulse.L evtl. unerwünschte Anwendung" ac=I fn="E:\# Backup Minnich PC\Downloads\Setup(1).exe" sh=CCD74435A69F55E73048A22E45B983C730E66D07 ft=1 fh=bda8312af1ab7c07 vn="Variante von Win32/SoftPulse.L evtl. unerwünschte Anwendung" ac=I fn="E:\# Backup Minnich PC\Downloads\Setup.exe" Code:
ATTFilter Results of screen317's Security Check version 0.99.87 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Adobe Flash Player 15.0.0.152 Adobe Reader XI Mozilla Firefox (32.0.2) ````````Process Check: objlist.exe by Laurent```````` `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` Im FRST.log: Code:
ATTFilter ==================== Services (Whitelisted) ================= ... S2 ReimageRealTimeProtector; C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [X] Code:
ATTFilter ==================== Scheduled Tasks (whitelisted) ============= ... Task: {7929E22C-9E3E-461B-BA2F-D97C10256833} - \ReimageUpdater No Task File <==== ATTENTION FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-09-2014 Ran by Minnich (administrator) on MINNICH-PC on 22-09-2014 18:25:59 Running from C:\Users\Minnich\Desktop Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe (Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated) HKU\S-1-5-21-3299499388-507950971-3432295107-1001\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [784392 2014-05-29] (Sandboxie Holdings, LLC) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKCU - 569F02B720D640868C23E94F03F2C832 URL = hxxp://groovorio.com/results.php?f=4&q={searchTerms}&a=grv_bndl1_14_26&cd=2XzuyEtN2Y1L1QzutDtDtCzyzyzyzyyCtB0EtCtDtDtByBzytN0D0Tzu0SzyyBzztN1L2XzutAtFtBtFtCtFtDtN1L1Czu1N1C2X1V1S1G1Q1ItC1VtCyE1VtByCtN1L1G1B1V1N2Y1L1Qzu2SyDtDyC0Dzy0CyBzytGzyyDyEyDtGzzyCzy0AtGtCyCzyyEtGtAyDtByCyDtBtByBtA0A0Bzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzztC0Fzzzz0DtByDtG0E0CtAyDtGyEtCyD0AtGzytC0AyDtG0ByEyB0EtAyBzy0DyEtD0C0F2Q&cr=1773006457&ir= BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default FF SelectedSearchEngine: Google FF Homepage: about:home FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll () FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Users\Minnich\AppData\Roaming\mozilla\plugins\np-mswmp.dll (Microsoft Corporation) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Internet Download Manager Squared - C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\Extensions\idmsq@idmsq.com [2014-09-08] FF Extension: 123b222059cb11dbb0de0800200c9a66 - C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\Extensions\{123b2220-59cb-11db-b0de-0800200c9a66} [2014-09-08] FF Extension: AF445D67154C4c69A17B7F392BCC36A3 - C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\Extensions\{AF445D67-154C-4c69-A17B-7F392BCC36A3} [2014-09-07] FF Extension: NoScript - C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-09-19] FF Extension: Adblock Plus - C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-09-21] FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04] Chrome: ======= CHR Profile: C:\Users\Minnich\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (No Name) - C:\Users\Minnich\AppData\Local\Google\Chrome\User Data\Default\Extensions\bndmpmkpkcaipgdfamhmjdkeemneaeco [2014-09-03] CHR Extension: (No Name) - C:\Users\Minnich\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnjjngeaknajbdcgpfkgnonkmififhfo [2014-09-08] CHR Extension: (No Name) - C:\Users\Minnich\AppData\Local\Google\Chrome\User Data\Default\Extensions\mblbciejcodpealifnhfjbdlkedplodp [2014-09-07] CHR Extension: (No Name) - C:\Users\Minnich\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdapmeleikeppmfgadilffngabfpibok [2014-09-07] CHR Extension: (No Name) - C:\Users\Minnich\AppData\Local\Google\Chrome\User Data\Default\Extensions\mflbcmpjneookibbaeopkfcnegknkgog [2014-09-10] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 Browser7Maintenance; C:\Program Files (x86)\Browser 7 Maintenance Service\maintenanceservice.exe [118584 2014-09-12] (Deutsche Telekom AG) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.) R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [174088 2014-05-29] (Sandboxie Holdings, LLC) S2 ReimageRealTimeProtector; C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [185352 2014-05-29] (Sandboxie Holdings, LLC) R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.) S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 cpuz134; \??\C:\Users\Minnich\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-22 18:23 - 2014-09-22 18:23 - 00854417 _____ () C:\Users\Minnich\Desktop\SecurityCheck.exe 2014-09-22 17:47 - 2014-09-22 17:47 - 00000000 ____D () C:\Program Files (x86)\ESET 2014-09-21 18:49 - 2014-09-21 18:49 - 02554924 _____ (Dominik Reichl ) C:\Users\Minnich\Downloads\KeePass-2.27-Setup.exe 2014-09-21 18:49 - 2014-09-21 18:49 - 00040876 _____ () C:\Users\Minnich\Downloads\KeePass-2.27-German.zip 2014-09-21 18:32 - 2014-09-21 18:44 - 00001710 _____ () C:\Windows\Sandboxie.ini 2014-09-21 18:32 - 2014-09-21 18:32 - 00000000 ___RD () C:\Sandbox 2014-09-21 18:32 - 2014-09-21 18:31 - 00000921 _____ () C:\Users\Minnich\Desktop\Sandboxed Web Browser.lnk 2014-09-21 18:31 - 2014-09-21 18:31 - 02656264 _____ (Sandboxie Holdings, LLC) C:\Users\Minnich\Downloads\SandboxieInstall.exe 2014-09-21 18:31 - 2014-09-21 18:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie 2014-09-21 18:31 - 2014-09-21 18:31 - 00000000 ____D () C:\Program Files\Sandboxie 2014-09-21 16:32 - 2014-09-21 16:33 - 00029115 _____ () C:\Users\Minnich\Desktop\Logfiles.zip 2014-09-21 16:15 - 2014-09-21 16:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip 2014-09-21 16:15 - 2014-09-21 16:15 - 00000000 ____D () C:\Program Files (x86)\7-Zip 2014-09-21 16:14 - 2014-09-21 16:14 - 01110476 _____ () C:\Users\Minnich\Desktop\7z920.exe 2014-09-21 15:54 - 2014-09-21 15:54 - 00002568 _____ () C:\Users\Minnich\Desktop\JRT_anonym.txt 2014-09-21 15:53 - 2014-09-21 15:53 - 00002571 _____ () C:\Users\Minnich\Desktop\JRT.txt 2014-09-21 15:45 - 2014-09-21 15:45 - 00000000 ____D () C:\Windows\ERUNT 2014-09-21 15:44 - 2014-09-21 15:44 - 01027006 _____ (Thisisu) C:\Users\Minnich\Desktop\JRT.exe 2014-09-21 15:43 - 2014-09-21 15:43 - 00127016 _____ () C:\Users\Minnich\Desktop\mbam_anonym.txt 2014-09-21 15:42 - 2014-09-21 15:42 - 00014830 _____ () C:\Users\Minnich\Desktop\AdwCleaner[S0]_anonym.txt 2014-09-21 15:38 - 2014-09-21 15:40 - 00000000 ____D () C:\AdwCleaner 2014-09-21 15:36 - 2014-09-21 15:38 - 00127342 _____ () C:\Users\Minnich\Desktop\mbam.txt 2014-09-21 15:21 - 2014-09-21 15:35 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-09-21 15:21 - 2014-09-21 15:21 - 00001109 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-09-21 15:21 - 2014-09-21 15:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-09-21 15:21 - 2014-09-21 15:21 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-09-21 15:21 - 2014-09-21 15:21 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-09-21 15:21 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-09-21 15:21 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-09-21 15:21 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-09-21 15:04 - 2014-09-21 15:04 - 00000000 ____D () C:\Program Files (x86)\DriverRestore 2014-09-20 20:31 - 2014-09-20 20:31 - 00032959 _____ () C:\post01.txt 2014-09-20 20:00 - 2014-09-20 20:00 - 00032480 _____ () C:\ComboFix_anonym.txt 2014-09-20 19:58 - 2014-09-20 19:58 - 00032550 _____ () C:\ComboFix.txt 2014-09-20 19:47 - 2014-09-20 19:58 - 00000000 ____D () C:\Qoobox 2014-09-20 19:47 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe 2014-09-20 19:47 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe 2014-09-20 19:47 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2014-09-20 19:47 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2014-09-20 19:47 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2014-09-20 19:47 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe 2014-09-20 19:47 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe 2014-09-20 19:47 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe 2014-09-20 19:46 - 2014-09-20 19:57 - 00000000 ____D () C:\Windows\erdnt 2014-09-20 10:31 - 2014-09-20 10:32 - 05578824 ____R (Swearware) C:\Users\Minnich\Desktop\ComboFix.exe 2014-09-19 19:12 - 2014-09-19 19:12 - 00001271 _____ () C:\Users\Minnich\Desktop\Revo Uninstaller.lnk 2014-09-19 19:12 - 2014-09-19 19:12 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2014-09-19 19:11 - 2014-09-19 19:11 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Minnich\Desktop\revosetup95.exe 2014-09-19 19:00 - 2014-09-19 19:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-09-19 17:14 - 2014-09-19 17:14 - 00709564 _____ () C:\Users\Minnich\Desktop\delfix_10.8.exe 2014-09-19 17:13 - 2014-09-22 17:47 - 02347384 _____ (ESET) C:\Users\Minnich\Desktop\esetsmartinstaller_deu.exe 2014-09-19 17:13 - 2014-09-19 17:13 - 00448512 _____ (OldTimer Tools) C:\Users\Minnich\Desktop\TFC.exe 2014-09-19 17:12 - 2014-09-19 17:12 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Minnich\Desktop\mbam-setup-2.0.2.1012.exe 2014-09-19 17:09 - 2014-09-19 17:09 - 01373475 _____ () C:\Users\Minnich\Desktop\AdwCleaner_3.310.exe 2014-09-19 17:05 - 2014-09-22 18:26 - 00007602 _____ () C:\Users\Minnich\Desktop\FRST.txt 2014-09-19 17:05 - 2014-09-22 18:26 - 00000000 ____D () C:\FRST 2014-09-19 17:04 - 2014-09-19 17:04 - 02105856 _____ (Farbar) C:\Users\Minnich\Desktop\FRST64.exe 2014-09-19 16:57 - 2014-09-19 17:26 - 00000333 _____ () C:\Users\Minnich\Desktop\mal.txt 2014-09-19 16:52 - 2014-09-19 16:52 - 00000000 ____D () C:\Users\Minnich\Desktop\Alte Browser7-Daten 2014-09-14 07:56 - 2014-09-14 07:56 - 01651552 _____ () C:\Windows\Minidump\091414-19156-01.dmp 2014-09-11 08:42 - 2014-09-11 08:42 - 10036224 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe 2014-09-10 18:47 - 2014-08-19 20:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-09-10 18:47 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-09-10 18:47 - 2014-08-19 00:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-09-10 18:47 - 2014-08-19 00:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-09-10 18:47 - 2014-08-19 00:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-09-10 18:47 - 2014-08-19 00:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-09-10 18:47 - 2014-08-19 00:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-09-10 18:47 - 2014-08-19 00:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-09-10 18:47 - 2014-08-19 00:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-09-10 18:47 - 2014-08-19 00:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-09-10 18:47 - 2014-08-19 00:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-09-10 18:47 - 2014-08-19 00:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-09-10 18:47 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-09-10 18:47 - 2014-08-18 23:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-09-10 18:47 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-09-10 18:47 - 2014-08-18 23:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-09-10 18:47 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-09-10 18:47 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-09-10 18:47 - 2014-08-18 23:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-09-10 18:47 - 2014-08-18 23:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-09-10 18:47 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-09-10 18:47 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-09-10 18:47 - 2014-08-18 23:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-09-10 18:47 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-09-10 18:47 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-09-10 18:47 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-09-10 18:47 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-09-10 18:47 - 2014-08-18 23:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-09-10 18:47 - 2014-08-18 23:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-09-10 18:47 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-09-10 18:47 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-09-10 18:47 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-09-10 18:47 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-09-10 18:47 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-09-10 18:46 - 2014-08-19 01:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-09-10 18:46 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-09-10 18:46 - 2014-08-19 00:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-09-10 18:46 - 2014-08-19 00:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-09-10 18:46 - 2014-08-19 00:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-09-10 18:46 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-09-10 18:46 - 2014-08-19 00:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-09-10 18:46 - 2014-08-18 23:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-09-10 18:46 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-09-10 18:46 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-09-10 18:46 - 2014-08-18 23:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-09-10 18:46 - 2014-08-18 23:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-09-10 18:46 - 2014-08-18 23:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-09-10 18:46 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-09-10 18:46 - 2014-08-18 23:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-09-10 18:46 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-09-10 18:46 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-09-10 18:46 - 2014-08-18 22:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-09-10 18:46 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-09-10 18:46 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-09-10 18:46 - 2014-08-18 22:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-09-10 18:46 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-09-10 14:57 - 2014-08-01 13:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll 2014-09-10 14:57 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll 2014-09-10 14:55 - 2014-09-05 04:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-09-10 14:55 - 2014-09-05 04:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-09-10 14:55 - 2014-07-07 04:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-09-10 14:55 - 2014-07-07 04:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-09-10 14:55 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-09-10 14:55 - 2014-07-07 03:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2014-09-10 14:55 - 2014-07-07 03:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2014-09-10 14:55 - 2014-06-24 05:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll 2014-09-10 14:55 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll 2014-09-10 08:17 - 2014-06-27 04:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll 2014-09-10 08:17 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll 2014-09-09 08:17 - 2014-09-09 08:17 - 00000000 ____D () C:\Users\Minnich\AppData\Roaming\SumatraPDF 2014-09-09 08:13 - 2014-09-21 14:57 - 00000000 ____D () C:\Users\Minnich\AppData\Local\Gameo 2014-09-09 08:13 - 2014-09-20 10:49 - 00000000 ____D () C:\Users\Minnich\AppData\Roaming\0C1I1L1R1J0C1F1G1G1P1R2Z 2014-09-09 08:13 - 2014-09-09 08:13 - 00000173 _____ () C:\Users\Minnich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Play Games Online.url 2014-09-09 08:13 - 2014-09-09 08:13 - 00000000 ___HD () C:\Users\Minnich\AppData\Roaming\GoldenGate 2014-09-09 08:12 - 2014-09-21 15:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverRestore 2014-09-09 08:12 - 2014-07-01 19:37 - 00020872 _____ (Phoenix Technologies) C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS 2014-09-09 07:47 - 2014-09-09 07:47 - 00853960 _____ (Reimage®) C:\Users\Minnich\Downloads\ReimageRepair.exe 2014-09-09 07:47 - 2014-09-09 07:47 - 00853960 _____ (Reimage®) C:\Users\Minnich\Downloads\ReimageRepair(1).exe 2014-09-08 13:28 - 2014-09-08 13:28 - 00003154 _____ () C:\Windows\System32\Tasks\{405D3FA4-397D-4A16-9D21-7494A877FA1E} 2014-09-08 13:19 - 2014-09-08 13:19 - 29689728 _____ (Deutsche Telekom AG) C:\Users\Minnich\Downloads\browser7-latest.exe 2014-09-08 11:33 - 2014-09-08 11:33 - 00718848 _____ ( ) C:\Users\Minnich\Downloads\IDM2-Win-EN.exe 2014-09-08 11:33 - 2014-09-08 11:33 - 00000000 ____D () C:\MININT 2014-09-07 10:59 - 2014-09-07 10:59 - 00000000 ____D () C:\Users\Minnich\AppData\Roaming\DriverFinder 2014-09-06 16:35 - 2014-09-06 16:35 - 00000000 ____D () C:\ProgramData\Telekom-Browser 7 2014-09-06 15:44 - 2014-09-06 15:44 - 00362592 _____ (Deutsche Telekom AG) C:\Users\Minnich\Downloads\browser7_setup.exe 2014-09-06 15:00 - 2014-09-07 11:19 - 00000000 ____D () C:\Program Files (x86)\ReimageExpress.com 2014-09-06 14:45 - 2014-09-06 14:46 - 00000000 ____D () C:\Program Files (x86)\Reimageplus.com 2014-09-06 10:47 - 2014-09-07 08:42 - 00001224 _____ () C:\Users\Minnich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-09-06 07:53 - 2014-09-06 07:53 - 00000464 _____ () C:\Windows\system32\ScannerSettings 2014-09-05 12:26 - 2014-09-05 12:26 - 00000000 ____D () C:\Users\Minnich\AppData\Local\speed browser 2014-09-04 17:34 - 2014-09-04 17:34 - 00000044 _____ () C:\Users\Minnich\AppData\Roaming\WB.CFG 2014-09-04 16:55 - 2014-09-04 16:55 - 00000000 ____D () C:\ProgramData\TEMP 2014-09-04 16:51 - 2014-09-04 16:51 - 00001246 _____ () C:\Windows\Tasks\KWHF.job 2014-09-04 16:50 - 2014-09-21 15:33 - 00000000 ____D () C:\Program Files\005 2014-09-04 16:33 - 2014-09-04 16:33 - 00000000 ____D () C:\33cb8ceb-6e1a-4e4c-9963-d32ad5205a76 2014-09-04 16:16 - 2014-09-04 16:16 - 00244400 _____ () C:\Users\Minnich\Downloads\Firefox Setup Stub 32.0.exe 2014-09-04 16:07 - 2014-09-08 14:18 - 00000000 ___HD () C:\Windows\msdownld.tmp 2014-09-04 07:27 - 2014-09-04 07:27 - 00000000 ____D () C:\Users\Minnich\AppData\Local\com 2014-09-03 19:44 - 2014-09-18 18:16 - 00000000 ___HD () C:\Users\Public\Temp 2014-09-03 19:29 - 2014-09-03 19:29 - 00936136 _____ () C:\Windows\Minidump\090314-14008-01.dmp 2014-09-03 15:43 - 2014-09-06 10:33 - 00000000 ____D () C:\ProgramData\4ef04fb202130dcc 2014-09-03 15:43 - 2014-09-03 15:43 - 00000000 ____D () C:\Users\Minnich\AppData\Local\Google 2014-09-03 15:43 - 2014-09-03 15:43 - 00000000 ____D () C:\Users\Minnich\AppData\Local\Comodo 2014-09-03 15:43 - 2014-09-03 15:43 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google 2014-09-03 15:43 - 2014-09-03 15:43 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo 2014-09-02 17:06 - 2014-09-11 11:02 - 00000000 ____D () C:\Users\Minnich\AppData\Roaming\QuickScan 2014-09-02 17:06 - 2014-09-02 17:06 - 00000000 ____D () C:\Users\Minnich\AppData\Local\CrashRpt 2014-09-02 17:04 - 2014-09-02 17:04 - 00073728 _____ ( ) C:\Users\Minnich\Desktop\guiformat.exe 2014-09-01 10:18 - 2014-09-01 10:18 - 00001248 _____ () C:\Users\Minnich\AppData\Roaming\KWHF 2014-09-01 08:38 - 2014-09-01 08:38 - 00000000 ____D () C:\Users\Minnich\AppData\Local\Adobe 2014-08-29 12:59 - 2014-08-29 12:59 - 02073521 _____ (Auerswald) C:\Users\Minnich\Downloads\Install.exe 2014-08-28 07:47 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2014-08-28 07:47 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2014-08-28 07:47 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-08-27 15:59 - 2014-08-27 16:00 - 01068280 _____ () C:\Windows\Minidump\082714-24024-01.dmp ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-22 18:26 - 2014-09-19 17:05 - 00007602 _____ () C:\Users\Minnich\Desktop\FRST.txt 2014-09-22 18:26 - 2014-09-19 17:05 - 00000000 ____D () C:\FRST 2014-09-22 18:23 - 2014-09-22 18:23 - 00854417 _____ () C:\Users\Minnich\Desktop\SecurityCheck.exe 2014-09-22 17:51 - 2009-07-14 06:45 - 00032352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-09-22 17:51 - 2009-07-14 06:45 - 00032352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-09-22 17:47 - 2014-09-22 17:47 - 00000000 ____D () C:\Program Files (x86)\ESET 2014-09-22 17:47 - 2014-09-19 17:13 - 02347384 _____ (ESET) C:\Users\Minnich\Desktop\esetsmartinstaller_deu.exe 2014-09-22 17:42 - 2013-09-12 08:36 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-09-22 17:39 - 2014-06-05 16:01 - 01202445 _____ () C:\Windows\WindowsUpdate.log 2014-09-22 17:35 - 2013-09-12 10:48 - 00030295 _____ () C:\Windows\setupact.log 2014-09-22 17:35 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-09-21 18:49 - 2014-09-21 18:49 - 02554924 _____ (Dominik Reichl ) C:\Users\Minnich\Downloads\KeePass-2.27-Setup.exe 2014-09-21 18:49 - 2014-09-21 18:49 - 00040876 _____ () C:\Users\Minnich\Downloads\KeePass-2.27-German.zip 2014-09-21 18:44 - 2014-09-21 18:32 - 00001710 _____ () C:\Windows\Sandboxie.ini 2014-09-21 18:32 - 2014-09-21 18:32 - 00000000 ___RD () C:\Sandbox 2014-09-21 18:31 - 2014-09-21 18:32 - 00000921 _____ () C:\Users\Minnich\Desktop\Sandboxed Web Browser.lnk 2014-09-21 18:31 - 2014-09-21 18:31 - 02656264 _____ (Sandboxie Holdings, LLC) C:\Users\Minnich\Downloads\SandboxieInstall.exe 2014-09-21 18:31 - 2014-09-21 18:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie 2014-09-21 18:31 - 2014-09-21 18:31 - 00000000 ____D () C:\Program Files\Sandboxie 2014-09-21 18:31 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared 2014-09-21 16:33 - 2014-09-21 16:32 - 00029115 _____ () C:\Users\Minnich\Desktop\Logfiles.zip 2014-09-21 16:15 - 2014-09-21 16:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip 2014-09-21 16:15 - 2014-09-21 16:15 - 00000000 ____D () C:\Program Files (x86)\7-Zip 2014-09-21 16:14 - 2014-09-21 16:14 - 01110476 _____ () C:\Users\Minnich\Desktop\7z920.exe 2014-09-21 15:54 - 2014-09-21 15:54 - 00002568 _____ () C:\Users\Minnich\Desktop\JRT_anonym.txt 2014-09-21 15:53 - 2014-09-21 15:53 - 00002571 _____ () C:\Users\Minnich\Desktop\JRT.txt 2014-09-21 15:45 - 2014-09-21 15:45 - 00000000 ____D () C:\Windows\ERUNT 2014-09-21 15:44 - 2014-09-21 15:44 - 01027006 _____ (Thisisu) C:\Users\Minnich\Desktop\JRT.exe 2014-09-21 15:43 - 2014-09-21 15:43 - 00127016 _____ () C:\Users\Minnich\Desktop\mbam_anonym.txt 2014-09-21 15:42 - 2014-09-21 15:42 - 00014830 _____ () C:\Users\Minnich\Desktop\AdwCleaner[S0]_anonym.txt 2014-09-21 15:41 - 2010-11-21 05:47 - 00232006 _____ () C:\Windows\PFRO.log 2014-09-21 15:40 - 2014-09-21 15:38 - 00000000 ____D () C:\AdwCleaner 2014-09-21 15:38 - 2014-09-21 15:36 - 00127342 _____ () C:\Users\Minnich\Desktop\mbam.txt 2014-09-21 15:35 - 2014-09-21 15:21 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-09-21 15:33 - 2014-09-04 16:50 - 00000000 ____D () C:\Program Files\005 2014-09-21 15:33 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-09-21 15:21 - 2014-09-21 15:21 - 00001109 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-09-21 15:21 - 2014-09-21 15:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-09-21 15:21 - 2014-09-21 15:21 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-09-21 15:21 - 2014-09-21 15:21 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-09-21 15:04 - 2014-09-21 15:04 - 00000000 ____D () C:\Program Files (x86)\DriverRestore 2014-09-21 15:04 - 2014-09-09 08:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverRestore 2014-09-21 14:57 - 2014-09-09 08:13 - 00000000 ____D () C:\Users\Minnich\AppData\Local\Gameo 2014-09-20 20:31 - 2014-09-20 20:31 - 00032959 _____ () C:\post01.txt 2014-09-20 20:00 - 2014-09-20 20:00 - 00032480 _____ () C:\ComboFix_anonym.txt 2014-09-20 19:58 - 2014-09-20 19:58 - 00032550 _____ () C:\ComboFix.txt 2014-09-20 19:58 - 2014-09-20 19:47 - 00000000 ____D () C:\Qoobox 2014-09-20 19:58 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default 2014-09-20 19:57 - 2014-09-20 19:46 - 00000000 ____D () C:\Windows\erdnt 2014-09-20 19:55 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini 2014-09-20 19:54 - 2009-07-14 04:34 - 56098816 _____ () C:\Windows\system32\config\SOFTWARE.bak 2014-09-20 19:54 - 2009-07-14 04:34 - 14155776 _____ () C:\Windows\system32\config\SYSTEM.bak 2014-09-20 19:54 - 2009-07-14 04:34 - 00524288 _____ () C:\Windows\system32\config\DEFAULT.bak 2014-09-20 19:54 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak 2014-09-20 19:54 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak 2014-09-20 11:01 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF 2014-09-20 10:49 - 2014-09-09 08:13 - 00000000 ____D () C:\Users\Minnich\AppData\Roaming\0C1I1L1R1J0C1F1G1G1P1R2Z 2014-09-20 10:32 - 2014-09-20 10:31 - 05578824 ____R (Swearware) C:\Users\Minnich\Desktop\ComboFix.exe 2014-09-20 09:47 - 2011-04-12 09:43 - 00699092 _____ () C:\Windows\system32\perfh007.dat 2014-09-20 09:47 - 2011-04-12 09:43 - 00149232 _____ () C:\Windows\system32\perfc007.dat 2014-09-20 09:47 - 2009-07-14 07:13 - 01619284 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-09-20 08:46 - 2014-06-05 18:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-09-19 19:12 - 2014-09-19 19:12 - 00001271 _____ () C:\Users\Minnich\Desktop\Revo Uninstaller.lnk 2014-09-19 19:12 - 2014-09-19 19:12 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2014-09-19 19:11 - 2014-09-19 19:11 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Minnich\Desktop\revosetup95.exe 2014-09-19 19:00 - 2014-09-19 19:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-09-19 17:26 - 2014-09-19 16:57 - 00000333 _____ () C:\Users\Minnich\Desktop\mal.txt 2014-09-19 17:14 - 2014-09-19 17:14 - 00709564 _____ () C:\Users\Minnich\Desktop\delfix_10.8.exe 2014-09-19 17:13 - 2014-09-19 17:13 - 00448512 _____ (OldTimer Tools) C:\Users\Minnich\Desktop\TFC.exe 2014-09-19 17:12 - 2014-09-19 17:12 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Minnich\Desktop\mbam-setup-2.0.2.1012.exe 2014-09-19 17:09 - 2014-09-19 17:09 - 01373475 _____ () C:\Users\Minnich\Desktop\AdwCleaner_3.310.exe 2014-09-19 17:04 - 2014-09-19 17:04 - 02105856 _____ (Farbar) C:\Users\Minnich\Desktop\FRST64.exe 2014-09-19 16:52 - 2014-09-19 16:52 - 00000000 ____D () C:\Users\Minnich\Desktop\Alte Browser7-Daten 2014-09-18 18:16 - 2014-09-03 19:44 - 00000000 ___HD () C:\Users\Public\Temp 2014-09-18 07:56 - 2013-09-12 08:35 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2014-09-18 07:56 - 2013-09-12 08:35 - 00002026 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk 2014-09-18 07:56 - 2013-09-12 08:35 - 00000000 ____D () C:\ProgramData\Adobe 2014-09-18 07:54 - 2014-06-05 17:32 - 00000000 ____D () C:\Users\Minnich\AppData\Roaming\Adobe 2014-09-15 14:12 - 2014-06-10 09:56 - 00000000 ____D () C:\Users\Minnich\Documents\Loewe 2014-09-15 12:44 - 2014-07-07 13:17 - 00001099 _____ () C:\Users\Minnich\AppData\Roaming\ShiftN.ini 2014-09-14 07:56 - 2014-09-14 07:56 - 01651552 _____ () C:\Windows\Minidump\091414-19156-01.dmp 2014-09-14 07:56 - 2014-06-11 17:27 - 4161772523 _____ () C:\Windows\MEMORY.DMP 2014-09-14 07:56 - 2014-06-11 17:27 - 00000000 ____D () C:\Windows\Minidump 2014-09-13 07:51 - 2014-06-06 11:08 - 00000000 ____D () C:\Program Files (x86)\Browser 7 Maintenance Service 2014-09-11 11:02 - 2014-09-02 17:06 - 00000000 ____D () C:\Users\Minnich\AppData\Roaming\QuickScan 2014-09-11 09:51 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache 2014-09-11 08:42 - 2014-09-11 08:42 - 10036224 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe 2014-09-11 08:42 - 2013-09-12 08:36 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-09-11 08:42 - 2013-09-12 08:36 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-09-11 08:42 - 2013-09-12 08:36 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-09-10 18:46 - 2013-09-12 09:33 - 01592628 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2014-09-10 18:45 - 2014-06-06 13:07 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-09-10 08:18 - 2014-06-06 11:28 - 00000000 ____D () C:\Windows\system32\MRT 2014-09-10 08:17 - 2014-06-06 11:28 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-09-09 08:17 - 2014-09-09 08:17 - 00000000 ____D () C:\Users\Minnich\AppData\Roaming\SumatraPDF 2014-09-09 08:13 - 2014-09-09 08:13 - 00000173 _____ () C:\Users\Minnich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Play Games Online.url 2014-09-09 08:13 - 2014-09-09 08:13 - 00000000 ___HD () C:\Users\Minnich\AppData\Roaming\GoldenGate 2014-09-09 07:47 - 2014-09-09 07:47 - 00853960 _____ (Reimage®) C:\Users\Minnich\Downloads\ReimageRepair.exe 2014-09-09 07:47 - 2014-09-09 07:47 - 00853960 _____ (Reimage®) C:\Users\Minnich\Downloads\ReimageRepair(1).exe 2014-09-08 14:18 - 2014-09-04 16:07 - 00000000 ___HD () C:\Windows\msdownld.tmp 2014-09-08 14:18 - 2014-06-06 11:59 - 00037103 _____ () C:\Windows\IE11_main.log 2014-09-08 13:32 - 2014-06-05 17:32 - 00063776 _____ () C:\Users\Minnich\AppData\Local\GDIPFONTCACHEV1.DAT 2014-09-08 13:32 - 2009-07-14 06:45 - 00287824 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-09-08 13:28 - 2014-09-08 13:28 - 00003154 _____ () C:\Windows\System32\Tasks\{405D3FA4-397D-4A16-9D21-7494A877FA1E} 2014-09-08 13:20 - 2014-06-06 11:08 - 00001339 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Browser 7 der Telekom.lnk 2014-09-08 13:20 - 2014-06-06 11:08 - 00001327 _____ () C:\Users\Public\Desktop\Browser 7 der Telekom.lnk 2014-09-08 13:19 - 2014-09-08 13:19 - 29689728 _____ (Deutsche Telekom AG) C:\Users\Minnich\Downloads\browser7-latest.exe 2014-09-08 11:33 - 2014-09-08 11:33 - 00718848 _____ ( ) C:\Users\Minnich\Downloads\IDM2-Win-EN.exe 2014-09-08 11:33 - 2014-09-08 11:33 - 00000000 ____D () C:\MININT 2014-09-08 11:33 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Resources 2014-09-07 11:19 - 2014-09-06 15:00 - 00000000 ____D () C:\Program Files (x86)\ReimageExpress.com 2014-09-07 10:59 - 2014-09-07 10:59 - 00000000 ____D () C:\Users\Minnich\AppData\Roaming\DriverFinder 2014-09-07 08:42 - 2014-09-06 10:47 - 00001224 _____ () C:\Users\Minnich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-09-07 08:42 - 2014-06-05 18:19 - 00001880 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-09-07 08:42 - 2014-06-05 18:19 - 00001868 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-09-06 16:35 - 2014-09-06 16:35 - 00000000 ____D () C:\ProgramData\Telekom-Browser 7 2014-09-06 16:35 - 2014-06-06 11:08 - 00000000 ____D () C:\Users\Minnich\AppData\Roaming\Deutsche Telekom AG 2014-09-06 15:44 - 2014-09-06 15:44 - 00362592 _____ (Deutsche Telekom AG) C:\Users\Minnich\Downloads\browser7_setup.exe 2014-09-06 15:03 - 2014-06-07 15:37 - 00000000 ____D () C:\Windows\system32\appmgmt 2014-09-06 14:50 - 2013-09-12 08:33 - 00002051 _____ () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-09-06 14:50 - 2013-09-12 08:33 - 00002051 _____ () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-09-06 14:46 - 2014-09-06 14:45 - 00000000 ____D () C:\Program Files (x86)\Reimageplus.com 2014-09-06 11:01 - 2009-07-14 04:34 - 00000505 _____ () C:\Windows\win.ini 2014-09-06 10:33 - 2014-09-03 15:43 - 00000000 ____D () C:\ProgramData\4ef04fb202130dcc 2014-09-06 07:53 - 2014-09-06 07:53 - 00000464 _____ () C:\Windows\system32\ScannerSettings 2014-09-05 12:26 - 2014-09-05 12:26 - 00000000 ____D () C:\Users\Minnich\AppData\Local\speed browser 2014-09-05 04:10 - 2014-09-10 14:55 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-09-05 04:05 - 2014-09-10 14:55 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-09-04 17:34 - 2014-09-04 17:34 - 00000044 _____ () C:\Users\Minnich\AppData\Roaming\WB.CFG 2014-09-04 16:55 - 2014-09-04 16:55 - 00000000 ____D () C:\ProgramData\TEMP 2014-09-04 16:51 - 2014-09-04 16:51 - 00001246 _____ () C:\Windows\Tasks\KWHF.job 2014-09-04 16:33 - 2014-09-04 16:33 - 00000000 ____D () C:\33cb8ceb-6e1a-4e4c-9963-d32ad5205a76 2014-09-04 16:16 - 2014-09-04 16:16 - 00244400 _____ () C:\Users\Minnich\Downloads\Firefox Setup Stub 32.0.exe 2014-09-04 07:27 - 2014-09-04 07:27 - 00000000 ____D () C:\Users\Minnich\AppData\Local\com 2014-09-04 07:25 - 2014-06-05 18:20 - 00000000 ____D () C:\Users\Minnich\AppData\Roaming\Mozilla 2014-09-03 19:29 - 2014-09-03 19:29 - 00936136 _____ () C:\Windows\Minidump\090314-14008-01.dmp 2014-09-03 15:43 - 2014-09-03 15:43 - 00000000 ____D () C:\Users\Minnich\AppData\Local\Google 2014-09-03 15:43 - 2014-09-03 15:43 - 00000000 ____D () C:\Users\Minnich\AppData\Local\Comodo 2014-09-03 15:43 - 2014-09-03 15:43 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google 2014-09-03 15:43 - 2014-09-03 15:43 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo 2014-09-02 17:06 - 2014-09-02 17:06 - 00000000 ____D () C:\Users\Minnich\AppData\Local\CrashRpt 2014-09-02 17:04 - 2014-09-02 17:04 - 00073728 _____ ( ) C:\Users\Minnich\Desktop\guiformat.exe 2014-09-02 10:05 - 2014-06-06 12:17 - 00000000 ____D () C:\It2001 2014-09-01 10:18 - 2014-09-01 10:18 - 00001248 _____ () C:\Users\Minnich\AppData\Roaming\KWHF 2014-09-01 08:38 - 2014-09-01 08:38 - 00000000 ____D () C:\Users\Minnich\AppData\Local\Adobe 2014-08-29 12:59 - 2014-08-29 12:59 - 02073521 _____ (Auerswald) C:\Users\Minnich\Downloads\Install.exe 2014-08-27 16:00 - 2014-08-27 15:59 - 01068280 _____ () C:\Windows\Minidump\082714-24024-01.dmp 2014-08-25 06:53 - 2010-11-21 05:27 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2014-08-23 04:07 - 2014-08-28 07:47 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2014-08-23 03:45 - 2014-08-28 07:47 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2014-08-23 02:59 - 2014-08-28 07:47 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys Some content of TEMP: ==================== C:\Users\Minnich\AppData\Local\Temp\DRHelper_uninstallComplete.exe C:\Users\Minnich\AppData\Local\Temp\Quarantine.exe C:\Users\Minnich\AppData\Local\Temp\vcredist_x64.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-09-17 11:49 ==================== End Of Log ============================ --- --- --- Addition Log: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-09-2014 Ran by Minnich at 2014-09-22 18:26:32 Running from C:\Users\Minnich\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - ) Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.152 - Adobe Systems Incorporated) Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated) Adobe Reader XI (11.0.09) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated) Browser 7 der Telekom 31.0.20 (x86 de) (HKLM-x32\...\Browser 7 der Telekom 31.0.20 (x86 de)) (Version: 31.0.20 - Deutsche Telekom AG) Browser 7 Maintenance Service (HKLM-x32\...\Browser7MaintenanceService) (Version: 31.0.19 - Deutsche Telekom AG) ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - ) InfoTip 2001 (HKLM-x32\...\It2001) (Version: - ) MAGIX Foto & Grafik Designer 9 (HKLM-x32\...\MX.{E84F54E0-4BC7-4C19-A969-D22574CDC118}) (Version: 9.1.2.28274 - MAGIX AG) MAGIX Foto & Grafik Designer 9 (Version: 9.1.2.28274 - MAGIX AG) Hidden MAGIX Web Designer MX Premium (HKLM-x32\...\MAGIX_{4D5A1C12-2F7B-4A67-B186-ECAE22EF4FCB}) (Version: 8.0.2.21761 - MAGIX AG) MAGIX Web Designer MX Premium (Version: 8.0.2.21761 - MAGIX AG) Hidden Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation) McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.) Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Mozilla Firefox 32.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 32.0.2 (x86 de)) (Version: 32.0.2 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 32.0 - Mozilla) MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) Photo & Graphic Designer 9 Update (Version: 9.2.8.32681 - MAGIX Software GmbH) Hidden PIKO Master Control V2.0 v1.2.2.38199 (HKLM-x32\...\PIKO Master Control V2.0_is1) (Version: 1.2.2.38199 - KOSTAL Solar Electric GmbH) Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group) Sandboxie 4.12 (64-bit) (HKLM\...\Sandboxie) (Version: 4.12 - Sandboxie Holdings, LLC) Web Designer Premium MX Update (Version: 8.1.5.31094 - MAGIX AG) Hidden ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 17-09-2014 06:11:01 Windows Update 20-09-2014 08:47:52 Revo Uninstaller's restore point - Easy PDF Reader Packages 20-09-2014 08:49:38 Revo Uninstaller's restore point - istartsurf uninstall 20-09-2014 08:52:05 Revo Uninstaller's restore point - Software Version Updater 21-09-2014 12:55:56 Revo Uninstaller's restore point - Gameo 21-09-2014 12:57:22 Revo Uninstaller's restore point - PC Speed Maximizer v3.2 21-09-2014 13:06:58 Revo Uninstaller's restore point - simplitec simplicheck 21-09-2014 13:07:12 Removed simplitec simplicheck ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 04:34 - 2014-09-20 19:55 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {6C3EFE4C-FB27-4E5E-BA51-850E1178EDCB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-11] (Adobe Systems Incorporated) Task: {7929E22C-9E3E-461B-BA2F-D97C10256833} - \ReimageUpdater No Task File <==== ATTENTION Task: {D8511953-6640-4969-95BD-A56F00F64566} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\KWHF.job => C:\Users\Minnich\AppData\Roaming\KWHF.exe ==================== Loaded Modules (whitelisted) ============= 2014-09-19 19:00 - 2014-09-19 19:00 - 03734640 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\startupreg: Unattend0000000001{15346C6C-F853-4410-BF55-473812C60FF7} => %SYSTEMDRIVE%\restore\createrestore.exe /r ==================== Faulty Device Manager Devices ============= Name: Teredo Tunneling Pseudo-Interface Description: Microsoft-Teredo-Tunneling-Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (09/22/2014 06:20:59 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (09/22/2014 05:47:39 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (09/22/2014 05:47:34 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (09/22/2014 05:47:34 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (09/22/2014 05:47:26 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (09/22/2014 05:37:27 PM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT-AUTORITÄT) Description: Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine Ereignisse übermittelt werden. Error: (09/21/2014 05:46:32 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (09/21/2014 03:58:14 PM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT-AUTORITÄT) Description: Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine Ereignisse übermittelt werden. System errors: ============= Error: (09/22/2014 05:35:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Reimage Real Time Protector" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (09/21/2014 03:56:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Reimage Real Time Protector" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Microsoft Office Sessions: ========================= Error: (09/22/2014 06:20:59 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe Error: (09/22/2014 05:47:39 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Minnich\Desktop\esetsmartinstaller_deu.exe Error: (09/22/2014 05:47:34 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Minnich\Desktop\esetsmartinstaller_deu.exe Error: (09/22/2014 05:47:34 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Minnich\Desktop\esetsmartinstaller_deu.exe Error: (09/22/2014 05:47:26 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Minnich\Desktop\esetsmartinstaller_deu.exe Error: (09/22/2014 05:37:27 PM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT-AUTORITÄT) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/21/2014 05:46:32 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\Users\Minnich\Desktop\esetsmartinstaller_deu.exe Error: (09/21/2014 03:58:14 PM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT-AUTORITÄT) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 CodeIntegrity Errors: =================================== Date: 2014-09-20 19:53:14.000 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2014-09-20 19:53:13.954 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. ==================== Memory info =========================== Processor: Intel(R) Core(TM)2 Duo CPU E7500 @ 2.93GHz Percentage of memory in use: 41% Total physical RAM: 3967.61 MB Available physical RAM: 2322.46 MB Total Pagefile: 7933.41 MB Available Pagefile: 6379.6 MB Total Virtual: 8192 MB Available Virtual: 8191.84 MB ==================== Drives ================================ Drive c: (Windows) (Fixed) (Total:225.22 GB) (Free:184.65 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive e: (RENATE) (Fixed) (Total:931.28 GB) (Free:924.92 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 0841F56C) Partition 1: (Not Active) - (Size=7.7 GB) - (Type=27) Partition 2: (Active) - (Size=225.2 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: CD407128) Partition 1: (Active) - (Size=931.5 GB) - (Type=0C) ==================== End Of Log ============================ Geändert von root2 (22.09.2014 um 17:41 Uhr) |
23.09.2014, 18:24 | #13 |
/// the machine /// TB-Ausbilder | Befall von Malware (zym.tollbahsuburban.com) auf Windows 7 Professional PC Backup auf E löschen. Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop. Schließe nun alle offenen Programme und trenne Dich von dem Internet. Doppelklick auf die TFC.exe und drücke auf Start. Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen. Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter S2 ReimageRealTimeProtector; C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [X] Task: {7929E22C-9E3E-461B-BA2F-D97C10256833} - \ReimageUpdater No Task File <==== ATTENTION Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
23.09.2014, 19:09 | #14 |
| Befall von Malware (zym.tollbahsuburban.com) auf Windows 7 Professional PC Danke für die Antwort. TFC hat keinen Neustart gefordert. Anbei das Fixlog: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 23-09-2014 Ran by Minnich at 2014-09-23 20:06:15 Run:1 Running from C:\Users\Minnich\Desktop Boot Mode: Normal ============================================== Content of fixlist: ***************** S2 ReimageRealTimeProtector; C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [X] Task: {7929E22C-9E3E-461B-BA2F-D97C10256833} - \ReimageUpdater No Task File <==== ATTENTION ***************** ReimageRealTimeProtector => Service deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7929E22C-9E3E-461B-BA2F-D97C10256833}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7929E22C-9E3E-461B-BA2F-D97C10256833}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ReimageUpdater" => Key deleted successfully. ==== End of Fixlog ==== Was soll mit den weiteren Funden von ESET gemacht werden?: Code:
ATTFilter sh=99414731D83EBD1177112CFE7E3D849C4DC156F5 ft=1 fh=fbdf85939d27573c vn="Variante von Win64/Systweak.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\System32\roboot64.exe.vir" sh=8B67C4946B050285FE89EFE36AB6DC2F7B3E2D2F ft=1 fh=d91722da20002316 vn="Variante von Win64/Riskware.NetFilter.F Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\System32\drivers\netfilter64.sys.vir" sh=7F8E18A2E0BA11295D0CDAA81104E4896B84AC2F ft=1 fh=473853ca0f47624e vn="Win32/SearchPlugin.A evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\ReimageExpress.com\ExpressSetup.exe" sh=B018ADBCA951AC0EB0757AFFD7EAB8FC0228CA91 ft=1 fh=fda9a5748d3eb594 vn="Variante von Win32/Adware.SpeedingUpMyPC.C Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\Probit Software\Easy Speed PC\ESPCSmartScan.exe.vir" sh=36F969E522FD53A189312D946C430EFD02D5A982 ft=1 fh=5d022c015afe1524 vn="Variante von Win32/ELEX.AV evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\ProgramData\IePluginServices\PluginService.exe.vir" sh=7028F239FAC673EE7DC7772ACC75D759EA73837D ft=1 fh=e769f095fe49f653 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Minnich\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4JLGS9U4\spstub[1].exe" sh=5D1F071AF658A18DAA3C5BB68316CCBA3A48AA28 ft=1 fh=fb52270167c4e8d1 vn="Variante von Win32/BrowseFox.O evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Minnich\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4JLGS9U4\SunriseBrowse[1].dll" sh=7028F239FAC673EE7DC7772ACC75D759EA73837D ft=1 fh=e769f095fe49f653 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Minnich\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FK80VV1E\spstub[1].exe" sh=54BE56B6705EB161677DEE881A9E7B72E5861179 ft=1 fh=f0ed7077fc73dcf1 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Minnich\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KWH45R1F\SPSetup[1].exe" sh=54BE56B6705EB161677DEE881A9E7B72E5861179 ft=1 fh=f0ed7077fc73dcf1 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Minnich\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QE4VSUIX\SPSetup[1].exe" sh=ADD584BDB3CF5550D6835065051A551D3BE0369F ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Visicom.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Minnich\AppData\Local\Mozilla\Firefox\Profiles\e5fvsnq2.default\cache2\entries\DA3D0634E1E1F5126E557AED536ECCF78549AE57" sh=78E29B91D2854331B7F28B9FE6B3EEE2EB158CE3 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Iminent.I evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Minnich\AppData\Local\Mozilla\Firefox\Profiles\e5fvsnq2.default\cache2\entries\ED96577D1C76EC0B52951D819D12338706A165A1" sh=4D61862340A8C252665F1927CACB3038D474F2EA ft=1 fh=6d632a397799bb5e vn="Variante von Win32/Bundled.Toolbar.Ask.G potenziell unsichere Anwendung" ac=I fn="C:\Users\Minnich\Documents\MAGIX Downloads\Installationsmanager\Foto_Grafik_Designer_9_DLV_de-DE_130611_10-14_9_1_2_28274.exe" sh=907DF0456F03AEAA8E44D2D9D3CD4558BA07B2DB ft=1 fh=6012deb93b048baa vn="Variante von Win32/InstallCore.PX evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Minnich\Downloads\IDM2-Win-EN.exe" sh=4D61862340A8C252665F1927CACB3038D474F2EA ft=1 fh=6d632a397799bb5e vn="Variante von Win32/Bundled.Toolbar.Ask.G potenziell unsichere Anwendung" ac=I fn="E:\# Backup Minnich PC\Documents\MAGIX Downloads\Installationsmanager\Foto_Grafik_Designer_9_DLV_de-DE_130611_10-14_9_1_2_28274.exe" sh=907DF0456F03AEAA8E44D2D9D3CD4558BA07B2DB ft=1 fh=6012deb93b048baa vn="Variante von Win32/InstallCore.PX evtl. unerwünschte Anwendung" ac=I fn="E:\# Backup Minnich PC\Downloads\IDM2-Win-EN.exe" sh=BFA542DBC16C89A48B530FC9994CA9FED8075DAC ft=1 fh=adb9f53f93ace214 vn="Variante von Win32/AdWare.iBryte.BI Anwendung" ac=I fn="E:\# Backup Minnich PC\Downloads\javaupdate_setup.exe" sh=6D3D4498134083CBAE385671D554842C6FEB459F ft=1 fh=67d76dabf1ab7c07 vn="Variante von Win32/SoftPulse.L evtl. unerwünschte Anwendung" ac=I fn="E:\# Backup Minnich PC\Downloads\Setup(1).exe" sh=CCD74435A69F55E73048A22E45B983C730E66D07 ft=1 fh=bda8312af1ab7c07 vn="Variante von Win32/SoftPulse.L evtl. unerwünschte Anwendung" ac=I fn="E:\# Backup Minnich PC\Downloads\Setup.exe" |
24.09.2014, 11:15 | #15 |
/// the machine /// TB-Ausbilder | Befall von Malware (zym.tollbahsuburban.com) auf Windows 7 Professional PC Sind schon in Quarantäne, also werden die beim Entfernen der Tools mit entfernt. Die DInger in Dokumente und Download Ordner kannste von Hand löschen.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |