| |
| |||||||
Log-Analyse und Auswertung: Win7 Prof. Infiziert mit Win32/Packed.Asprotect.DS Trojaner! Entfernung?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
24.09.2014, 13:13
| #1 |
| |  Win7 Prof. Infiziert mit Win32/Packed.Asprotect.DS Trojaner! Entfernung? Hallo, ich wäre sehr dankbar für Hilfe. Habe gestern unachtsam einen Mail-ZIP-Anhang geöffnet. Habs gleich gemerkt und mich verflucht. Kurz danach kam die Meldung: Windows-Sicherheitscenter deaktiviert. Aktivieren ging nicht... Ein Scan mit Avast bracht zutage, dass ein Trojaner (s. Betreff) vorhanden war. Die Dateien wurden durch Avast gelöscht. Die Symptome waren aber nach wie vor da (Sicherheitscenter und Firewall ließen sich nicht aktivieren) Ich habe mir dann "Trojan Remover" heruntergeladen und laufenlassen. Das Problem mit dem Sicherheistcenter konnte durch ein Microsoft "Fix-it" behoben werden. Leider habe ich dann erst diese Seite gefunden. Ich habe versucht, die ersten Schritte wie beschrieben vorzunehmen, war aber blöderweise vorher schon aktiv. Deshalb jetzt zunächst die Logs der empfohlenen Scans: 1. Defogger erfolgreich laufen lassen. 2. Systemscan mit FRST: a) FRST.txt: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-09-2014
Ran by User1 (administrator) on User1-HP on 24-09-2014 08:42:29
Running from C:\Users\User1\Desktop
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(ALWIL Software) C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
(ALWIL Software) C:\Program Files\Alwil Software\Avast4\aswServ.exe
() C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ALWIL Software) C:\Program Files\Alwil Software\Avast4\AvAgent.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
() C:\Program Files\GNU\GnuPG\dirmngr.exe
(Gladinet, INC) C:\Program Files\Gladinet\Gladinet Cloud Desktop\GladFileMonSvc.exe
(AnchorFree Inc.) C:\Program Files\Hotspot Shield\bin\openvpnas.exe
(AnchorFree Inc.) C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
() C:\Program Files\Hotspot Shield\bin\hsswd.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(PDF Complete Inc) C:\Program Files\PDF Complete\pdfsvc.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version6\TeamViewer.exe
(ALWIL Software) C:\Program Files\Alwil Software\Avast4\aswDisp.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Program Files\AirVideoServer\AirVideoServer.exe
(1&1 Mail & Media GmbH) C:\Program Files\WEB.DE\WEB.DE SmartDrive Manager\DAVSRV.EXE
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
(Macrovision Europe Ltd.) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(FreeDownloadManager.ORG) C:\Program Files\Free Download Manager\fdm.exe
(Microsoft Corporation) C:\Users\User1\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
() C:\Program Files\Printer Pro Desktop\PrinterProDesktop.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudDrive.exe
(Audible, Inc.) C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google) C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(ReNoStar GmbH) C:\Renostar\ziuboost.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Dropbox, Inc.) C:\Users\User1\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
(ReNoStar GmbH) C:\Renostar\ziuserv.exe
(Deutsche Telekom AG) C:\Users\User1\AppData\Roaming\Telekom\MediencenterSync\Mediencenter.exe
(AnchorFree Inc.) C:\Program Files\Hotspot Shield\bin\openvpntray.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(Gladinet, INC) C:\Program Files\Gladinet\Gladinet Cloud Desktop\GladinetClient.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Gladinet) C:\Program Files\Gladinet\Gladinet Cloud Desktop\GladinetPluginHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Google Inc.) C:\Users\User1\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User1\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User1\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User1\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User1\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User1\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User1\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User1\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User1\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User1\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User1\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User1\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User1\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User1\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User1\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User1\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User1\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User1\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User1\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User1\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User1\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User1\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User1\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User1\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User1\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User1\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User1\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User1\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User1\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User1\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [NortonOnlineBackupReminder] => C:\Program Files\Symantec\Norton Online Backup\Activation\NobuActivation.exe [600936 2009-06-29] (Symantec Corporation)
HKLM\...\Run: [PDF Complete] => C:\Program Files\PDF Complete\pdfsty.exe [563736 2009-06-18] (PDF Complete Inc)
HKLM\...\Run: [avast!] => C:\Program Files\Alwil Software\Avast4\aswDisp.exe [81000 2010-02-18] (ALWIL Software)
HKLM\...\Run: [Adobe Photo Downloader] => C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe [57344 2005-09-09] (Adobe Systems Incorporated)
HKLM\...\Run: [AppleSyncNotifier] => C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-10-06] (Apple Inc.)
HKLM\...\Run: [ApplyEsf-eDocPrintPro] => C:\Program Files\Common Files\MAYComputer\eDocPrintPro\\ApplyEsf.exe [315392 2009-05-19] (May Software)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM\...\Run: [KeePass 2 PreLoad] => C:\Program Files\KeePass Password Safe 2\KeePass.exe [1912832 2012-10-04] (Dominik Reichl)
HKLM\...\Run: [LexwareInfoService] => C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe [339312 2010-09-15] (Haufe-Lexware GmbH & Co. KG)
HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [620152 2006-10-23] (Adobe Systems Inc.)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKLM\...\Run: [TrojanScanner] => C:\Program Files\Trojan Remover\Trjscan.exe [1666432 2014-05-22] (Simply Super Software)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-08-19] (Hewlett-Packard)
HKLM\...\Policies\Explorer: [NoWelcomeScreen] 1
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 0
HKLM\...\Policies\Explorer: [HideSCAHealth] 0
HKU\S-1-5-21-1903734357-4184266498-2229017531-1000\...\Run: [Google Update] => C:\Users\User1\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2010-05-31] (Google Inc.)
HKU\S-1-5-21-1903734357-4184266498-2229017531-1000\...\Run: [AirVideoServer] => C:\Program Files\AirVideoServer\AirVideoServer.exe [4923784 2010-09-22] ()
HKU\S-1-5-21-1903734357-4184266498-2229017531-1000\...\Run: [WEB.DE_WEB.DE SmartDrive Manager] => C:\Program Files\WEB.DE\WEB.DE SmartDrive Manager\DAVSRV.EXE [1259624 2011-11-21] (1&1 Mail & Media GmbH)
HKU\S-1-5-21-1903734357-4184266498-2229017531-1000\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-08-08] (Apple Inc.)
HKU\S-1-5-21-1903734357-4184266498-2229017531-1000\...\Run: [ApplePhotoStreams] => C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-08-14] (Apple Inc.)
HKU\S-1-5-21-1903734357-4184266498-2229017531-1000\...\Run: [Haufe.TimeManagement] => C:\Program Files\lexware\zeitmanagement\2011\Haufe.TimeManagement.exe [1440112 2012-04-20] (Haufe-Lexware GmbH & Co. KG)
HKU\S-1-5-21-1903734357-4184266498-2229017531-1000\...\Run: [Free Download Manager] => C:\Program Files\Free Download Manager\fdm.exe [6860288 2013-01-17] (FreeDownloadManager.ORG)
HKU\S-1-5-21-1903734357-4184266498-2229017531-1000\...\Run: [SkyDrive] => C:\Users\User1\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [251040 2014-08-01] (Microsoft Corporation)
HKU\S-1-5-21-1903734357-4184266498-2229017531-1000\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [22734160 2014-08-08] (Google)
HKU\S-1-5-21-1903734357-4184266498-2229017531-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [21650016 2014-07-24] (Skype Technologies S.A.)
HKU\S-1-5-21-1903734357-4184266498-2229017531-1000\...\Run: [PrinterProDesktop] => C:\Program Files\Printer Pro Desktop\PrinterProDesktop.exe [2132992 2012-02-02] ()
HKU\S-1-5-21-1903734357-4184266498-2229017531-1000\...\Run: [iCloudDrive] => C:\Program Files\Common Files\Apple\Internet Services\iCloudDrive.exe [43816 2014-08-15] (Apple Inc.)
HKU\S-1-5-21-1903734357-4184266498-2229017531-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-1903734357-4184266498-2229017531-1000\...\Policies\Explorer: [TaskbarNoNotification] 0
HKU\S-1-5-21-1903734357-4184266498-2229017531-1000\...\Policies\Explorer: [HideSCAHealth] 0
HKU\S-1-5-21-1903734357-4184266498-2229017531-1000\...\MountPoints2: {2928cb63-c264-11e0-9291-d8d3857e19f6} - K:\LaunchU3.exe -a
HKU\S-1-5-21-1903734357-4184266498-2229017531-1005\...\Run: [HPADVISOR] => C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat - Schnellstart.lnk
ShortcutTarget: Adobe Acrobat - Schnellstart.lnk -> C:\Windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
ShortcutTarget: Adobe Reader Synchronizer.lnk -> C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Audible Download Manager.lnk
ShortcutTarget: Audible Download Manager.lnk -> C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe (Audible, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Gladinet Cloud Desktop.lnk
ShortcutTarget: Gladinet Cloud Desktop.lnk -> C:\Windows\Installer\{9ADA9B3F-E787-403A-8CDA-67FD54DDBEC7}\_F2E0BB47ED476F1BDF8B87.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Google Calendar Sync.lnk
ShortcutTarget: Google Calendar Sync.lnk -> C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe (Google)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RenoBoost.lnk
ShortcutTarget: RenoBoost.lnk -> C:\Renostar\ziuboost.exe (ReNoStar GmbH)
Startup: C:\Users\User1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\User1\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\User1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
Startup: C:\Users\User1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mediencenter.lnk
ShortcutTarget: Mediencenter.lnk -> C:\Users\User1\AppData\Roaming\Telekom\MediencenterSync\Mediencenter.exe (Deutsche Telekom AG)
ShellIconOverlayIdentifiers: 01Mediencenter_InSync -> {77BC4082-DB5F-439A-8DC8-F9E24A63B0DE} => C:\Users\User1\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll (Deutsche Telekom AG)
ShellIconOverlayIdentifiers: 02Mediencenter_ToSync -> {528EE335-5034-4EFC-834E-63E5F02D2BC2} => C:\Users\User1\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll (Deutsche Telekom AG)
ShellIconOverlayIdentifiers: 03Mediencenter_Failed -> {6066ADF0-9EB0-43E5-ADB6-990F5A3B979C} => C:\Users\User1\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll (Deutsche Telekom AG)
ShellIconOverlayIdentifiers: GDriveBlacklistedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedEditOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedViewOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncingOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GladinetIconOverlay -> {3C3DC57A-7535-48AF-BB9E-C3576A4F34D0} => C:\Program Files\Gladinet\Gladinet Cloud Desktop\GlOverlayIcon.dll (Gladinet, INC)
ShellIconOverlayIdentifiers: GladinetUploading -> {959A18D3-9CC9-41e8-B76F-34ED9A89D4EA} => C:\Program Files\Gladinet\Gladinet Cloud Desktop\GlOverlayIconU.dll (Gladinet, INC)
ShellIconOverlayIdentifiers: NTFSLink_Hardlink -> {0314E3A0-45DB-4D75-BB86-27B8EF28907B} => C:\Program Files\NTFS Link\ntfslink.dll (Michael Elsdoerfer)
ShellIconOverlayIdentifiers: NTFSLink_Junction -> {61702EF5-1B33-487F-995F-6FA23F1D6652} => C:\Program Files\NTFS Link\ntfslink.dll (Michael Elsdoerfer)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com/?SearchSource=10&ctid=CT2269050&CUI=UN13549586332807810
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10
URLSearchHook: HKLM - DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVD2.dll (Conduit Ltd.)
URLSearchHook: HKCU - (No Name) - {b106b661-3e1b-4015-af5c-195e909f35c6} - No File
URLSearchHook: HKCU - DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVD2.dll (Conduit Ltd.)
SearchScopes: HKLM - DefaultScope {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
SearchScopes: HKCU - DefaultScope {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=SPC2&o=15000&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=PV&apn_dtid=YYYYYYYYDE&apn_uid=57484016-3AFA-47AE-8752-999379679556&apn_sauid=4F915ABF-D90E-48B7-AB35-63ECFAC8B5A3
SearchScopes: HKCU - {959BE5A4-EE6C-421B-BCF4-D90E4D8F869C} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
SearchScopes: HKCU - {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
SearchScopes: HKCU - {c99fdc39-a1ae-4b24-8d71-e5274f8d7c54} URL = hxxp://search.hotspotshield.com/g/results.php?c=s&q={searchTerms}
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: DVDVideoSoftTB Toolbar -> {872b5b88-9db5-4310-bdd0-ac189557e5f5} -> C:\Program Files\DVDVideoSoftTB\prxtbDVD2.dll (Conduit Ltd.)
BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO: Free Download Manager -> {CC59E0F9-7E43-44FA-9FAA-8377850BF205} -> C:\Program Files\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG)
BHO: No Name -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> No File
BHO: Hotspot Shield Class -> {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -> C:\Program Files\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)
Toolbar: HKLM - DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVD2.dll (Conduit Ltd.)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKCU - DVDVideoSoftTB Toolbar - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files\DVDVideoSoftTB\prxtbDVD2.dll (Conduit Ltd.)
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: 127.0.0.1 box.anchorfree.net
Tcpip\Parameters: [DhcpNameServer] 192.168.0.253
Tcpip\..\Interfaces\{9070C6BC-FDE8-47DC-990D-F527F074EC3D}: [NameServer] 192.168.0.250
FireFox:
========
FF ProfilePath: C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\9we27dqw.default
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.spiegel.de/|hxxp://www.rollingstone.de/|hxxp://www.zeit.de/index|https://secure-squashtv.premiumtv.co.uk/page/secure/BuyNow/?schemeAndHost=http%3A%2F%2Fwww.psasquashtv.com|https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=11&ct=1335336225&rver=6.1.6206.0&wp=MBI_SSL_SHARED&wreply=https:%2F%2Fskydrive.live.com%2F%3Flc%3D1031&lc=1031&id=250206&mkt=de-DE&cbcxt=sky
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.21.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll No File
FF Plugin: @java.com/JavaPlugin,version=10.21.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\User1\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\User1\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\User1\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\User1\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\User1\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\User1\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\9we27dqw.default\searchplugins\conduit.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Разпознаване на устройство Logitech - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\9we27dqw.default\Extensions\DeviceDetection@logitech.com [2011-10-19]
FF Extension: Free Download Manager plugin - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\9we27dqw.default\Extensions\fdm_ffext@freedownloadmanager.org [2012-12-13]
FF Extension: Xmarks - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\9we27dqw.default\Extensions\foxmarks@kei.com [2014-09-22]
FF Extension: KeeFox - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\9we27dqw.default\Extensions\keefox@chris.tomlinson [2014-09-22]
FF Extension: facebookvideo - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\9we27dqw.default\Extensions\{43c35458-c907-439b-bcfd-07d373834689} [2010-06-25]
FF Extension: FT SleekDark - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\9we27dqw.default\Extensions\{a21cd440-41d6-11e0-9207-0800200c9a66} [2012-05-09]
FF Extension: Aviary - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\9we27dqw.default\Extensions\{d5eeb813-935a-435d-b01e-b3a02f2cb408} [2011-12-17]
FF Extension: Embedded Objects - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\9we27dqw.default\Extensions\firefox@red-cog.com.xpi [2012-01-24]
FF Extension: Facebook Privacy Watcher - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\9we27dqw.default\Extensions\fpw@informatik.tu-darmstadt.de.xpi [2012-11-09]
FF Extension: MozRepl - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\9we27dqw.default\Extensions\mozrepl@hyperstruct.net.xpi [2011-07-26]
FF Extension: MyPermissions Cleaner - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\9we27dqw.default\Extensions\{6140bbfd-aa20-11e1-aba7-109add603214}.xpi [2014-01-10]
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\9we27dqw.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012-11-22]
FF Extension: StumbleUpon - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\9we27dqw.default\Extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}.xpi [2011-10-26]
FF Extension: Menu Editor - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\9we27dqw.default\Extensions\{EDA7B1D7-F793-4e03-B074-E6F303317FB0}.xpi [2011-03-14]
FF Extension: Hotspot Shield Helper (Please allow this installation) - C:\Program Files\Mozilla Firefox\extensions\afurladvisor@anchorfree.com [2014-03-20]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]
FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
Chrome:
=======
CHR HomePage: Default -> hxxp://www.spiegel.de/
CHR StartupUrls: Default -> "hxxp://www.spiegel.de/", "hxxp://www.zeit.de/index", "https://startpage.com/deu/"
CHR DefaultSearchKeyword: Default -> 322926C86E96565B5B186D0D93824BA7109A5AB72F38EEFF449414F716A6F639
CHR DefaultSearchURL: Default -> 431FA44896D609C9D05DAD0EBC81671B01516EE64A9157C9D94B71F353B0BCD8
CHR Plugin: (Chrome PDF Viewer) - C:\Users\User1\AppData\Local\Google\Chrome\Application\38.0.2125.66\pdf.dll ()
CHR Plugin: (Google Gears 0.5.33.0) - C:\Users\User1\AppData\Local\Google\Chrome\Application\38.0.2125.66\gears.dll No File
CHR Plugin: (Shockwave Flash) - C:\Users\User1\AppData\Local\Google\Chrome\Application\38.0.2125.66\gcswf32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.210.7) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U21) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (ClickPotatoLite Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\npclntax_ClickPotatoLiteSA.dll No File
CHR Plugin: (Microsoft Office 2003) - C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll No File
CHR Plugin: (VLC Multimedia Plug-in) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR CustomProfile: C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-07]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-21]
CHR Extension: (YouTube) - C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-01]
CHR Extension: (Google-Suche) - C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-01]
CHR Extension: (Google Wallet) - C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-07]
CHR Extension: (Evernote Web Clipper) - C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2010-09-30]
CHR Extension: (Google Mail) - C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-01]
CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\THOMAS~1\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-05-03]
CHR StartMenuInternet: Google Chrome - C:\Users\User1\AppData\Local\Google\Chrome\Application\chrome.exe
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeActiveFileMonitor4.0; C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe [102400 2005-09-09] () [File not signed]
R2 aswUpdSv; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [18752 2010-02-18] (ALWIL Software)
R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast4\aswServ.exe [138680 2010-02-18] (ALWIL Software)
S3 avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\aswMaiSv.exe [254040 2010-02-18] (ALWIL Software)
R2 avast! NetAgent; C:\Program Files\Alwil Software\Avast4\AvAgent.exe [52160 2010-02-18] (ALWIL Software)
S3 avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\aswWebSv.exe [352920 2010-02-18] (ALWIL Software)
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S3 CGVPNCliSrvc; C:\Program Files\CyberGhost VPN\CGVPNCliService.exe [2430128 2011-12-06] (mobile concepts GmbH)
R2 DirMngr; C:\Program Files\GNU\GnuPG\dirmngr.exe [218112 2013-07-16] () [File not signed]
R3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2013-01-09] (Macrovision Europe Ltd.) [File not signed]
R2 GladFileMonSvc; C:\Program Files\Gladinet\Gladinet Cloud Desktop\GladFileMonSvc.exe [26984 2010-08-27] (Gladinet, INC)
R2 HP Health Check Service; C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [121344 2010-05-20] (Hewlett-Packard) [File not signed]
R2 hshld; C:\Program Files\Hotspot Shield\bin\openvpnas.exe [570664 2013-04-26] (AnchorFree Inc.)
R2 HssSrv; C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe [463656 2013-04-26] (AnchorFree Inc.)
S3 HssTrayService; C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE [78512 2013-04-24] ()
R2 HssWd; C:\Program Files\Hotspot Shield\bin\hsswd.exe [390440 2013-04-26] ()
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)
R2 pdfcDispatcher; C:\Program Files\PDF Complete\pdfsvc.exe [635416 2009-06-18] (PDF Complete Inc)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 AR5211; C:\Windows\System32\DRIVERS\ar5211.sys [549184 2007-10-26] (Atheros Communications, Inc.)
R2 aswFsBlk; C:\Windows\System32\DRIVERS\aswFsBlk.sys [20560 2010-02-18] (ALWIL Software)
R2 aswMonFlt; C:\Windows\System32\DRIVERS\aswMonFlt.sys [53328 2010-02-18] (ALWIL Software)
R1 aswRdr; C:\Windows\system32\Drivers\aswRdr.sys [23120 2010-02-18] (ALWIL Software)
R1 aswSP; C:\Windows\system32\Drivers\aswSP.sys [114768 2010-02-18] (ALWIL Software)
R1 aswTdi; C:\Windows\system32\Drivers\aswTdi.sys [48624 2010-02-18] (ALWIL Software)
S3 athr; C:\Windows\System32\DRIVERS\athr.sys [1269760 2010-05-19] (Atheros Communications, Inc.) [File not signed]
R3 athur; C:\Windows\System32\DRIVERS\athur.sys [1500160 2010-04-20] (Atheros Communications, Inc.)
R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [40648 2013-04-24] (AnchorFree Inc.)
S3 LVUSBSta; C:\Windows\System32\drivers\LVUSBSta.sys [41752 2008-07-26] (Logitech Inc.)
S3 MOBIOLA_Wave; C:\Windows\System32\drivers\mobiolawave.sys [25024 2010-05-14] (SHAPE Services)
S3 pepifilter; C:\Windows\System32\DRIVERS\lv302af.sys [13848 2008-07-26] (Logitech Inc.)
S3 PID_PEPI; C:\Windows\System32\DRIVERS\LV302V32.SYS [2570520 2008-07-26] (Logitech Inc.)
R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [20640 2010-09-28] (Sonic Solutions) [File not signed]
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [26112 2010-11-23] (The OpenVPN Project)
S3 taphss; C:\Windows\System32\DRIVERS\taphss.sys [32768 2010-09-21] (AnchorFree Inc)
R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [37064 2013-04-24] (Anchorfree Inc.)
R2 tifsfilter; C:\Windows\System32\DRIVERS\tifsfilt.sys [44384 2012-03-06] (Acronis)
R1 uiwbrdr; C:\Windows\System32\DRIVERS\uiwbrdr.sys [144896 2011-11-21] (1&1 Mail & Media GmbH) [File not signed]
R3 WsAudioDevice_383; C:\Windows\System32\drivers\WsAudioDevice_383.sys [16640 2008-11-19] (Wondershare) [File not signed]
U3 aswMBR; \??\C:\Users\THOMAS~1\AppData\Local\Temp\aswMBR.sys [X]
U3 aswVmm; \??\C:\Users\THOMAS~1\AppData\Local\Temp\aswVmm.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-24 08:42 - 2014-09-24 08:43 - 00038011 _____ () C:\Users\User1\Desktop\FRST.txt
2014-09-24 08:42 - 2014-09-24 08:42 - 00000000 ____D () C:\FRST
2014-09-24 08:41 - 2014-09-24 08:41 - 01098240 _____ (Farbar) C:\Users\User1\Desktop\FRST.exe
2014-09-24 08:40 - 2014-09-24 08:40 - 00000000 _____ () C:\Users\User1\defogger_reenable
2014-09-24 08:39 - 2014-09-24 08:39 - 00050477 _____ () C:\Users\User1\Desktop\Defogger.exe
2014-09-23 18:58 - 2014-09-23 18:58 - 00000000 ____D () C:\Program Files\ESET
2014-09-23 17:57 - 2014-09-23 18:52 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-09-23 17:56 - 2014-09-23 18:52 - 00000000 ____D () C:\Users\User1\Desktop\mbar
2014-09-23 17:45 - 2014-09-23 17:45 - 00000022 _____ () C:\Windows\S.dirmngr
2014-09-23 17:15 - 2014-09-23 17:15 - 00000000 ____D () C:\Users\User1\AppData\Roaming\Ryxui
2014-09-23 17:14 - 2014-09-23 17:46 - 00000000 ___RD () C:\Users\User1\iCloudDrive
2014-09-23 17:12 - 2014-09-23 17:57 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-23 17:11 - 2014-09-23 17:56 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-23 17:11 - 2014-09-23 17:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-09-23 17:11 - 2014-09-23 17:11 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware
2014-09-23 17:11 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-23 17:00 - 2014-09-23 17:00 - 00000000 ____D () C:\Users\User1\AppData\Local\Apple Inc
2014-09-23 15:05 - 2014-09-23 15:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2014-09-22 18:54 - 2014-09-22 18:54 - 01010176 _____ () C:\Users\User1\Downloads\MicrosoftFixit50884 (1).msi
2014-09-22 18:53 - 2014-09-22 18:53 - 01010176 _____ () C:\Users\User1\Downloads\MicrosoftFixit50884.msi
2014-09-22 18:33 - 2014-09-22 18:36 - 117536504 _____ (Microsoft Corporation) C:\Users\User1\Downloads\msert.exe
2014-09-22 18:24 - 2014-09-22 18:24 - 00000000 ____D () C:\Users\User1\AppData\Roaming\Simply Super Software
2014-09-22 18:00 - 2014-09-23 17:26 - 00000000 ____D () C:\ProgramData\TEMP
2014-09-22 18:00 - 2014-09-22 18:00 - 00001101 _____ () C:\Users\Public\Desktop\Trojan Remover.lnk
2014-09-22 18:00 - 2014-09-22 18:00 - 00000000 ____D () C:\ProgramData\Simply Super Software
2014-09-22 18:00 - 2014-09-22 18:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
2014-09-22 18:00 - 2014-09-22 18:00 - 00000000 ____D () C:\ProgramData\Licenses
2014-09-22 18:00 - 2014-09-22 18:00 - 00000000 ____D () C:\Program Files\Trojan Remover
2014-09-22 17:58 - 2014-09-22 17:59 - 21657592 _____ (Simply Super Software ) C:\Users\User1\Downloads\trjsetup691.exe
2014-09-22 17:31 - 2014-09-22 17:31 - 00000000 ____D () C:\Users\User1\AppData\Roaming\Yzuxri
2014-09-17 13:17 - 2014-09-17 13:17 - 00000000 ____D () C:\Users\User1\Desktop\temp_files
2014-09-11 12:47 - 2014-09-15 11:05 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-09-11 03:14 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-11 03:14 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-11 03:14 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-11 03:14 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-11 03:14 - 2014-08-18 23:57 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-11 03:14 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-11 03:14 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-11 03:14 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-11 03:14 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-11 03:14 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-11 03:14 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-11 03:14 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-11 03:14 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-11 03:14 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-11 03:14 - 2014-08-18 23:36 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-11 03:14 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-11 03:14 - 2014-08-18 23:30 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-11 03:14 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-11 03:14 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-11 03:14 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-11 03:14 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-11 03:14 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-11 03:14 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-11 03:14 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-11 03:14 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-11 03:14 - 2014-08-18 23:08 - 00673792 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-11 03:14 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-11 03:14 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-11 03:14 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-11 03:14 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-11 03:14 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-11 02:20 - 2014-07-07 03:40 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-11 02:20 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-11 02:19 - 2014-09-05 03:52 - 00445952 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-11 02:19 - 2014-09-05 03:47 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-11 02:19 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-11 02:19 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-10 09:49 - 2014-09-10 09:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-09-10 09:48 - 2014-09-10 09:48 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-09-10 09:48 - 2014-09-10 09:48 - 00000000 ____D () C:\Program Files\iPod
2014-09-05 11:52 - 2014-09-05 11:52 - 00000000 ____D () C:\Users\User1\AppData\Roaming\Opera
2014-09-03 15:59 - 2014-09-03 15:59 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-08-28 09:15 - 2014-08-23 03:46 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-28 09:15 - 2014-08-23 02:42 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-25 15:36 - 2014-08-25 16:14 - 116784152 _____ () C:\Users\User1\Downloads\www.NewAlbumReleases.net_Tom Petty and The Heartbreakers - Hypnotic Eye (2014) (2).rar
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-24 08:43 - 2014-09-24 08:42 - 00038011 _____ () C:\Users\User1\Desktop\FRST.txt
2014-09-24 08:42 - 2014-09-24 08:42 - 00000000 ____D () C:\FRST
2014-09-24 08:41 - 2014-09-24 08:41 - 01098240 _____ (Farbar) C:\Users\User1\Desktop\FRST.exe
2014-09-24 08:40 - 2014-09-24 08:40 - 00000000 _____ () C:\Users\User1\defogger_reenable
2014-09-24 08:40 - 2012-01-16 18:10 - 00000000 ____D () C:\Program Files\Free Download Manager
2014-09-24 08:40 - 2010-04-21 17:44 - 00000000 ____D () C:\Users\User1
2014-09-24 08:39 - 2014-09-24 08:39 - 00050477 _____ () C:\Users\User1\Desktop\Defogger.exe
2014-09-24 08:37 - 2010-07-12 16:46 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-24 08:27 - 2010-04-21 17:19 - 02038098 _____ () C:\Windows\WindowsUpdate.log
2014-09-24 08:14 - 2012-06-26 10:17 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-24 07:49 - 2010-05-31 10:28 - 00001144 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1903734357-4184266498-2229017531-1000UA.job
2014-09-23 19:37 - 2010-07-12 16:46 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-23 18:58 - 2014-09-23 18:58 - 00000000 ____D () C:\Program Files\ESET
2014-09-23 18:52 - 2014-09-23 17:57 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-09-23 18:52 - 2014-09-23 17:56 - 00000000 ____D () C:\Users\User1\Desktop\mbar
2014-09-23 17:57 - 2014-09-23 17:12 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-23 17:56 - 2014-09-23 17:11 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-23 17:54 - 2009-07-14 06:34 - 00021680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-23 17:54 - 2009-07-14 06:34 - 00021680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-23 17:49 - 2010-08-30 09:05 - 00000000 ____D () C:\Users\User1\AppData\Local\Gladinet
2014-09-23 17:48 - 2011-02-16 19:01 - 00000000 ___HD () C:\jexepackres
2014-09-23 17:48 - 2010-10-04 15:49 - 00000000 ____D () C:\Users\User1\AppData\Roaming\Dropbox
2014-09-23 17:48 - 2010-09-22 17:04 - 00000041 _____ () C:\Windows\Filzip.ini
2014-09-23 17:48 - 2010-04-26 17:11 - 00000000 ____D () C:\Users\User1\AppData\Roaming\Skype
2014-09-23 17:47 - 2012-04-30 14:50 - 00000000 ___RD () C:\Users\User1\Google Drive
2014-09-23 17:47 - 2012-04-25 08:38 - 00000000 ___RD () C:\Users\User1\SkyDrive
2014-09-23 17:46 - 2014-09-23 17:14 - 00000000 ___RD () C:\Users\User1\iCloudDrive
2014-09-23 17:45 - 2014-09-23 17:45 - 00000022 _____ () C:\Windows\S.dirmngr
2014-09-23 17:45 - 2014-08-14 09:09 - 00005990 _____ () C:\Windows\PFRO.log
2014-09-23 17:45 - 2014-03-06 11:50 - 00007256 _____ () C:\Windows\setupact.log
2014-09-23 17:45 - 2010-04-21 18:46 - 00000000 ____D () C:\Windows\PCHEALTH
2014-09-23 17:45 - 2010-04-21 17:45 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-09-23 17:45 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-23 17:26 - 2014-09-22 18:00 - 00000000 ____D () C:\ProgramData\TEMP
2014-09-23 17:15 - 2014-09-23 17:15 - 00000000 ____D () C:\Users\User1\AppData\Roaming\Ryxui
2014-09-23 17:11 - 2014-09-23 17:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-09-23 17:11 - 2014-09-23 17:11 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware
2014-09-23 17:11 - 2012-07-05 16:13 - 00001064 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-09-23 17:11 - 2012-07-05 16:13 - 00000000 ____D () C:\Users\User1\AppData\Roaming\Malwarebytes
2014-09-23 17:11 - 2012-07-05 16:13 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-23 17:00 - 2014-09-23 17:00 - 00000000 ____D () C:\Users\User1\AppData\Local\Apple Inc
2014-09-23 17:00 - 2010-04-26 17:01 - 00000000 ____D () C:\Users\User1\AppData\Roaming\Apple Computer
2014-09-23 15:05 - 2014-09-23 15:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2014-09-23 00:00 - 2010-04-21 17:25 - 00000000 ____D () C:\ProgramData\PDFC
2014-09-22 19:04 - 2009-07-25 14:54 - 01629442 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-22 18:54 - 2014-09-22 18:54 - 01010176 _____ () C:\Users\User1\Downloads\MicrosoftFixit50884 (1).msi
2014-09-22 18:53 - 2014-09-22 18:53 - 01010176 _____ () C:\Users\User1\Downloads\MicrosoftFixit50884.msi
2014-09-22 18:36 - 2014-09-22 18:33 - 117536504 _____ (Microsoft Corporation) C:\Users\User1\Downloads\msert.exe
2014-09-22 18:24 - 2014-09-22 18:24 - 00000000 ____D () C:\Users\User1\AppData\Roaming\Simply Super Software
2014-09-22 18:00 - 2014-09-22 18:00 - 00001101 _____ () C:\Users\Public\Desktop\Trojan Remover.lnk
2014-09-22 18:00 - 2014-09-22 18:00 - 00000000 ____D () C:\ProgramData\Simply Super Software
2014-09-22 18:00 - 2014-09-22 18:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
2014-09-22 18:00 - 2014-09-22 18:00 - 00000000 ____D () C:\ProgramData\Licenses
2014-09-22 18:00 - 2014-09-22 18:00 - 00000000 ____D () C:\Program Files\Trojan Remover
2014-09-22 17:59 - 2014-09-22 17:58 - 21657592 _____ (Simply Super Software ) C:\Users\User1\Downloads\trjsetup691.exe
2014-09-22 17:39 - 2013-12-02 09:54 - 00000344 _____ () C:\Windows\Tasks\HPCeeScheduleForUser1.job
2014-09-22 17:31 - 2014-09-22 17:31 - 00000000 ____D () C:\Users\User1\AppData\Roaming\Yzuxri
2014-09-22 16:49 - 2010-05-31 10:28 - 00001092 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1903734357-4184266498-2229017531-1000Core.job
2014-09-22 15:21 - 2010-10-08 14:43 - 00000052 _____ () C:\Windows\system32\DOErrors.log
2014-09-22 15:01 - 2010-10-04 15:51 - 00001038 _____ () C:\Users\User1\Desktop\Dropbox.lnk
2014-09-22 15:01 - 2010-10-04 15:49 - 00000000 ____D () C:\Users\User1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-09-19 14:56 - 2011-06-29 15:35 - 00000000 ____D () C:\Users\User1\AppData\Local\PokerStars.EU
2014-09-19 14:56 - 2010-04-21 19:40 - 00000000 ____D () C:\Program Files\Holdem Indicator
2014-09-18 06:51 - 2010-05-31 10:29 - 00002393 _____ () C:\Users\User1\Desktop\Google Chrome.lnk
2014-09-17 14:42 - 2014-07-11 11:41 - 00000000 ____D () C:\Users\User1\AppData\Roaming\iFunbox_UserCache
2014-09-17 14:00 - 2012-04-20 18:40 - 00000000 ____D () C:\Users\User1\Downloads\iPod Photo Cache
2014-09-17 13:17 - 2014-09-17 13:17 - 00000000 ____D () C:\Users\User1\Desktop\temp_files
2014-09-16 09:01 - 2012-04-27 10:30 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-09-15 11:05 - 2014-09-11 12:47 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-09-15 09:06 - 2010-04-21 18:33 - 00231568 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-11 03:41 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-09-11 03:14 - 2013-08-20 03:06 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-11 03:04 - 2014-05-06 20:09 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-11 03:04 - 2011-08-23 11:24 - 98758480 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-11 03:04 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-09-10 14:14 - 2012-06-26 10:17 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-09-10 14:14 - 2012-06-26 10:17 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-09-10 09:49 - 2014-09-10 09:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-09-10 09:49 - 2014-07-22 11:30 - 00001755 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-09-10 09:48 - 2014-09-10 09:48 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-09-10 09:48 - 2014-09-10 09:48 - 00000000 ____D () C:\Program Files\iPod
2014-09-10 09:48 - 2011-01-24 22:12 - 00000000 ____D () C:\Program Files\iTunes
2014-09-10 09:48 - 2010-04-26 16:59 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-09-09 15:57 - 2010-10-10 22:46 - 00007602 _____ () C:\Users\User1\AppData\Local\resmon.resmoncfg
2014-09-05 11:52 - 2014-09-05 11:52 - 00000000 ____D () C:\Users\User1\AppData\Roaming\Opera
2014-09-05 11:52 - 2009-07-14 04:04 - 00000520 _____ () C:\Windows\win.ini
2014-09-05 03:52 - 2014-09-11 02:19 - 00445952 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-05 03:47 - 2014-09-11 02:19 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-04 16:38 - 2011-06-29 15:35 - 00000000 ____D () C:\Program Files\PokerStars
2014-09-03 15:59 - 2014-09-03 15:59 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-09-03 15:59 - 2010-04-26 17:10 - 00000000 ____D () C:\ProgramData\Skype
2014-08-29 03:21 - 2009-07-14 06:33 - 00539384 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-26 09:19 - 2010-12-02 12:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ReNoStar
2014-08-26 09:16 - 2010-12-02 12:36 - 00000000 ____D () C:\Renostar
2014-08-25 16:14 - 2014-08-25 15:36 - 116784152 _____ () C:\Users\User1\Downloads\www.NewAlbumReleases.net_Tom Petty and The Heartbreakers - Hypnotic Eye (2014) (2).rar
2014-08-25 09:14 - 2012-04-26 14:53 - 00000000 ____D () C:\ProgramData\Hotspot Shield
2014-08-25 09:12 - 2010-09-21 15:09 - 00000000 ____D () C:\Program Files\Hotspot Shield
Some content of TEMP:
====================
C:\Users\User1\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpocffht.dll
C:\Users\User1\AppData\Local\Temp\KB09305459.exe
C:\Users\User1\AppData\Local\Temp\vlc-2.1.3-win32.exe
C:\Users\User1\AppData\Local\Temp\applnch.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-09-16 19:39
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 24-09-2014
Ran by User1 at 2014-09-24 08:43:36
Running from C:\Users\User1\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
1.5 (HKLM\...\{45CEBDDE-AD94-4C5A-999D-0D35CE61405B}_is1) (Version: - Dirk Paehl)
7-Zip 9.20 (HKLM\...\7-Zip) (Version: - )
802.11g Wireless PCI Adapter (HKLM\...\InstallShield_{73B944DE-5AAF-4AD8-8688-60872CB227C6}) (Version: 1.0.0.1 - SMC)
802.11g Wireless PCI Adapter (Version: 1.0.0.1 - SMC) Hidden
ActiveCheck component for HP Active Support Library (Version: 3.0.0.3 - Hewlett-Packard) Hidden
Adobe Acrobat 8 Professional - English, Français, Deutsch (HKLM\...\Adobe Acrobat 8 Professional - English, Français, Deutsch) (Version: 8.0.0 - Adobe Systems)
Adobe Acrobat 8 Professional - English, Français, Deutsch (Version: 8.0.0 - Adobe Systems) Hidden
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Help Center 2.0 (Version: 2.0.0 - Adobe Systems) Hidden
Adobe Photoshop Elements 4.0 (HKLM\...\Adobe Photoshop Elements 4) (Version: 4.0 - Adobe Systems, Inc.)
Adobe Photoshop Elements 4.0 (Version: 4.0 - Adobe Systems, Inc.) Hidden
Adobe Shockwave Player 12.0 (HKLM\...\Adobe Shockwave Player) (Version: 12.0.2.122 - Adobe Systems, Inc.)
Aimersoft DVD Creator(Build 2.5.2.15) (HKLM\...\Aimersoft DVD Creator_is1) (Version: - Wondershare Software)
Air Video Server 2.4.3 (HKLM\...\Air Video Server) (Version: 2.4.3 - InMethod, s.r.o.)
Apple Application Support (HKLM\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C0CC75CD-F5B7-46AD-B016-17C0F5171718}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 1.2.6 (HKLM\...\Audacity_is1) (Version: - )
Audible Download Manager (HKLM\...\AudibleDownloadManager) (Version: 6.6.0.15 - Audible, Inc.)
avast! Antivirus (managed) (HKLM\...\avast!NET) (Version: 4.8 - Alwil Software)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Canon Utilities Digital Photo Professional 3.9 (HKLM\...\DPP) (Version: 3.9.2.0 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 3.05 - Piriform)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.4.1.3341 - CDBurnerXP)
ChannelEditor (HKLM\...\{2CB14BDA-5241-4F45-98C5-23520E366B89}) (Version: 1.0.0 - inverto.tv)
CyberGhost VPN (HKLM\...\CyberGhost VPN_is1) (Version: - CyberGhost S.R.L.)
DMG Extractor (HKCU\...\DMG Extractor) (Version: 1.2.1.0 - Reincubate Ltd)
Drago 4.20 (HKLM\...\Drago_is1) (Version: - Gilles Arcas-Luque)
Dropbox (HKCU\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)
DVD Flick 1.3.0.7 (HKLM\...\DVD Flick_is1) (Version: 1.3.0.7 - Dennis Meuwissen)
DVD Shrink 3.2 (HKLM\...\DVD Shrink_is1) (Version: - DVD Shrink)
DVDVideoSoftTB Toolbar (HKLM\...\DVDVideoSoftTB Toolbar) (Version: 6.15.0.27 - DVDVideoSoftTB)
DVR-Studio Pro 2 (HKLM\...\{BD60F72D-3F2F-4AE1-9C41-3CF75B2CA59A}) (Version: - Haenlein Software)
eDocPrintPro v3.15.2 (HKLM\...\{45B8441A-0346-4D6C-88A8-01821DA28D04}) (Version: 3.15.2 - MAY-Computer)
Emicsoft MKV Converter (HKLM\...\Emicsoft MKV Converter_is1) (Version: - )
Evernote v. 4.5.10 (HKLM\...\{EF7E46B8-1FB7-11E2-B6B3-984BE15F174E}) (Version: 4.5.10.7472 - Evernote Corp.)
Express Scribe (HKLM\...\Scribe) (Version: - NCH Software)
FileZilla Client 3.5.3 (HKLM\...\FileZilla Client) (Version: 3.5.3 - FileZilla Project)
Filzip 3.06 (HKLM\...\Filzip 3.0.6.93_is1) (Version: 3.0.6 - Philipp Engel)
Free Audio Converter version 5.0.26.622 (HKLM\...\Free Audio Converter_is1) (Version: 5.0.26.622 - DVDVideoSoft Ltd.)
Free Download Manager 3.9.2 (HKLM\...\Free Download Manager_is1) (Version: - FreeDownloadManager.ORG)
Full Tilt Poker (HKLM\...\{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}) (Version: 4.46.3.WIN.FullTilt.COM - )
Gladinet Cloud Desktop (HKLM\...\{9ADA9B3F-E787-403A-8CDA-67FD54DDBEC7}) (Version: 2.3.432 - Gladinet)
Google Calendar Sync (HKLM\...\Google Calendar Sync) (Version: - )
Google Chrome (HKCU\...\Google Chrome) (Version: 38.0.2125.66 - Google Inc.)
Google Drive (HKLM\...\{C6640705-7479-4EE5-BC86-879F05F65E74}) (Version: 1.17.7290.4094 - Google, Inc.)
Google Talk Plugin (HKLM\...\{C1E3DFE7-4EAD-3E9E-A826-E06055BA5921}) (Version: 5.4.2.18903 - Google)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
Gpg4win (2.2.0-beta34) (HKLM\...\GPG4Win) (Version: 2.2.0-beta34 - The Gpg4win Project)
gs_x86 (HKLM\...\{6AB6CBD4-ED44-4EAA-8496-228395B1C1D0}) (Version: 8.64 - MAY-Computer)
HandBrake 0.9.5 (HKLM\...\HandBrake) (Version: 0.9.5 - )
HDD-Booster v1.2 (HKLM\...\HDD-Booster_is1) (Version: - ASCOMP Software GmbH)
Holdem Indicator 1.8.4 (HKLM\...\Holdem Indicator_is1) (Version: - hxxp://www.HoldemIndicator.com)
Hotspot Shield 2.93 (HKLM\...\HotspotShield) (Version: 2.93 - AnchorFree)
HP Customer Experience Enhancements (Version: 6.0.1.3 - Hewlett-Packard) Hidden
HP Softpaq SP500287 (HKLM\...\SP50028) (Version: - )
HPAsset component for HP Active Support Library (Version: 3.0.2.2 - Hewlett-Packard) Hidden
iBackupBot for iTunes 3.1.6 (HKLM\...\iBackupBot for iTunes) (Version: 3.1.6 - VOWSoft, Ltd.)
iCloud (HKLM\...\{8D9592B4-7E22-4D1F-B2CB-B5F0F2F619CB}) (Version: 4.0.3.56 - Apple Inc.)
iFunbox (v2.8.2414.748), iFunbox DevTeam (HKLM\...\iFunbox_is1) (Version: v2.8.2414.748 - )
iPhoneBrowser (HKLM\...\{C1FCDCA1-2759-4E5E-84EE-3A665BB2F513}) (Version: 1.9.3 - Cranium Consulting and Custom Software)
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.30 - Irfan Skiljan)
iTuner (HKLM\...\{E233EF8A-D04F-49B9-996B-218F3C3EA543}) (Version: 1.2.3782 - River Software)
iTunes (HKLM\...\{F32DC846-4457-40A8-BECA-BCC0E960BC53}) (Version: 11.4.0.18 - Apple Inc.)
Java 7 Update 21 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217021FF}) (Version: 7.0.210 - Oracle)
Java Auto Updater (Version: 2.1.9.5 - Sun Microsystems, Inc.) Hidden
KeePass Password Safe 1.20 (HKLM\...\KeePass Password Safe_is1) (Version: 1.20 - Dominik Reichl)
KeePass Password Safe 2.20.1 (HKLM\...\KeePassPasswordSafe2_is1) (Version: - Dominik Reichl)
Lexware Info Service (HKLM\...\{15B2BC56-D179-4450-84B9-7A8D7F4CE1B9}) (Version: 2.70.00.0081 - Haufe-Lexware GmbH & Co.KG)
Lexware zeitmanagement 2011 (HKLM\...\{AE6E353F-A5D6-40E4-81FB-960EB7B207D7}) (Version: 2.05.00.0169 - Haufe-Lexware GmbH & Co.KG)
LibreOffice 4.1.3.2 (HKLM\...\{4F3722AD-197D-4DBB-BDFB-D2F0D6776354}) (Version: 4.1.3.2 - The Document Foundation)
Lineal (HKLM\...\Lineal v1.6b_is1) (Version: 0.1.6b - )
lingDIALOG (HKLM\...\{627C5AC0-772C-4661-B696-42E04AEB1872}) (Version: 2.00.0010 - LingCom GmbH)
Logitech Harmony Remote Software 7 (HKLM\...\{5C6F884D-680C-448B-B4C9-22296EE1B206}) (Version: 7.7.0.0 - Logitech)
Logitech Harmony Remote Software 7 (Version: 7.7.0.0 - Logitech) Hidden
MakeMKV v1.8.11 (HKLM\...\MakeMKV) (Version: v1.8.11 - GuinpinSoft inc)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Mediencenter 3.9.1055.64 (HKCU\...\Mediencenter) (Version: 3.9.1055.64 - Deutsche Telekom AG)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office Outlook 2003 (HKLM\...\{90E00407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.3.1171.0714 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Word 2000 SR-1 (HKLM\...\{00170407-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.3821 - Microsoft Corporation)
MobileMe Control Panel (HKLM\...\{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}) (Version: 3.1.8.0 - Apple Inc.)
Moorhuhn Remake (HKLM\...\{52210D57-0B1F-4681-90DD-8659DF4BCC40}) (Version: 1.00.0000 - )
Movies2iPhone 1.24 for Windows (HKLM\...\Movies2iPhone) (Version: 1.24 for Windows - OKprods Ltd)
Mozilla Firefox 30.0 (x86 de) (HKLM\...\Mozilla Firefox 30.0 (x86 de)) (Version: 30.0 - Mozilla)
Mozilla Firefox 4.0b8 (x86 de) (HKLM\...\Mozilla Firefox 4.0b8 (x86 de)) (Version: 4.0b8 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
Mozilla Thunderbird 31.1.1 (x86 de) (HKLM\...\Mozilla Thunderbird 31.1.1 (x86 de)) (Version: 31.1.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nipperdey plus (HKLM\...\{C5FEF96A-0C31-4D2E-9112-C782065DEE40}) (Version: 1.0.15 - C. H. Beck)
Norton Online Backup (HKLM\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 1.2.20.0 - Symantec)
NTFS Link 2.1 (HKLM\...\ntfslink_is1) (Version: - )
NVIDIA 3D Vision Controller Driver (Version: 280.19 - NVIDIA Corporation) Hidden
NVIDIA 3D Vision Controller-Treiber 280.19 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 280.19 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 311.06 - NVIDIA Corporation)
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.11.9793 - NVIDIA Corporation)
NVIDIA Grafiktreiber 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.06 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.2.23.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.2.23.3 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.108.688 - NVIDIA Corporation) Hidden
NVIDIA PhysX (Version: 9.10.0514 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.10.0514 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.10.0514 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.1106 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 311.06 (Version: 311.06 - NVIDIA Corporation) Hidden
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.11.3 - NVIDIA Corporation) Hidden
PDF Complete Special Edition (HKLM\...\PDF Complete) (Version: 3.5.109 - PDF Complete, Inc)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.2.3 - Frank Heindörfer, Philip Chinery)
PDFtoEPUB (HKLM\...\PDFtoEPUB) (Version: 1.5.0 - DNAML Pty Ltd.)
PokerStars (HKLM\...\PokerStars) (Version: - PokerStars)
Power Tab Editor 1.7 (HKLM\...\{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}) (Version: 1.7.0 - Power Tab Software)
Printer Pro Desktop (HKLM\...\PrinterProDesktop) (Version: - Readdle)
PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
QSynchronization for Outlook 2.5.5 (HKLM\...\QSynchronization for Outlook_is1) (Version: - Thomas Quester)
Qtrax Player (HKCU\...\756452889.portal.qtrax.com) (Version: - portal.qtrax.com)
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Ralink RT2860 Wireless LAN Card (HKLM\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}) (Version: - Ralink)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5882 - Realtek Semiconductor Corp.)
Remote Control USB Driver (HKLM\...\{8471021C-F529-43DE-84DF-3612E10F58C4}) (Version: 2.3.2.317 - )
ReNoStar Systemdateien II v.3 (HKLM\...\{3C36D2A0-5A6F-4437-A080-699557C6C8A1}) (Version: 8.70.0.7050 - ReNoStar GmbH)
ReNoStar Systemkomponenten (HKLM\...\InstallShield_{55A1EE3A-2143-4731-8243-3F807869FA66}) (Version: 8.40.0.4000 - ReNoStar GmbH)
ReNoStar Systemkomponenten (Version: 8.40.0.4000 - ReNoStar GmbH) Hidden
ReNoTicker Version 1.0 (HKLM\...\{33FF4DB1-87B2-4934-8563-CA489A1EF80D}_is1) (Version: 1.0 - ReNoStar GmbH)
RNSInstSevOutBar (HKLM\...\{ED689BFF-452F-471A-96DF-69210FEB359D}) (Version: 1.00.0000 - ReNoStar GmbH)
SDExplorer 3.0 (HKLM\...\SDEPRO20_is1) (Version: 3.0 - CloudStorageExplorer.com)
SetEditArgus (remove only) (HKLM\...\SetEditArgus) (Version: - )
Skype Click to Call (HKLM\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.18 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
SopCast 3.3.2 (HKLM\...\SopCast) (Version: 3.3.2 - www.sopcast.com)
StreamTransport version: 1.0.2.2171 (HKLM\...\{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1) (Version: - )
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamViewer 6 (HKLM\...\TeamViewer 6) (Version: 6.0.10194 - TeamViewer GmbH)
TP-LINK-Clientinstallationsprogramm (HKLM\...\{7A2A107B-9695-423F-9462-8F17C178BD35}) (Version: 7.0 - TP-LINK)
Trojan Remover 6.9.1 (HKLM\...\Trojan Remover_is1) (Version: 6.9.1 - Simply Super Software)
TunnelBear 1.0.28 (HKLM\...\TunnelBear) (Version: 1.0.28 - TunnelBear)
Tyre (HKLM\...\Tyre_is1) (Version: 6.3.0.2 - 't Schrijverke)
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Vokabeltrainer-Update 4.0.46 (HKLM\...\{7F2A96C8-B7F8-4C0E-B575-BC2378342962}) (Version: 4.0.46 - Langenscheidt)
VSDC Free Video Editor Version 2.1.9.201 (HKLM\...\VSDC Free Video Editor_is1) (Version: 2.1.9.201 - Flash-Integro LLC)
WEB.DE SmartDrive Manager (HKLM\...\WEB.DE SmartDrive Manager) (Version: 2.0.677 - 1&1 Mail & Media GmbH)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR (HKLM\...\WinRAR archiver) (Version: - )
WinSCP 4.2.9 (HKLM\...\winscp3_is1) (Version: 4.2.9 - Martin Prikryl)
Wise Registry Cleaner 6.14 (HKLM\...\Wise Registry Cleaner_is1) (Version: - WiseCleaner.com, Inc.)
Wondershare Streaming Audio Recorder(Build 1.0.10.1) (HKLM\...\Wondershare Streaming Audio Recorder_is1) (Version: - Wondershare Software)
Xilisoft iPad to PC Copy (HKLM\...\Xilisoft iPad to PC Copy) (Version: 4.2.1.0526 - Xilisoft)
Xvid 1.2.1 final uninstall (HKLM\...\Xvid_is1) (Version: 1.2 - Xvid team (Koepi))
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\User1\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\User1\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\User1\AppData\Local\Google\Update\1.3.21.135\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> C:\Users\User1\AppData\Local\Google\Update\1.3.21.99\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{0E55CBE1-B06A-49B6-AD8D-9EFAA0160C6F}\InprocServer32 -> C:\Users\User1\AppData\Local\Google\Update\1.3.21.57\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{218D2740-5A50-42A8-AB9F-62FF1B168782}\InprocServer32 -> C:\Users\User1\AppData\Local\Google\Update\1.3.21.69\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\User1\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{268502F4-815D-4358-A8D6-B783FDB58EF0}\InprocServer32 -> C:\Users\User1\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.ContextMenuHandler.dll (Deutsche Telekom AG)
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8}\InprocServer32 -> C:\Users\User1\AppData\Local\Google\Update\1.2.183.39\goopdate.dll No File
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\User1\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> C:\Users\User1\AppData\Local\Google\Update\1.3.21.79\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\User1\AppData\Local\Google\Update\1.3.23.9\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Users\User1\AppData\Local\Google\Google Talk Plugin\googletalkax.dll (Google)
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\User1\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{528EE335-5034-4EFC-834E-63E5F02D2BC2}\InprocServer32 -> C:\Users\User1\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll (Deutsche Telekom AG)
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Users\User1\AppData\Local\Google\Chrome\Application\38.0.2125.66\delegate_execute.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{6066ADF0-9EB0-43E5-ADB6-990F5A3B979C}\InprocServer32 -> C:\Users\User1\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll (Deutsche Telekom AG)
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\User1\AppData\Local\Google\Update\1.3.21.145\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\User1\AppData\Local\Google\Update\1.3.21.123\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\User1\AppData\Local\Google\Update\1.3.21.153\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{77BC4082-DB5F-439A-8DC8-F9E24A63B0DE}\InprocServer32 -> C:\Users\User1\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll (Deutsche Telekom AG)
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{7B37E4E2-C62F-4914-9620-8FB5062718CC}\localserver32 -> C:\Users\User1\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\User1\AppData\Local\Google\Update\1.3.24.15\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Users\User1\AppData\Local\Google\Update\1.3.21.149\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\User1\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}\localserver32 -> "C:\Users\User1\AppData\Local\Google\Chrome\Application\22.0.1229.39\delegate_execute.exe" No (the data entry has 4 more characters).
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\User1\AppData\Local\Google\Update\1.3.22.3\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\User1\AppData\Local\Google\Update\1.3.21.165\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{AB807329-7324-431B-8B36-DBD581F56E0B}\localserver32 -> C:\Users\User1\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Users\User1\AppData\Local\Google\Google Talk Plugin\o1dax.dll (Google)
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\User1\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\User1\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\User1\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\User1\AppData\Local\Google\Update\1.3.21.115\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\User1\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{DB25D157-76D4-41C1-97B5-359E4A4CECEB}\InprocServer32 -> C:\Users\User1\AppData\Local\Google\Update\1.3.21.65\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{E5F07F0E-C4AE-4AA8-AE7E-FC3DB683977E}\InprocServer32 -> C:\Users\User1\AppData\Local\Google\Update\1.3.21.71\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\User1\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\User1\AppData\Local\Google\Update\1.3.24.15\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\User1\AppData\Local\Google\Update\1.3.22.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\User1\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\User1\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\FileSyncApi.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User1\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User1\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User1\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User1\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User1\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User1\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User1\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User1\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\User1\AppData\Local\Google\Update\1.3.21.111\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\User1\AppData\Local\Google\Update\1.3.24.7\psuser.dll No File
==================== Restore Points =========================
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:04 - 2012-04-30 15:03 - 00000894 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 box.anchorfree.net
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {0599AEA8-8B0E-4CCA-894C-3388A51516DF} - System32\Tasks\{D5B38D15-96B0-44AE-B5E3-D7781FB183C6} => Chrome.exe hxxp://ui.skype.com/ui/0/5.1.0.112.259/en/abandoninstall?page=tsMain&installinfo=google-toolbar:notoffered;ienotdefaultbrowser2,google-chrome:notoffered;ienotdefaultbrowser2
Task: {1F6C46E3-0AF5-4425-8C9B-169308085EED} - System32\Tasks\Hewlett-Packard\HP Assistant\PC Tuneup => C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe [2010-05-19] (Hewlett-Packard)
Task: {2B5754DC-6D11-4A99-903A-590F903FCCEC} - System32\Tasks\{E05D2DC7-405E-47BE-BEFB-BF1D8BD6D684} => C:\Program Files\Skype\Phone\Skype.exe [2014-07-24] (Skype Technologies S.A.)
Task: {41B17569-4162-4349-85BD-50950BE97451} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1903734357-4184266498-2229017531-1000Core => C:\Users\User1\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-31] (Google Inc.)
Task: {4EEAF8B9-1753-4912-A7CE-1152DADC5B12} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1903734357-4184266498-2229017531-1000UA => C:\Users\User1\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-31] (Google Inc.)
Task: {68D3D043-9928-42B6-ADC0-800076647375} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-10] (Adobe Systems Incorporated)
Task: {A37ECFB2-7B4B-493B-B54C-D570865B15AC} - System32\Tasks\Hewlett-Packard\HP Assistant\PC Health Analysis => C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe [2010-05-19] (Hewlett-Packard)
Task: {AB7E5490-1C3D-41C0-9549-A352FCC95759} - System32\Tasks\HPCeeScheduleForUser1 => C:\Program Files\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07] (Hewlett-Packard)
Task: {B50336E2-7335-49CA-BB6A-0697EE5F2431} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Ghost Resign Task => c:\program files\hewlett-packard\hp health check\activecheck\product_line\HPResignFileLoader.exe [2014-08-19] (Microsoft)
Task: {DD13DB6F-2EFF-431E-AEBE-60F12CD0D628} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {E0759A1C-B0DE-49F8-A492-5C703BEDAA4F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe [2014-08-19] (Microsoft)
Task: {EC16019C-3E05-449D-BA7E-6D1CA31D24C7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-07-12] (Google Inc.)
Task: {EE704841-CE8F-4D6A-9C17-E0362C4E3A34} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-07-12] (Google Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1903734357-4184266498-2229017531-1000Core.job => C:\Users\User1\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1903734357-4184266498-2229017531-1000UA.job => C:\Users\User1\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForUser1.job => C:\Program Files\Hewlett-Packard\HP Ceement\HPCEE.exe
==================== Loaded Modules (whitelisted) =============
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-09-24 09:50:36
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 ST3500418AS rev.HP34 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\THOMAS~1\AppData\Local\Temp\kwldypow.sys
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 142D 83250A15 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 8328A212 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
---- User code sections - GMER 2.1 ----
.text C:\Program Files\WEB.DE\WEB.DE SmartDrive Manager\DAVSRV.EXE[2884] USER32.dll!SetScrollRange 75CF8EC5 5 Bytes JMP 10020569 C:\Program Files\WEB.DE\WEB.DE SmartDrive Manager\SkinMagic.dll
.text C:\Program Files\WEB.DE\WEB.DE SmartDrive Manager\DAVSRV.EXE[2884] USER32.dll!GetSysColorBrush 75CFF1ED 5 Bytes JMP 100205DE C:\Program Files\WEB.DE\WEB.DE SmartDrive Manager\SkinMagic.dll
.text C:\Program Files\WEB.DE\WEB.DE SmartDrive Manager\DAVSRV.EXE[2884] USER32.dll!GetScrollInfo 75D02DA3 7 Bytes JMP 100204E2 C:\Program Files\WEB.DE\WEB.DE SmartDrive Manager\SkinMagic.dll
.text C:\Program Files\WEB.DE\WEB.DE SmartDrive Manager\DAVSRV.EXE[2884] USER32.dll!SetScrollInfo 75D048DA 7 Bytes JMP 10020533 C:\Program Files\WEB.DE\WEB.DE SmartDrive Manager\SkinMagic.dll
.text C:\Program Files\WEB.DE\WEB.DE SmartDrive Manager\DAVSRV.EXE[2884] USER32.dll!GetSysColor 75D0DB7A 5 Bytes JMP 1002059F C:\Program Files\WEB.DE\WEB.DE SmartDrive Manager\SkinMagic.dll
.text C:\Program Files\WEB.DE\WEB.DE SmartDrive Manager\DAVSRV.EXE[2884] USER32.dll!GetScrollRange 75D2045A 5 Bytes JMP 10020518 C:\Program Files\WEB.DE\WEB.DE SmartDrive Manager\SkinMagic.dll
.text C:\Program Files\WEB.DE\WEB.DE SmartDrive Manager\DAVSRV.EXE[2884] USER32.dll!SetScrollPos 75D204BE 5 Bytes JMP 1002054E C:\Program Files\WEB.DE\WEB.DE SmartDrive Manager\SkinMagic.dll
.text C:\Program Files\WEB.DE\WEB.DE SmartDrive Manager\DAVSRV.EXE[2884] USER32.dll!GetScrollPos 75D20E43 5 Bytes JMP 100204FD C:\Program Files\WEB.DE\WEB.DE SmartDrive Manager\SkinMagic.dll
.text C:\Program Files\WEB.DE\WEB.DE SmartDrive Manager\DAVSRV.EXE[2884] USER32.dll!EnableScrollBar 75D219CE 7 Bytes JMP 100204C7 C:\Program Files\WEB.DE\WEB.DE SmartDrive Manager\SkinMagic.dll
.text C:\Program Files\WEB.DE\WEB.DE SmartDrive Manager\DAVSRV.EXE[2884] USER32.dll!ShowScrollBar 75D23C89 5 Bytes JMP 10020584 C:\Program Files\WEB.DE\WEB.DE SmartDrive Manager\SkinMagic.dll
.text C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe[3008] kernel32.dll!FindResourceW 76EA55DF 5 Bytes JMP 00440980 C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe
.text C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe[3008] kernel32.dll!FindResourceA 76EAA585 5 Bytes JMP 00440930 C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe
.text C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe[3008] user32.DLL!LoadStringA 75CF66A7 5 Bytes JMP 00441110 C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe
.text C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe[3008] user32.DLL!LoadStringW 75CFDFBA 5 Bytes JMP 00440FD0 C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe
.text C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe[3008] user32.DLL!LoadMenuW 75CFF214 5 Bytes JMP 00440B40 C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe
.text C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe[3008] user32.DLL!LoadMenuA 75D0F92C 5 Bytes JMP 00440AD0 C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe
.text C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe[3008] user32.DLL!CreateDialogParamA 75D11F42 5 Bytes JMP 004409D0 C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe
.text C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe[3008] user32.DLL!CreateDialogParamW 75D25630 5 Bytes JMP 00440A50 C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe
---- Devices - GMER 2.1 ----
AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys
---- Registry - GMER 2.1 ----
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{91AE4577-AFD4-690D-A343-5C8E3C82B1F6}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{91AE4577-AFD4-690D-A343-5C8E3C82B1F6}@pakejmagabfdeieggdbnmnhhpdkkkkgn 0x61 0x62 0x70 0x69 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{92C1845F-9629-E837-45B3-5CE2552BF71B}
---- EOF - GMER 2.1 ----
Code:
ATTFilter C:\$RECYCLE.BIN\S-1-5-21-1903734357-4184266498-2229017531-1000\$R4YML6G.exe Variante von Win32/Packed.Asprotect.DS Trojaner
C:\$RECYCLE.BIN\S-1-5-21-1903734357-4184266498-2229017531-1000\$RCSOFHL.exe Variante von Win32/Packed.Asprotect.DS Trojaner
C:\$RECYCLE.BIN\S-1-5-21-1903734357-4184266498-2229017531-1000\$RPPGSTB.exe Variante von Win32/Packed.Asprotect.DS Trojaner
C:\$RECYCLE.BIN\S-1-5-21-1903734357-4184266498-2229017531-1000\$R0ELI5G\gyup.exe Variante von Win32/Packed.Asprotect.DS Trojaner
C:\$RECYCLE.BIN\S-1-5-21-1903734357-4184266498-2229017531-1000\$RBE2FXR\gyup.exe Variante von Win32/Packed.Asprotect.DS Trojaner
C:\Documents and Settings\User1\Anwendungsdaten\OpenCandy\8625182C5B5441FC81376116A8740B4B\LatestDLMgr.exe Win32/OpenCandy potenziell unsichere Anwendung
C:\Documents and Settings\User1\Anwendungsdaten\OpenCandy\8625182C5B5441FC81376116A8740B4B\speedupmypcDE.exe Win32/SpeedUpMyPC evtl. unerwünschte Anwendung
C:\Documents and Settings\User1\Anwendungsdaten\OpenCandy\91465CF06A734FD7857901ECBD6E9B9E\LatestDLMgr.exe Win32/OpenCandy potenziell unsichere Anwendung
C:\Documents and Settings\User1\Anwendungsdaten\Ryxui\gyup.exe Variante von Win32/Packed.Asprotect.DS Trojaner
C:\Documents and Settings\User1\AppData\Local\Anwendungsdaten\Conduit\CT2269050\DVDVideoSoftTBAutoUpdateHelper.exe Variante von Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung
C:\Documents and Settings\User1\AppData\Local\Anwendungsdaten\Temp\KB09305459.exe Variante von Win32/Packed.Asprotect.DS Trojaner
C:\Documents and Settings\User1\AppData\Local\Anwendungsdaten\Temp\OCS\ocs_v71b.exe Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung
C:\Documents and Settings\User1\AppData\Local\Conduit\CT2269050\DVDVideoSoftTBAutoUpdateHelper.exe Variante von Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung
C:\Documents and Settings\User1\AppData\Local\Temp\KB09305459.exe Variante von Win32/Packed.Asprotect.DS Trojaner
C:\Documents and Settings\User1\AppData\Local\Temp\OCS\ocs_v71b.exe Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung
C:\Documents and Settings\User1\AppData\LocalLow\DVDVideoSoftTB\hk64tbDVD0.dll Variante von Win64/Toolbar.Conduit.B evtl. unerwünschte Anwendung
C:\Documents and Settings\User1\AppData\LocalLow\DVDVideoSoftTB\hk64tbDVD2.dll Win64/Toolbar.Conduit.A evtl. unerwünschte Anwendung
C:\Documents and Settings\User1\AppData\LocalLow\DVDVideoSoftTB\hktbDVD0.dll Variante von Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung
C:\Documents and Settings\User1\AppData\LocalLow\DVDVideoSoftTB\hktbDVD2.dll Win32/Toolbar.Conduit.W evtl. unerwünschte Anwendung
C:\Documents and Settings\User1\AppData\LocalLow\DVDVideoSoftTB\ldrtbDVD0.dll Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung
C:\Documents and Settings\User1\AppData\LocalLow\DVDVideoSoftTB\ldrtbDVD2.dll Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung
C:\Documents and Settings\User1\AppData\LocalLow\DVDVideoSoftTB\tbDVD0.dll Variante von Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung
C:\Documents and Settings\User1\AppData\LocalLow\DVDVideoSoftTB\tbDVD1.dll Variante von Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung
C:\Documents and Settings\User1\AppData\LocalLow\DVDVideoSoftTB\tbDVD2.dll Variante von Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung
C:\Documents and Settings\User1\AppData\LocalLow\DVDVideoSoftTB\tbDVDV.dll Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung
C:\Documents and Settings\User1\AppData\LocalLow\DVDVideoSoftTB\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.6.12\bin\PriceGongIE.dll Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung
C:\Documents and Settings\User1\AppData\Roaming\OpenCandy\8625182C5B5441FC81376116A8740B4B\LatestDLMgr.exe Win32/OpenCandy potenziell unsichere Anwendung
C:\Documents and Settings\User1\AppData\Roaming\OpenCandy\8625182C5B5441FC81376116A8740B4B\speedupmypcDE.exe Win32/SpeedUpMyPC evtl. unerwünschte Anwendung
C:\Documents and Settings\User1\AppData\Roaming\OpenCandy\91465CF06A734FD7857901ECBD6E9B9E\LatestDLMgr.exe Win32/OpenCandy potenziell unsichere Anwendung
C:\Documents and Settings\User1\AppData\Roaming\Ryxui\gyup.exe Variante von Win32/Packed.Asprotect.DS Trojaner
C:\Documents and Settings\User1\Desktop\HSS-1.51-install-anchorfree-76-conduit.exe Variante von Win32/HotSpotShield evtl. unerwünschte Anwendung
C:\Documents and Settings\User1\Downloads\java_setup.exe Win32/AdWare.iBryte.AW Anwendung
C:\Documents and Settings\User1\Downloads\setup (1).exe Win32/OutBrowse.G evtl. unerwünschte Anwendung
C:\Documents and Settings\User1\Downloads\setup (2).exe Win32/OutBrowse.G evtl. unerwünschte Anwendung
C:\Documents and Settings\User1\Downloads\setup.exe Win32/OutBrowse.G evtl. unerwünschte Anwendung
C:\Documents and Settings\User1\Downloads\SoftonicDownloader_fuer_iringer.exe Win32/SoftonicDownloader.G evtl. unerwünschte Anwendung
C:\Documents and Settings\User1\Lokale Einstellungen\Conduit\CT2269050\DVDVideoSoftTBAutoUpdateHelper.exe Variante von Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung
C:\Documents and Settings\User1\Lokale Einstellungen\Temp\KB09305459.exe Variante von Win32/Packed.Asprotect.DS Trojaner
C:\Documents and Settings\User1\Lokale Einstellungen\Temp\OCS\ocs_v71b.exe Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung
C:\Dokumente und Einstellungen\User1\Anwendungsdaten\OpenCandy\8625182C5B5441FC81376116A8740B4B\LatestDLMgr.exe Win32/OpenCandy potenziell unsichere Anwendung
C:\Dokumente und Einstellungen\User1\Anwendungsdaten\OpenCandy\8625182C5B5441FC81376116A8740B4B\speedupmypcDE.exe Win32/SpeedUpMyPC evtl. unerwünschte Anwendung
C:\Dokumente und Einstellungen\User1\Anwendungsdaten\OpenCandy\91465CF06A734FD7857901ECBD6E9B9E\LatestDLMgr.exe Win32/OpenCandy potenziell unsichere Anwendung
C:\Dokumente und Einstellungen\User1\Anwendungsdaten\Ryxui\gyup.exe Variante von Win32/Packed.Asprotect.DS Trojaner
C:\Dokumente und Einstellungen\User1\AppData\Local\Anwendungsdaten\Conduit\CT2269050\DVDVideoSoftTBAutoUpdateHelper.exe Variante von Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung
C:\Dokumente und Einstellungen\User1\AppData\Local\Anwendungsdaten\Temp\KB09305459.exe Variante von Win32/Packed.Asprotect.DS Trojaner
C:\Dokumente und Einstellungen\User1\AppData\Local\Anwendungsdaten\Temp\OCS\ocs_v71b.exe Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung
C:\Dokumente und Einstellungen\User1\AppData\Local\Conduit\CT2269050\DVDVideoSoftTBAutoUpdateHelper.exe Variante von Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung
C:\Dokumente und Einstellungen\User1\AppData\Local\Temp\KB09305459.exe Variante von Win32/Packed.Asprotect.DS Trojaner
C:\Dokumente und Einstellungen\User1\AppData\Local\Temp\OCS\ocs_v71b.exe Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung
C:\Dokumente und Einstellungen\User1\AppData\LocalLow\DVDVideoSoftTB\hk64tbDVD0.dll Variante von Win64/Toolbar.Conduit.B evtl. unerwünschte Anwendung
C:\Dokumente und Einstellungen\User1\AppData\LocalLow\DVDVideoSoftTB\hk64tbDVD2.dll Win64/Toolbar.Conduit.A evtl. unerwünschte Anwendung
C:\Dokumente und Einstellungen\User1\AppData\LocalLow\DVDVideoSoftTB\hktbDVD0.dll Variante von Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung
C:\Dokumente und Einstellungen\User1\AppData\LocalLow\DVDVideoSoftTB\hktbDVD2.dll Win32/Toolbar.Conduit.W evtl. unerwünschte Anwendung
C:\Dokumente und Einstellungen\User1\AppData\LocalLow\DVDVideoSoftTB\ldrtbDVD0.dll Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung
C:\Dokumente und Einstellungen\User1\AppData\LocalLow\DVDVideoSoftTB\ldrtbDVD2.dll Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung
C:\Dokumente und Einstellungen\User1\AppData\LocalLow\DVDVideoSoftTB\tbDVD0.dll Variante von Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung
C:\Dokumente und Einstellungen\User1\AppData\LocalLow\DVDVideoSoftTB\tbDVD1.dll Variante von Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung
C:\Dokumente und Einstellungen\User1\AppData\LocalLow\DVDVideoSoftTB\tbDVD2.dll Variante von Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung
C:\Dokumente und Einstellungen\User1\AppData\LocalLow\DVDVideoSoftTB\tbDVDV.dll Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung
C:\Dokumente und Einstellungen\User1\AppData\LocalLow\DVDVideoSoftTB\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.6.12\bin\PriceGongIE.dll Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung
C:\Dokumente und Einstellungen\User1\AppData\Roaming\OpenCandy\8625182C5B5441FC81376116A8740B4B\LatestDLMgr.exe Win32/OpenCandy potenziell unsichere Anwendung
C:\Dokumente und Einstellungen\User1\AppData\Roaming\OpenCandy\8625182C5B5441FC81376116A8740B4B\speedupmypcDE.exe Win32/SpeedUpMyPC evtl. unerwünschte Anwendung
C:\Dokumente und Einstellungen\User1\AppData\Roaming\OpenCandy\91465CF06A734FD7857901ECBD6E9B9E\LatestDLMgr.exe Win32/OpenCandy potenziell unsichere Anwendung
C:\Dokumente und Einstellungen\User1\AppData\Roaming\Ryxui\gyup.exe Variante von Win32/Packed.Asprotect.DS Trojaner
C:\Dokumente und Einstellungen\User1\Desktop\HSS-1.51-install-anchorfree-76-conduit.exe Variante von Win32/HotSpotShield evtl. unerwünschte Anwendung
C:\Dokumente und Einstellungen\User1\Downloads\java_setup.exe Win32/AdWare.iBryte.AW Anwendung
C:\Dokumente und Einstellungen\User1\Downloads\setup (1).exe Win32/OutBrowse.G evtl. unerwünschte Anwendung
C:\Dokumente und Einstellungen\User1\Downloads\setup (2).exe Win32/OutBrowse.G evtl. unerwünschte Anwendung
C:\Dokumente und Einstellungen\User1\Downloads\setup.exe Win32/OutBrowse.G evtl. unerwünschte Anwendung
C:\Dokumente und Einstellungen\User1\Downloads\SoftonicDownloader_fuer_iringer.exe Win32/SoftonicDownloader.G evtl. unerwünschte Anwendung
C:\Dokumente und Einstellungen\User1\Lokale Einstellungen\Conduit\CT2269050\DVDVideoSoftTBAutoUpdateHelper.exe Variante von Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung
C:\Dokumente und Einstellungen\User1\Lokale Einstellungen\Temp\KB09305459.exe Variante von Win32/Packed.Asprotect.DS Trojaner
C:\Dokumente und Einstellungen\User1\Lokale Einstellungen\Temp\OCS\ocs_v71b.exe Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung
C:\Program Files\DVDVideoSoftTB\DVDVideoSoftTBToolbarHelper.exe Win32/Toolbar.Conduit.V evtl. unerwünschte Anwendung
C:\Program Files\DVDVideoSoftTB\DVDVideoSoftTBToolbarHelper1.exe Win32/Toolbar.Conduit.V evtl. unerwünschte Anwendung
C:\Program Files\DVDVideoSoftTB\hk64tbDVD0.dll Variante von Win64/Toolbar.Conduit.B evtl. unerwünschte Anwendung
C:\Program Files\DVDVideoSoftTB\hk64tbDVD2.dll Win64/Toolbar.Conduit.A evtl. unerwünschte Anwendung
C:\Program Files\DVDVideoSoftTB\hktbDVD0.dll Variante von Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung
C:\Program Files\DVDVideoSoftTB\hktbDVD2.dll Win32/Toolbar.Conduit.W evtl. unerwünschte Anwendung
C:\Program Files\DVDVideoSoftTB\ldrtbDVD0.dll Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung
C:\Program Files\DVDVideoSoftTB\ldrtbDVD2.dll Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung
C:\Program Files\DVDVideoSoftTB\prxtbDVD0.dll Win32/Toolbar.Conduit.N evtl. unerwünschte Anwendung
C:\Program Files\DVDVideoSoftTB\prxtbDVD2.dll Win32/Toolbar.Conduit.W evtl. unerwünschte Anwendung
C:\Program Files\DVDVideoSoftTB\tbDVD0.dll Variante von Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung
C:\Program Files\DVDVideoSoftTB\tbDVD2.dll Variante von Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung
C:\Program Files\DVDVideoSoftTB\tbDVDV.dll Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung
C:\Program Files\PDFCreator\Toolbar\pdfforge Toolbar_setup.exe Win32/Toolbar.Widgi evtl. unerwünschte Anwendung
C:\Programme\DVDVideoSoftTB\DVDVideoSoftTBToolbarHelper.exe Win32/Toolbar.Conduit.V evtl. unerwünschte Anwendung
C:\Programme\DVDVideoSoftTB\DVDVideoSoftTBToolbarHelper1.exe Win32/Toolbar.Conduit.V evtl. unerwünschte Anwendung
C:\Programme\DVDVideoSoftTB\hk64tbDVD0.dll Variante von Win64/Toolbar.Conduit.B evtl. unerwünschte Anwendung
C:\Programme\DVDVideoSoftTB\hk64tbDVD2.dll Win64/Toolbar.Conduit.A evtl. unerwünschte Anwendung
C:\Programme\DVDVideoSoftTB\hktbDVD0.dll Variante von Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung
C:\Programme\DVDVideoSoftTB\hktbDVD2.dll Win32/Toolbar.Conduit.W evtl. unerwünschte Anwendung
C:\Programme\DVDVideoSoftTB\ldrtbDVD0.dll Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung
C:\Programme\DVDVideoSoftTB\ldrtbDVD2.dll Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung
C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll Win32/Toolbar.Conduit.N evtl. unerwünschte Anwendung
C:\Programme\DVDVideoSoftTB\prxtbDVD2.dll Win32/Toolbar.Conduit.W evtl. unerwünschte Anwendung
C:\Programme\DVDVideoSoftTB\tbDVD0.dll Variante von Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung
C:\Programme\DVDVideoSoftTB\tbDVD2.dll Variante von Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung
C:\Programme\DVDVideoSoftTB\tbDVDV.dll Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung
C:\Programme\PDFCreator\Toolbar\pdfforge Toolbar_setup.exe Win32/Toolbar.Widgi evtl. unerwünschte Anwendung
C:\Users\User1\Anwendungsdaten\OpenCandy\8625182C5B5441FC81376116A8740B4B\LatestDLMgr.exe Win32/OpenCandy potenziell unsichere Anwendung
C:\Users\User1\Anwendungsdaten\OpenCandy\8625182C5B5441FC81376116A8740B4B\speedupmypcDE.exe Win32/SpeedUpMyPC evtl. unerwünschte Anwendung
C:\Users\User1\Anwendungsdaten\OpenCandy\91465CF06A734FD7857901ECBD6E9B9E\LatestDLMgr.exe Win32/OpenCandy potenziell unsichere Anwendung
C:\Users\User1\Anwendungsdaten\Ryxui\gyup.exe Variante von Win32/Packed.Asprotect.DS Trojaner
C:\Users\User1\AppData\Local\Conduit\CT2269050\DVDVideoSoftTBAutoUpdateHelper.exe Variante von Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung
C:\Users\User1\AppData\Local\Temp\KB09305459.exe Variante von Win32/Packed.Asprotect.DS Trojaner
C:\Users\User1\AppData\Local\Temp\OCS\ocs_v71b.exe Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung
C:\Users\User1\AppData\LocalLow\DVDVideoSoftTB\hk64tbDVD0.dll Variante von Win64/Toolbar.Conduit.B evtl. unerwünschte Anwendung
C:\Users\User1\AppData\LocalLow\DVDVideoSoftTB\hk64tbDVD2.dll Win64/Toolbar.Conduit.A evtl. unerwünschte Anwendung
C:\Users\User1\AppData\LocalLow\DVDVideoSoftTB\hktbDVD0.dll Variante von Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung
C:\Users\User1\AppData\LocalLow\DVDVideoSoftTB\hktbDVD2.dll Win32/Toolbar.Conduit.W evtl. unerwünschte Anwendung
C:\Users\User1\AppData\LocalLow\DVDVideoSoftTB\ldrtbDVD0.dll Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung
C:\Users\User1\AppData\LocalLow\DVDVideoSoftTB\ldrtbDVD2.dll Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung
C:\Users\User1\AppData\LocalLow\DVDVideoSoftTB\tbDVD0.dll Variante von Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung
C:\Users\User1\AppData\LocalLow\DVDVideoSoftTB\tbDVD1.dll Variante von Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung
C:\Users\User1\AppData\LocalLow\DVDVideoSoftTB\tbDVD2.dll Variante von Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung
C:\Users\User1\AppData\LocalLow\DVDVideoSoftTB\tbDVDV.dll Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung
C:\Users\User1\AppData\LocalLow\DVDVideoSoftTB\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.6.12\bin\PriceGongIE.dll Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung
C:\Users\User1\AppData\Roaming\OpenCandy\8625182C5B5441FC81376116A8740B4B\LatestDLMgr.exe Win32/OpenCandy potenziell unsichere Anwendung
C:\Users\User1\AppData\Roaming\OpenCandy\8625182C5B5441FC81376116A8740B4B\speedupmypcDE.exe Win32/SpeedUpMyPC evtl. unerwünschte Anwendung
C:\Users\User1\AppData\Roaming\OpenCandy\91465CF06A734FD7857901ECBD6E9B9E\LatestDLMgr.exe Win32/OpenCandy potenziell unsichere Anwendung
C:\Users\User1\AppData\Roaming\Ryxui\gyup.exe Variante von Win32/Packed.Asprotect.DS Trojaner
C:\Users\User1\Desktop\HSS-1.51-install-anchorfree-76-conduit.exe Variante von Win32/HotSpotShield evtl. unerwünschte Anwendung
C:\Users\User1\Downloads\java_setup.exe Win32/AdWare.iBryte.AW Anwendung
C:\Users\User1\Downloads\setup (1).exe Win32/OutBrowse.G evtl. unerwünschte Anwendung
C:\Users\User1\Downloads\setup (2).exe Win32/OutBrowse.G evtl. unerwünschte Anwendung
C:\Users\User1\Downloads\setup.exe Win32/OutBrowse.G evtl. unerwünschte Anwendung
C:\Users\User1\Downloads\SoftonicDownloader_fuer_iringer.exe Win32/SoftonicDownloader.G evtl. unerwünschte Anwendung
C:\Users\User1\Lokale Einstellungen\Conduit\CT2269050\DVDVideoSoftTBAutoUpdateHelper.exe Variante von Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung
C:\Users\User1\Lokale Einstellungen\Temp\KB09305459.exe Variante von Win32/Packed.Asprotect.DS Trojaner
C:\Users\User1\Lokale Einstellungen\Temp\OCS\ocs_v71b.exe Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung
C:\Windows\System32\Adobe\Shockwave 12\gt.exe Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung
D:\wichtige_0676.zip Variante von Win32/Kryptik.CLUJ Trojaner
D:\Documents\Downloads\FreeYouTubeToMp3Converter31452.exe Variante von Win32/Bundled.Toolbar.Ask.G potenziell unsichere Anwendung
D:\Downloads\cnet2_powertab_zip.exe Variante von Win32/InstallCore.D evtl. unerwünschte Anwendung
D:\Downloads\dmge-latest.exe Win32/OpenCandy potenziell unsichere Anwendung
D:\Downloads\FreeAudioConverter.exe Win32/OpenCandy potenziell unsichere Anwendung
D:\Downloads\FreeStudio.exe Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung
D:\Downloads\FreeVideoToDVDConverter.exe Win32/Toolbar.Conduit evtl. unerwünschte Anwendung
D:\Downloads\FreeYouTubeToMP3Converter(1).exe Variante von Win32/Toolbar.Conduit.AI evtl. unerwünschte Anwendung
D:\Downloads\FreeYouTubeToMP3Converter(2).exe Win32/OpenCandy potenziell unsichere Anwendung
D:\Downloads\FreeYouTubeToMP3Converter.exe Variante von Win32/Toolbar.Conduit.AI evtl. unerwünschte Anwendung
D:\Downloads\iLividSetup-r563-n-bf.exe Win32/Toolbar.SearchSuite evtl. unerwünschte Anwendung
D:\Downloads\Integrated_CT2325506.exe Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung
D:\Downloads\Mv2%20Player.exe MSIL/Solimba evtl. unerwünschte Anwendung
D:\Downloads\PDFCreator-1_2_3_setup.exe Win32/Toolbar.Widgi evtl. unerwünschte Anwendung
D:\Downloads\Shockwave_Installer_Slim(1).exe Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung
D:\Downloads\SopCast332(1).zip Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung
D:\Downloads\SopCast332.zip Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung
D:\Downloads\ZipOpenerSetup.exe Win32/InstallCore.BN evtl. unerwünschte Anwendung
D:\Downloads bis 3_5_2011\HoldemIndicatorSetup.exe Variante von Win32/Packed.Themida evtl. unerwünschte Anwendung
D:\Downloads bis 3_5_2011\SoftonicDownloader96007.exe Win32/SoftonicDownloader.A evtl. unerwünschte Anwendung
H:\HomeSafe\Eigene Dateien Festplatte E\Downloads\Privat\keylogger.zip Mehrere Bedrohungen
H:\HomeSafe\Eigene Dateien Festplatte E\Downloads\Geschäft\Downloads\HoldemIndicatorSetup.exe Variante von Win32/Packed.Themida evtl. unerwünschte Anwendung
H:\HomeSafe\Eigene Dateien Festplatte E\Downloads\Geschäft\Downloads\Setup_Moorhuhn_Winter_GER-dm.exe Variante von Win32/Adware.Trymedia.A evtl. unerwünschte Anwendung
H:\HomeSafe\Eigene Dateien Festplatte E\Sicherung\Sicherung Netz 2001\UTIL\NSM\CALCPSW.EXE möglicherweise unbekannter Virus POLY.CRYPT.TSR.COM.EXE Virus
H:\HomeSafe\Eigene Dateien Festplatte E\Sicherung\OLDCOMP\DOKUME~1\WRAPST~1.EXE Win32/Adware.Webhancer.A Anwendung
Bekomme ich diesen Dreck wieder los, ohne die Festplatte plattmachen zu müssen? Für Hilfe wäre ich sehr dankbar!! Herzliche Grüße Thomas |
|
24.09.2014, 13:16
| #2 |
| /// the machine /// TB-Ausbilder    | Win7 Prof. Infiziert mit Win32/Packed.Asprotect.DS Trojaner! Entfernung? hi,
__________________Scan mit Combofix
__________________ |
|
24.09.2014, 14:18
| #3 |
| | Win7 Prof. Infiziert mit Win32/Packed.Asprotect.DS Trojaner! Entfernung? Hallo,
__________________vielen Dank für die schnelle Antwort. Hier das Protokoll von Combofix: Code:
ATTFilter Combofix Logfile: Herzlichen Dank!! |
|
25.09.2014, 08:49
| #4 |
| /// the machine /// TB-Ausbilder | Win7 Prof. Infiziert mit Win32/Packed.Asprotect.DS Trojaner! Entfernung? Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
25.09.2014, 10:14
| #5 |
| | Win7 Prof. Infiziert mit Win32/Packed.Asprotect.DS Trojaner! Entfernung? Hallo Schrauber, vielen Dank für die Hilfestellung. Ich habe mal eine "Zwischen-Spende" gemacht. Hier also die Ergebnisse der Scans: 1. Malware Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 25.09.2014 Suchlauf-Zeit: 10:09:07 Logdatei: Malware_25_09_2014.txt Administrator: Ja Version: 2.00.2.1012 Malware Datenbank: v2014.09.25.03 Rootkit Datenbank: v2014.09.19.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Self-protection: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x86 Dateisystem: NTFS Benutzer: User1 Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 449347 Verstrichene Zeit: 14 Min, 29 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristics: Aktiviert PUP: Warnen PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 3 PUP.Optional.PriceGong.A, HKU\S-1-5-21-1903734357-4184266498-2229017531-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\PriceGong, Keine Aktion durch Benutzer, [6f68c0313546e155733508306a9955ab], PUP.Optional.DVDVideoSoftTB.A, HKU\S-1-5-21-1903734357-4184266498-2229017531-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\nikpibnbobmbdbheedjfogjlikpgpnhp, Keine Aktion durch Benutzer, [def9cd24c6b5092d901439d06d96c13f], PUP.Optional.Softonic.A, HKU\S-1-5-21-1903734357-4184266498-2229017531-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader, Keine Aktion durch Benutzer, [637406ebff7c8ea8f768a9848e755fa1], Registrierungswerte: 0 (No malicious items detected) Registrierungsdaten: 1 PUP.Optional.Conduit.A, HKU\S-1-5-21-1903734357-4184266498-2229017531-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://search.conduit.com/?SearchSource=10&ctid=CT2269050&CUI=UN13549586332807810, Gut: (www.google.com), Schlecht: (hxxp://search.conduit.com/?SearchSource=10&ctid=CT2269050&CUI=UN13549586332807810),Keine Aktion durch Benutzer,[2cabeb06dc9ff3434bdf51b264a1dc24] Ordner: 7 PUP.Optional.OpenCandy, C:\Users\User1\AppData\Roaming\OpenCandy, Keine Aktion durch Benutzer, [06d1cc254d2e6ec8a1c5fddda75b8d73], PUP.Optional.OpenCandy, C:\Users\User1\AppData\Roaming\OpenCandy\8625182C5B5441FC81376116A8740B4B, Keine Aktion durch Benutzer, [06d1cc254d2e6ec8a1c5fddda75b8d73], PUP.Optional.OpenCandy, C:\Users\User1\AppData\Roaming\OpenCandy\91465CF06A734FD7857901ECBD6E9B9E, Keine Aktion durch Benutzer, [06d1cc254d2e6ec8a1c5fddda75b8d73], PUP.Optional.OpenCandy, C:\Users\User1\AppData\Roaming\OpenCandy\C80BF59B86A948AFB6CE07F26276EFD4, Keine Aktion durch Benutzer, [06d1cc254d2e6ec8a1c5fddda75b8d73], PUP.Optional.PriceGong.A, C:\Users\User1\AppData\LocalLow\PriceGong, Keine Aktion durch Benutzer, [c80f777a9cdf4bebc51e57861be75ea2], PUP.Optional.PriceGong.A, C:\Users\User1\AppData\LocalLow\PriceGong\Data, Keine Aktion durch Benutzer, [c80f777a9cdf4bebc51e57861be75ea2], PUP.Optional.PriceGong.A, C:\Users\User1\AppData\LocalLow\PriceGong\tmp, Keine Aktion durch Benutzer, [c80f777a9cdf4bebc51e57861be75ea2], Dateien: 46 PUP.Optional.OpenCandy.A, C:\Users\User1\AppData\Roaming\OpenCandy\8625182C5B5441FC81376116A8740B4B\LatestDLMgr.exe, Keine Aktion durch Benutzer, [a33421d0c2b98fa7d2019c8152afdb25], PUP.Optional.OpenCandy.A, C:\Users\User1\AppData\Roaming\OpenCandy\91465CF06A734FD7857901ECBD6E9B9E\LatestDLMgr.exe, Keine Aktion durch Benutzer, [91463eb3780360d69e3508152dd452ae], PUP.Optional.Conduit.A, C:\Users\User1\Desktop\HSS-1.51-install-anchorfree-76-conduit.exe, Keine Aktion durch Benutzer, [6d6ac22ff68558defa1be37550b12fd1], PUP.Optional.Conduit.A, C:\Program Files\DVDVideoSoftTB\DVDVideoSoftTBToolbarHelper.exe, Keine Aktion durch Benutzer, [7c5ba54ce794b4826ff951cd28d8669a], PUP.Optional.Conduit.A, C:\Program Files\DVDVideoSoftTB\DVDVideoSoftTBToolbarHelper1.exe, Keine Aktion durch Benutzer, [8b4c955c1c5f92a43f29dd4149b73ac6], PUP.Optional.OutBrowse, C:\Users\User1\Downloads\setup (1).exe, Keine Aktion durch Benutzer, [6374826fef8cc571a58fb6d056ae6c94], PUP.Optional.OutBrowse, C:\Users\User1\Downloads\setup.exe, Keine Aktion durch Benutzer, [3f987d74f784e650a78dff87c53fa55b], PUP.Optional.Softonic.A, C:\Users\User1\Downloads\SoftonicDownloader_fuer_iringer.exe, Keine Aktion durch Benutzer, [4e89aa476912f244067519184cb5867a], PUP.Optional.OutBrowse, C:\Users\User1\Downloads\setup (2).exe, Keine Aktion durch Benutzer, [4d8aa54ca9d2d462f73d5a2ccc380ef2], PUP.Optional.iBryte, C:\Users\User1\Downloads\java_setup.exe, Keine Aktion durch Benutzer, [20b7c130d1aa4cea269fe3ca4fb28d73], PUP.Optional.Conduit.A, C:\Users\User1\AppData\Local\Conduit\CT2269050\DVDVideoSoftTBAutoUpdateHelper.exe, Keine Aktion durch Benutzer, [35a239b87803e452a6c2df3fb749db25], PUP.Optional.Conduit.A, C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\9we27dqw.default\searchplugins\conduit.xml, Keine Aktion durch Benutzer, [03d4559cc1ba88ae15698fa40bf8ce32], PUP.Optional.OpenCandy, C:\Users\User1\AppData\Roaming\OpenCandy\8625182C5B5441FC81376116A8740B4B\3209.ico, Keine Aktion durch Benutzer, [06d1cc254d2e6ec8a1c5fddda75b8d73], PUP.Optional.OpenCandy, C:\Users\User1\AppData\Roaming\OpenCandy\8625182C5B5441FC81376116A8740B4B\speedupmypcDE.exe, Keine Aktion durch Benutzer, [06d1cc254d2e6ec8a1c5fddda75b8d73], PUP.Optional.OpenCandy, C:\Users\User1\AppData\Roaming\OpenCandy\C80BF59B86A948AFB6CE07F26276EFD4\version512e990dafdb7.exe, Keine Aktion durch Benutzer, [06d1cc254d2e6ec8a1c5fddda75b8d73], PUP.Optional.PriceGong.A, C:\Users\User1\AppData\LocalLow\PriceGong\Data\1.txt, Keine Aktion durch Benutzer, [c80f777a9cdf4bebc51e57861be75ea2], PUP.Optional.PriceGong.A, C:\Users\User1\AppData\LocalLow\PriceGong\Data\7031.txt, Keine Aktion durch Benutzer, [c80f777a9cdf4bebc51e57861be75ea2], PUP.Optional.PriceGong.A, C:\Users\User1\AppData\LocalLow\PriceGong\Data\a.txt, Keine Aktion durch Benutzer, [c80f777a9cdf4bebc51e57861be75ea2], PUP.Optional.PriceGong.A, C:\Users\User1\AppData\LocalLow\PriceGong\Data\b.txt, Keine Aktion durch Benutzer, [c80f777a9cdf4bebc51e57861be75ea2], PUP.Optional.PriceGong.A, C:\Users\User1\AppData\LocalLow\PriceGong\Data\c.txt, Keine Aktion durch Benutzer, [c80f777a9cdf4bebc51e57861be75ea2], PUP.Optional.PriceGong.A, C:\Users\User1\AppData\LocalLow\PriceGong\Data\d.txt, Keine Aktion durch Benutzer, [c80f777a9cdf4bebc51e57861be75ea2], PUP.Optional.PriceGong.A, C:\Users\User1\AppData\LocalLow\PriceGong\Data\e.txt, Keine Aktion durch Benutzer, [c80f777a9cdf4bebc51e57861be75ea2], PUP.Optional.PriceGong.A, C:\Users\User1\AppData\LocalLow\PriceGong\Data\f.txt, Keine Aktion durch Benutzer, [c80f777a9cdf4bebc51e57861be75ea2], PUP.Optional.PriceGong.A, C:\Users\User1\AppData\LocalLow\PriceGong\Data\g.txt, Keine Aktion durch Benutzer, [c80f777a9cdf4bebc51e57861be75ea2], PUP.Optional.PriceGong.A, C:\Users\User1\AppData\LocalLow\PriceGong\Data\h.txt, Keine Aktion durch Benutzer, [c80f777a9cdf4bebc51e57861be75ea2], PUP.Optional.PriceGong.A, C:\Users\User1\AppData\LocalLow\PriceGong\Data\i.txt, Keine Aktion durch Benutzer, [c80f777a9cdf4bebc51e57861be75ea2], PUP.Optional.PriceGong.A, C:\Users\User1\AppData\LocalLow\PriceGong\Data\j.txt, Keine Aktion durch Benutzer, [c80f777a9cdf4bebc51e57861be75ea2], PUP.Optional.PriceGong.A, C:\Users\User1\AppData\LocalLow\PriceGong\Data\k.txt, Keine Aktion durch Benutzer, [c80f777a9cdf4bebc51e57861be75ea2], PUP.Optional.PriceGong.A, C:\Users\User1\AppData\LocalLow\PriceGong\Data\l.txt, Keine Aktion durch Benutzer, [c80f777a9cdf4bebc51e57861be75ea2], PUP.Optional.PriceGong.A, C:\Users\User1\AppData\LocalLow\PriceGong\Data\m.txt, Keine Aktion durch Benutzer, [c80f777a9cdf4bebc51e57861be75ea2], PUP.Optional.PriceGong.A, C:\Users\User1\AppData\LocalLow\PriceGong\Data\n.txt, Keine Aktion durch Benutzer, [c80f777a9cdf4bebc51e57861be75ea2], PUP.Optional.PriceGong.A, C:\Users\User1\AppData\LocalLow\PriceGong\Data\o.txt, Keine Aktion durch Benutzer, [c80f777a9cdf4bebc51e57861be75ea2], PUP.Optional.PriceGong.A, C:\Users\User1\AppData\LocalLow\PriceGong\Data\p.txt, Keine Aktion durch Benutzer, [c80f777a9cdf4bebc51e57861be75ea2], PUP.Optional.PriceGong.A, C:\Users\User1\AppData\LocalLow\PriceGong\Data\q.txt, Keine Aktion durch Benutzer, [c80f777a9cdf4bebc51e57861be75ea2], PUP.Optional.PriceGong.A, C:\Users\User1\AppData\LocalLow\PriceGong\Data\r.txt, Keine Aktion durch Benutzer, [c80f777a9cdf4bebc51e57861be75ea2], PUP.Optional.PriceGong.A, C:\Users\User1\AppData\LocalLow\PriceGong\Data\s.txt, Keine Aktion durch Benutzer, [c80f777a9cdf4bebc51e57861be75ea2], PUP.Optional.PriceGong.A, C:\Users\User1\AppData\LocalLow\PriceGong\Data\t.txt, Keine Aktion durch Benutzer, [c80f777a9cdf4bebc51e57861be75ea2], PUP.Optional.PriceGong.A, C:\Users\User1\AppData\LocalLow\PriceGong\Data\u.txt, Keine Aktion durch Benutzer, [c80f777a9cdf4bebc51e57861be75ea2], PUP.Optional.PriceGong.A, C:\Users\User1\AppData\LocalLow\PriceGong\Data\v.txt, Keine Aktion durch Benutzer, [c80f777a9cdf4bebc51e57861be75ea2], PUP.Optional.PriceGong.A, C:\Users\User1\AppData\LocalLow\PriceGong\Data\w.txt, Keine Aktion durch Benutzer, [c80f777a9cdf4bebc51e57861be75ea2], PUP.Optional.PriceGong.A, C:\Users\User1\AppData\LocalLow\PriceGong\Data\wlu.txt, Keine Aktion durch Benutzer, [c80f777a9cdf4bebc51e57861be75ea2], PUP.Optional.PriceGong.A, C:\Users\User1\AppData\LocalLow\PriceGong\Data\x.txt, Keine Aktion durch Benutzer, [c80f777a9cdf4bebc51e57861be75ea2], PUP.Optional.PriceGong.A, C:\Users\User1\AppData\LocalLow\PriceGong\Data\y.txt, Keine Aktion durch Benutzer, [c80f777a9cdf4bebc51e57861be75ea2], PUP.Optional.PriceGong.A, C:\Users\User1\AppData\LocalLow\PriceGong\Data\z.txt, Keine Aktion durch Benutzer, [c80f777a9cdf4bebc51e57861be75ea2], Trojan.Agent.EDFK, d:\Downloads\wichtige_0676.zip, In Quarantäne, [29aebd343645d264676fe2e150b1837d], Trojan.Agent.EDFK, d:\\settings\wichtige_0676.zip, In Quarantäne, [f4e3668b05762f071db94f7488797789], Physische Sektoren: 0 (No malicious items detected) (end) AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v3.310 - Bericht erstellt am 25/09/2014 um 10:43:08
# Aktualisiert 12/09/2014 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits)
# Benutzername : User1 - User1-HP
# Gestartet von : C:\Users\User1\Desktop\AdwCleaner_3.310.exe
# Option : Löschen
***** [ Dienste ] *****
[#] Dienst Gelöscht : hsstrayservice
Dienst Gelöscht : hsswd
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\hotspot shield
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\hotspot shield
Ordner Gelöscht : C:\Program Files\DVDVideoSoftTB
Ordner Gelöscht : C:\Program Files\hotspot shield
Ordner Gelöscht : C:\Program Files\NCH Software
Ordner Gelöscht : C:\Windows\system32\hotspot shield
Ordner Gelöscht : D:\\Updater
Ordner Gelöscht : C:\Users\User1\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\User1\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\User1\AppData\LocalLow\DVDVideoSoftTB
Ordner Gelöscht : C:\Users\User1\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Users\User1\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\User1\AppData\Roaming\OpenCandy
Ordner Gelöscht : C:\Users\User1\AppData\Roaming\pdfforge
Ordner Gelöscht : C:\Users\User1\AppData\Roaming\software4u
Ordner Gelöscht : C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\9we27dqw.default\Conduit
Ordner Gelöscht : C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\9we27dqw.default\ConduitCommon
Ordner Gelöscht : C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\9we27dqw.default\StumbleUpon
Ordner Gelöscht : C:\Program Files\Mozilla Firefox\Extensions\afurladvisor@anchorfree.com
Datei Gelöscht : C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\9we27dqw.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
Datei Gelöscht : C:\Users\User1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Qtrax Player.lnk
Datei Gelöscht : C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\9we27dqw.default\searchplugins\Conduit.xml
Datei Gelöscht : C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
Datei Gelöscht : C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal
***** [ Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\plmlpkfpkijnlijgalnjaacllnjmoamo
Schlüssel Gelöscht : HKCU\Software\Classes\pokki
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Conduit.Engine
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ClickPotatoLiteSA_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ClickPotatoLiteSA_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\DVDVideoSoftTBAutoUpdateHelper_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\DVDVideoSoftTBAutoUpdateHelper_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\LatestDLMgr_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\LatestDLMgr_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\pdfforgeToolbar-stub-1_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\pdfforgeToolbar-stub-1_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SearchSettings_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SearchSettings_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2269050
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2801937
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader96007_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader96007_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A705BA26-B08A-453F-BACE-99FCDDE91FB3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A705BA26-B08A-453F-BACE-99FCDDE91FB3}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A705BA26-B08A-453F-BACE-99FCDDE91FB3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{52713A0A-2E68-4803-B9D4-94E1B4ED8376}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1028397E-66F8-4B12-8534-C78FFF6E8511}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C99FDC39-A1AE-4B24-8D71-E5274F8D7C54}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Schlüssel Gelöscht : HKCU\Software\anchorfree
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\DVDVideoSoftTB
Schlüssel Gelöscht : HKCU\Software\hotspotshield
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\DVDVideoSoftTB
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKLM\SOFTWARE\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\DVDVideoSoftTB
Schlüssel Gelöscht : HKLM\SOFTWARE\hotspotshield
Schlüssel Gelöscht : HKLM\SOFTWARE\Uniblue
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\hotspotshield
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DVDVideoSoftTB Toolbar
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17280
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
-\\ Mozilla Firefox v30.0 (de)
[ Datei : C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\9we27dqw.default\prefs.js ]
Zeile gelöscht : user_pref("CT2269050..clientLogIsEnabled", true);
Zeile gelöscht : user_pref("CT2269050.BrowserCompStateIsOpen_129575150554007677", true);
Zeile gelöscht : user_pref("CT2269050.CTID", "CT2269050");
Zeile gelöscht : user_pref("CT2269050.CurrentServerDate", "17-10-2011");
Zeile gelöscht : user_pref("CT2269050.DSInstall", true);
Zeile gelöscht : user_pref("CT2269050.DialogsAlignMode", "LTR");
Zeile gelöscht : user_pref("CT2269050.DialogsGetterLastCheckTime", "Mon Oct 17 2011 09:31:24 GMT+0200");
Zeile gelöscht : user_pref("CT2269050.DownloadReferralCookieData", "");
Zeile gelöscht : user_pref("CT2269050.EMailNotifierPollDate", "Mon Oct 17 2011 10:52:08 GMT+0200");
Zeile gelöscht : user_pref("CT2269050.FirstServerDate", "17-10-2011");
Zeile gelöscht : user_pref("CT2269050.FirstTime", true);
Zeile gelöscht : user_pref("CT2269050.FirstTimeFF3", true);
Zeile gelöscht : user_pref("CT2269050.FixPageNotFoundErrors", true);
Zeile gelöscht : user_pref("CT2269050.GroupingServerCheckInterval", 1440);
Zeile gelöscht : user_pref("CT2269050.HPChangedManually", false);
Zeile gelöscht : user_pref("CT2269050.HPInstall", false);
Zeile gelöscht : user_pref("CT2269050.HPProtectChoice", true);
Zeile gelöscht : user_pref("CT2269050.HPProtectCount", 2);
Zeile gelöscht : user_pref("CT2269050.HasUserGlobalKeys", true);
Zeile gelöscht : user_pref("CT2269050.HomePageProtectorEnabled", false);
Zeile gelöscht : user_pref("CT2269050.Initialize", true);
Zeile gelöscht : user_pref("CT2269050.InitializeCommonPrefs", true);
Zeile gelöscht : user_pref("CT2269050.InstallationAndCookieDataSentCount", 1);
Zeile gelöscht : user_pref("CT2269050.InstallationType", "UnknownIntegration");
Zeile gelöscht : user_pref("CT2269050.InstalledDate", "Mon Oct 17 2011 09:31:23 GMT+0200");
Zeile gelöscht : user_pref("CT2269050.InvalidateCache", false);
Zeile gelöscht : user_pref("CT2269050.IsAlertDBUpdated", true);
Zeile gelöscht : user_pref("CT2269050.IsGrouping", false);
Zeile gelöscht : user_pref("CT2269050.IsInitSetupIni", true);
Zeile gelöscht : user_pref("CT2269050.IsMulticommunity", false);
Zeile gelöscht : user_pref("CT2269050.IsOpenThankYouPage", false);
Zeile gelöscht : user_pref("CT2269050.IsOpenUninstallPage", false);
Zeile gelöscht : user_pref("CT2269050.IsProtectorsInit", true);
Zeile gelöscht : user_pref("CT2269050.LanguagePackLastCheckTime", "Mon Oct 17 2011 09:31:25 GMT+0200");
Zeile gelöscht : user_pref("CT2269050.LanguagePackReloadIntervalMM", 1440);
Zeile gelöscht : user_pref("CT2269050.LastLogin_3.7.0.6", "Mon Oct 17 2011 09:31:28 GMT+0200");
Zeile gelöscht : user_pref("CT2269050.LatestVersion", "3.7.0.6");
Zeile gelöscht : user_pref("CT2269050.Locale", "en");
Zeile gelöscht : user_pref("CT2269050.MCDetectTooltipHeight", "83");
Zeile gelöscht : user_pref("CT2269050.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Zeile gelöscht : user_pref("CT2269050.MCDetectTooltipWidth", "295");
Zeile gelöscht : user_pref("CT2269050.MyStuffEnabledAtInstallation", true);
Zeile gelöscht : user_pref("CT2269050.OriginalFirstVersion", "3.7.0.6");
Zeile gelöscht : user_pref("CT2269050.RadioIsPodcast", false);
Zeile gelöscht : user_pref("CT2269050.RadioLastCheckTime", "Mon Oct 17 2011 09:31:24 GMT+0200");
Zeile gelöscht : user_pref("CT2269050.RadioLastUpdateIPServer", "3");
Zeile gelöscht : user_pref("CT2269050.RadioLastUpdateServer", "129132338014870000");
Zeile gelöscht : user_pref("CT2269050.RadioMediaID", "12473383");
Zeile gelöscht : user_pref("CT2269050.RadioMediaType", "Media Player");
Zeile gelöscht : user_pref("CT2269050.RadioMenuSelectedID", "EBRadioMenu_CT226905012473383");
Zeile gelöscht : user_pref("CT2269050.RadioShrinkedFromSetup", false);
Zeile gelöscht : user_pref("CT2269050.RadioStationName", "Hotmix%20108");
Zeile gelöscht : user_pref("CT2269050.RadioStationURL", "hxxp://67.202.67.18:8082");
Zeile gelöscht : user_pref("CT2269050.SHRINK_TOOLBAR", 1);
Zeile gelöscht : user_pref("CT2269050.SavedHomepage", "hxxp://www.spiegel.de/|hxxps://www.facebook.com/|hxxp://www.zeit.de/index|hxxp://www.faz.net/s/homepage.html|hxxp://www.psasquashtv.com/page/Home/");
Zeile gelöscht : user_pref("CT2269050.SearchCaption", "DVDVideoSoftTB Customized Web Search");
Zeile gelöscht : user_pref("CT2269050.SearchEngineBeforeUnload", "DVDVideoSoftTB Customized Web Search");
Zeile gelöscht : user_pref("CT2269050.SearchFromAddressBarIsInit", true);
Zeile gelöscht : user_pref("CT2269050.SearchInNewTabEnabled", true);
Zeile gelöscht : user_pref("CT2269050.SearchInNewTabIntervalMM", 1440);
Zeile gelöscht : user_pref("CT2269050.SearchInNewTabLastCheckTime", "Mon Oct 17 2011 09:31:28 GMT+0200");
Zeile gelöscht : user_pref("CT2269050.SearchProtectorEnabled", true);
Zeile gelöscht : user_pref("CT2269050.SearchProtectorToolbarDisabled", false);
Zeile gelöscht : user_pref("CT2269050.SendProtectorDataViaLogin", true);
Zeile gelöscht : user_pref("CT2269050.ServiceMapLastCheckTime", "Mon Oct 17 2011 09:31:20 GMT+0200");
Zeile gelöscht : user_pref("CT2269050.SettingsLastCheckTime", "Mon Oct 17 2011 09:31:21 GMT+0200");
Zeile gelöscht : user_pref("CT2269050.SettingsLastUpdate", "1314606801");
Zeile gelöscht : user_pref("CT2269050.ThirdPartyComponentsInterval", 504);
Zeile gelöscht : user_pref("CT2269050.ThirdPartyComponentsLastCheck", "Mon Oct 17 2011 09:31:20 GMT+0200");
Zeile gelöscht : user_pref("CT2269050.ThirdPartyComponentsLastUpdate", "1312887586");
Zeile gelöscht : user_pref("CT2269050.ToolbarShrinkedFromSetup", false);
Zeile gelöscht : user_pref("CT2269050.Uninstall", true);
Zeile gelöscht : user_pref("CT2269050.UserID", "UN78443209048120836");
Zeile gelöscht : user_pref("CT2269050.ValidationData_Toolbar", 2);
Zeile gelöscht : user_pref("CT2269050.WeatherNetwork", "");
Zeile gelöscht : user_pref("CT2269050.WeatherPollDate", "Mon Oct 17 2011 10:31:26 GMT+0200");
Zeile gelöscht : user_pref("CT2269050.WeatherUnit", "C");
Zeile gelöscht : user_pref("CT2269050.alertChannelId", "666138");
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b+7e+x305", "247E27413334363379453A3D2A722C797A7E7A3128333B4D474549484C5952594B335E5356432C45333438334A414C546660576364676F6A5E4B766B6E5B445D4B4C504A6259646C787A2[...]
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b+7e,x305", "247E28412F3F3E3779453A3D2A722C797B787D3128333C4748402C574C4F3C253E2C2E2B2F433A454E59505B57676A66426D62455E69543D56444643465B525D66716C216E6B587D73675[...]
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b+7e-x305", "247E2936303C363679453A3D2A722C797A207B3128333D462B554A4D4B4749594D33535D4F432C45333439344A414C565B5E6C656E706C7164736D4D786D705D465F4D4E534D645B66705[...]
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b+7e.:2z527", "247E716B7374443A384336423C3C204A4A2F77317B232225362D382A5A4C4B59564D345E5E432C45303638354A414C3B5B6F665E6E62626E68684C76765B445D484E505162596426562[...]
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b+7e.x305", "247E2A4137374434337A463B3E2B732D7A7D7C213229343F564654524C474A595A4851505E51523964595C49324B393C3B3E5047525D6C6A6B6F786D68506A6F7171742256227679664F6[...]
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b+7e/x305", "247E2B413536327844393C29712B787C7B773027323E4C4343534E2D585B3C253E2C302E34433A45515862695E675A416C6164513A5341454348584F5A666D7B7C7174726E702174745B2[...]
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b+7e06cg5el8:", "6E6D706A6B716F6F7774");
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b+7e06cg5el;8i:k", "247E2D2F226A74737670717775757D7A242F4B49474F42357D5D5C3D");
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b+7e0x305", "247E2C403A407743383B28702A777C757D2F26313E41295547484D515A4E5A59325D5255422B443237303749404B585E685E706E6E6674626E696B4D786D705D465F4D524B51645B66732[...]
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b+7e1x305", "247E2D41313D403279453A3D2A722C7A77797E31283341473E454745482F5A4F523F2841302D2F33463D48566265685C6B675F6D70604873686B58415A4946484B5F56616F7C217D74747[...]
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b+7e2x305", "247E2E3542313D3D393A7B473C3F2C742E79207D3229344356554E472E594E51325E4F412A4335373231483F4A59655F5F626C5B717369756975744D786D70517E6B60496252505451675[...]
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b+7e31;cj7;chgjd$nn", "247E61393F236B25717277732A212C6E414F444D327A3443474F54535650305A5A3F364124615651595457514A334C2B2B4F465134717462563F584A4A5B525D406C6D76624[...]
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b+7e31;cj7fk;kg#ncep@mc+vkn", "247E61393F236B25737471712A212C6E414F444D327A344352574757532F5A4F515C4C594F3762575A473E492C58545E6A4F38513C534A553864656E5A435C4B5E5[...]
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b+7e3x305", "247E2F413F3B36333F47463F7D493E412E76307E222421352C37474B59574B4A4858584E5E3762573A535E49324B3A3D3F3B504752626C625D75786D766A7C517C7174614A63525557526[...]
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b+7e4x305", "247E302C407642373A276F29777B74762E2530413E4F494A522B55553A233C2B2F282941384354515E5D56615F56685C426D6265523B544346494A59505B6C697A7E21702370765925797[...]
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b+7e5x305", "247E3136422B7743383B28702A79757A772F2631434B3D49564A50592E594E314A55402942322E332F473E495B5D595A6A5E58707262674974696C59425B4B474B51605762747C2473737[...]
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b+7e6x305", "247E322C3E32323238453E7C483D402D752F7E7B2424342B364953545259585A5A50524E36615659462F4838353D3C4D444F626C6D6B72716A77614D786D705D465F4F4C5451645B66797[...]
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b+7e7x305", "247E333D2C3F3E3F79453A3D2A722C7B7A797A312833474745544646494D50315C5154412A4333323131483F4A5E5E5C5B68706E726762676264756B6C6A6A517C7174614A63535251506[...]
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b+7e8x305", "247E343D3F3B35373B3F367C47472C742E7E782332293449565540472E594E513E274030323533453C475C5558636A656E625E6C616B7068734B766B6E5B445D4D4F524F6259647927252[...]
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b+7e9x305", "247E35332C3F327844393C29712B7B757979302732484C4F4F44504C4754585C5048345F5457442D46373135344B424D636B5D5F5F73696B4A756A6D5A435C4D474B4961586379226F742[...]
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b+7e:x305", "247E36333B38327844393C29712B7B76797A30273249485545442C574C4F3C253E2F2A2D2D433A455C67555B5E3F6A5F624F3851423D403F564D586F7A68786C717154207477644D66575[...]
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b+7e;x305", "247E373F333F3738422F7B473C3F2C742E7E7A7A22332A354D462C574C4F3C253E2F2B2B31433A455D6356575C5C5A416C6164513A5344404045584F5A7273717A786D2256227679664F6[...]
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b+7e<x305", "247E38343030442F463644377D493E412E7630217D2426352C37502E4F4747315C5154412A4334313738483F4A635F5A6A645E625A4772676A5740594A474D4D5E55607971246E7778257[...]
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b+7e=x305", "247E3933363F41413739357C483D402D752F207E2022342B36505459574C554F515B345F5457442D46373637384B424D676B706E606F61666B63664D786D705D465F504F5050645B66212[...]
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b+7e>x305", "247E3A41363F323238387B473C3F2C742E7E20217C332A35504F5346482F5A4F523F28413233342F463D48635C5D66626A436E6366533C55464748425A515C77707773202371215925797[...]
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b+7e?x305", "247E3B2D2F2F334134403A3A7D494C2D752F2023207E342B3652504C5249555256525C35605558452E47383B38364C434E6A706F5F65635D736F677578684C65706B54207477644D66575[...]
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b+7e@x305", "247E3C40422B7743383B28702A7B767E782F26314E52543D2A554A2D46513C253E302B332C433A45626756516259655F5F436E63465F6A553E5749444C445C535E7B21747C7821745A267[...]
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b+7eax305", "247E3D3D37387743383B28702A7B7A757E2F26314F4F544A52404548564F58315C5154412A4335342F37483F4A68646B645D5E626462616D6971726B6C786A517C7174614A6355544F566[...]
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b+7ebe3g=;d9n9=d", "372C2D326975762E3A3C7B3A39434A494841434B265146492965504656496571734D334B57");
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b+7ebx305", "247E3E393141303D33454036327E4A3F422F77317B7D23352C37565949484E4F51525C4E4C55535B54605A5A3E695E614E37503B3D41544B567575656D7367796D6D7C55217578654E675[...]
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b+7ecx305", "247E3F3D303043312E7A463B3E2B732D7B207E3128335351565551575A4F584C5E335E5356432C4534383649404B6B59566C686B46716669563F58474B485C535E7E6C6956227679664F6[...]
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b+7edx305", "247E4035422A363879453A3D2A722C7D202F26315247543C484A2C574C2F48533E27403233433A45665B68505C5E406B6E4F38514343544B56776C79616D6F517C71547873634C6557566[...]
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b+7etx305", "247E6E2F2E3B323342357B44392B732D7A7B7B7C322934215642542D584D503D263F2D2E2E2E443B4635645E6669595C6062686F5C7363716F696467764F7A6F725F48614F50504F665D6[...]
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b-0?3g>d", "6B676A6F416F6C747A71437545207D49204F25517C20522A7E2228272B2A25262C2A2D30");
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b-0?3g@6:5;", "");
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b-0?3gfa7ef", "2B2E2C3D");
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b-3=3eccja=f>", "247E333D2C452F4135276F297B7E7D21202F26313E4249357D37382F3A494D5D513F283338435D6554695B65546D57695D5D686365533C70766C66755E");
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b/>01=9a6k6<im;krie@pdawm", "6E6A68707374757677");
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b3=>@44i48?", "372C2D326975763342363341484777213F3E484F4E4D4648502B564B4E2E5959595F4C564F3764535750");
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b5ba==9cjag", "673C3C6E417142767A727872457C7A4C4D7E222120");
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b6b11g4c56b>f;p;anr@p", "6E6D706A6B716F706F6F74717B");
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b9643g3/9e", "6A");
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b<:222h64<", "393F352F3E");
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b=+03eh8h8j?:", "4443");
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b?+e2a52d8", "372C2D326975762E3A3C7B3A39434A494841434B2651464929655046566470727951555E5E52");
Zeile gelöscht : user_pref("CT2269050.backendstorage./9b?b0d:8aj62<h", "6D");
Zeile gelöscht : user_pref("CT2269050.backendstorage./9ba@0<0bi6a7gn:6@l?", "6E6B");
Zeile gelöscht : user_pref("CT2269050.globalFirstTimeInfoLastCheckTime", "Mon Oct 17 2011 09:31:23 GMT+0200");
Zeile gelöscht : user_pref("CT2269050.homepageProtectorEnableByLogin", true);
Zeile gelöscht : user_pref("CT2269050.initDone", true);
Zeile gelöscht : user_pref("CT2269050.isAppTrackingManagerOn", true);
Zeile gelöscht : user_pref("CT2269050.isFirstRadioInstallation", false);
Zeile gelöscht : user_pref("CT2269050.myStuffEnabled", true);
Zeile gelöscht : user_pref("CT2269050.myStuffPublihserMinWidth", 400);
Zeile gelöscht : user_pref("CT2269050.myStuffServiceIntervalMM", 1440);
Zeile gelöscht : user_pref("CT2269050.revertSettingsEnabled", true);
Zeile gelöscht : user_pref("CT2269050.searchProtectorDialogDelayInSec", 10);
Zeile gelöscht : user_pref("CT2269050.searchProtectorEnableByLogin", true);
Zeile gelöscht : user_pref("CT2269050.testingCtid", "");
Zeile gelöscht : user_pref("CT2269050.toolbarAppMetaDataLastCheckTime", "Mon Oct 17 2011 09:31:23 GMT+0200");
Zeile gelöscht : user_pref("CT2269050.toolbarContextMenuLastCheckTime", "Mon Oct 17 2011 09:31:24 GMT+0200");
Zeile gelöscht : user_pref("CT2269050.usagesFlag", 2);
Zeile gelöscht : user_pref("CT2801937..clientLogIsEnabled", true);
Zeile gelöscht : user_pref("CT2801937.CTID", "CT2801937");
Zeile gelöscht : user_pref("CT2801937.CurrentServerDate", "29-4-2011");
Zeile gelöscht : user_pref("CT2801937.DialogsAlignMode", "LTR");
Zeile gelöscht : user_pref("CT2801937.DialogsGetterLastCheckTime", "Wed Mar 30 2011 08:50:18 GMT+0200");
Zeile gelöscht : user_pref("CT2801937.DownloadReferralCookieData", "");
Zeile gelöscht : user_pref("CT2801937.EMailNotifierPollDate", "Fri Apr 29 2011 20:37:10 GMT+0200");
Zeile gelöscht : user_pref("CT2801937.FirstServerDate", "30-3-2011");
Zeile gelöscht : user_pref("CT2801937.FirstTime", true);
Zeile gelöscht : user_pref("CT2801937.FirstTimeFF3", true);
Zeile gelöscht : user_pref("CT2801937.FixPageNotFoundErrors", true);
Zeile gelöscht : user_pref("CT2801937.GroupingServerCheckInterval", 1440);
Zeile gelöscht : user_pref("CT2801937.HasUserGlobalKeys", true);
Zeile gelöscht : user_pref("CT2801937.Initialize", true);
Zeile gelöscht : user_pref("CT2801937.InitializeCommonPrefs", true);
Zeile gelöscht : user_pref("CT2801937.InstallationAndCookieDataSentCount", 3);
Zeile gelöscht : user_pref("CT2801937.InstallationType", "UnknownIntegration");
Zeile gelöscht : user_pref("CT2801937.InstalledDate", "Wed Mar 30 2011 08:50:18 GMT+0200");
Zeile gelöscht : user_pref("CT2801937.InvalidateCache", false);
Zeile gelöscht : user_pref("CT2801937.IsGrouping", false);
Zeile gelöscht : user_pref("CT2801937.IsMulticommunity", false);
Zeile gelöscht : user_pref("CT2801937.IsOpenThankYouPage", true);
Zeile gelöscht : user_pref("CT2801937.IsOpenUninstallPage", true);
Zeile gelöscht : user_pref("CT2801937.LanguagePackLastCheckTime", "Fri Apr 29 2011 20:37:11 GMT+0200");
Zeile gelöscht : user_pref("CT2801937.LanguagePackReloadIntervalMM", 1440);
Zeile gelöscht : user_pref("CT2801937.LastLogin_3.3.3.2", "Fri Apr 29 2011 20:37:12 GMT+0200");
Zeile gelöscht : user_pref("CT2801937.LatestVersion", "3.2.5.2");
Zeile gelöscht : user_pref("CT2801937.Locale", "de");
Zeile gelöscht : user_pref("CT2801937.MCDetectTooltipHeight", "83");
Zeile gelöscht : user_pref("CT2801937.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Zeile gelöscht : user_pref("CT2801937.MCDetectTooltipWidth", "295");
Zeile gelöscht : user_pref("CT2801937.RadioIsPodcast", false);
Zeile gelöscht : user_pref("CT2801937.RadioLastCheckTime", "Fri Apr 29 2011 20:37:10 GMT+0200");
Zeile gelöscht : user_pref("CT2801937.RadioLastUpdateIPServer", "3");
Zeile gelöscht : user_pref("CT2801937.RadioLastUpdateServer", "129343918668070000");
Zeile gelöscht : user_pref("CT2801937.RadioMediaID", "21560175");
Zeile gelöscht : user_pref("CT2801937.RadioMediaType", "Media Player");
Zeile gelöscht : user_pref("CT2801937.RadioMenuSelectedID", "EBRadioMenu_CT280193721560175");
Zeile gelöscht : user_pref("CT2801937.RadioStationName", "GermanyFM%20Info");
Zeile gelöscht : user_pref("CT2801937.RadioStationURL", "hxxp://www.1000mikes.com/audio/1000mikes.m3u?channelId=6680");
Zeile gelöscht : user_pref("CT2801937.SavedHomepage", "hxxp://www.spiegel.de/");
Zeile gelöscht : user_pref("CT2801937.SearchFromAddressBarIsInit", true);
Zeile gelöscht : user_pref("CT2801937.SearchInNewTabEnabled", true);
Zeile gelöscht : user_pref("CT2801937.SearchInNewTabIntervalMM", 1440);
Zeile gelöscht : user_pref("CT2801937.SearchInNewTabLastCheckTime", "Fri Apr 29 2011 20:37:10 GMT+0200");
Zeile gelöscht : user_pref("CT2801937.SearchInNewTabUserEnabled", false);
Zeile gelöscht : user_pref("CT2801937.ServiceMapLastCheckTime", "Fri Apr 29 2011 20:37:10 GMT+0200");
Zeile gelöscht : user_pref("CT2801937.SettingsLastCheckTime", "Fri Apr 29 2011 20:37:09 GMT+0200");
Zeile gelöscht : user_pref("CT2801937.SettingsLastUpdate", "1301829146");
Zeile gelöscht : user_pref("CT2801937.ThirdPartyComponentsInterval", 504);
Zeile gelöscht : user_pref("CT2801937.ThirdPartyComponentsLastCheck", "Fri Apr 29 2011 20:37:09 GMT+0200");
Zeile gelöscht : user_pref("CT2801937.ThirdPartyComponentsLastUpdate", "1255348257");
Zeile gelöscht : user_pref("CT2801937.Uninstall", true);
Zeile gelöscht : user_pref("CT2801937.UserID", "UN19771343039345823");
Zeile gelöscht : user_pref("CT2801937.alertChannelId", "1194019");
Zeile gelöscht : user_pref("CT2801937.globalFirstTimeInfoLastCheckTime", "Fri Apr 29 2011 20:37:11 GMT+0200");
Zeile gelöscht : user_pref("CT2801937.isAppTrackingManagerOn", true);
Zeile gelöscht : user_pref("CT2801937.myStuffEnabled", true);
Zeile gelöscht : user_pref("CT2801937.myStuffPublihserMinWidth", 400);
Zeile gelöscht : user_pref("CT2801937.myStuffServiceIntervalMM", 1440);
Zeile gelöscht : user_pref("CT2801937.oldAppsList", "129306877456538355,129306877457319611,129306877459819678,129306877459975929,129306877474350280,129306877468568933,1000082,3417309205081578780,129343848530919600,100[...]
Zeile gelöscht : user_pref("CT2801937.testingCtid", "");
Zeile gelöscht : user_pref("CT2801937.toolbarAppMetaDataLastCheckTime", "Fri Apr 29 2011 20:37:11 GMT+0200");
Zeile gelöscht : user_pref("CT2801937.toolbarContextMenuLastCheckTime", "Wed Mar 30 2011 08:50:19 GMT+0200");
Zeile gelöscht : user_pref("CommunityToolbar.EngineOwner", "CT2801937");
Zeile gelöscht : user_pref("CommunityToolbar.EngineOwnerGuid", "{b106b661-3e1b-4015-af5c-195e909f35c6}");
Zeile gelöscht : user_pref("CommunityToolbar.EngineOwnerToolbarId", "nch_de");
Zeile gelöscht : user_pref("CommunityToolbar.IsEngineShown", true);
Zeile gelöscht : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Zeile gelöscht : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.7.0.6");
Zeile gelöscht : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://pgcff.pricegong.com/agreement/agree.html#pg_ext_msg_key_ffcd7baf", "356x332");
Zeile gelöscht : user_pref("CommunityToolbar.OriginalEngineOwner", "");
Zeile gelöscht : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "");
Zeile gelöscht : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "");
Zeile gelöscht : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");
Zeile gelöscht : user_pref("CommunityToolbar.ToolbarsList", "CT2801937,CT2269050");
Zeile gelöscht : user_pref("CommunityToolbar.ToolbarsList2", "CT2801937,CT2269050");
Zeile gelöscht : user_pref("CommunityToolbar.ToolbarsList4", "CT2269050");
Zeile gelöscht : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Thu Apr 21 2011 16:28:04 GMT+0200");
Zeile gelöscht : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Zeile gelöscht : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Fri Apr 29 2011 09:13:39 GMT+0200");
Zeile gelöscht : user_pref("CommunityToolbar.alert.locale", "en");
Zeile gelöscht : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Zeile gelöscht : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Fri Apr 29 2011 09:13:31 GMT+0200");
Zeile gelöscht : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1303303927");
Zeile gelöscht : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Zeile gelöscht : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Zeile gelöscht : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Zeile gelöscht : user_pref("CommunityToolbar.alert.userId", "489286fb-3612-451b-9199-21f32bff4ba5");
Zeile gelöscht : user_pref("CommunityToolbar.globalUserId", "b19c932e-784c-4f1f-a386-bedfd8001cfa");
Zeile gelöscht : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Zeile gelöscht : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Zeile gelöscht : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Mon Oct 17 2011 09:31:24 GMT+0200");
Zeile gelöscht : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Zeile gelöscht : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Mon Oct 17 2011 10:31:32 GMT+0200");
Zeile gelöscht : user_pref("CommunityToolbar.notifications.locale", "en");
Zeile gelöscht : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Zeile gelöscht : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Mon Oct 17 2011 09:31:21 GMT+0200");
Zeile gelöscht : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Zeile gelöscht : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Zeile gelöscht : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Zeile gelöscht : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Zeile gelöscht : user_pref("CommunityToolbar.notifications.userId", "6d52a477-c5e3-4ce4-bf18-c9a1c4925fa5");
Zeile gelöscht : user_pref("CommunityToolbar.originalHomepage", "hxxp://www.spiegel.de/|hxxps://www.facebook.com/|hxxp://www.zeit.de/index|hxxp://www.faz.net/s/homepage.html|hxxp://www.psasquashtv.com/page/Home/");
Zeile gelöscht : user_pref("CommunityToolbar.originalSearchEngine", "chrome://browser-region/locale/region.properties");
Zeile gelöscht : user_pref("browser.search.defaultthis.engineName", "DVDVideoSoftTB Customized Web Search");
-\\ Google Chrome v
[ Datei : C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Gelöscht [Extension] : bopakagnckmlgajfccecajhnimjiiedh
*************************
AdwCleaner[R0].txt - [34797 octets] - [25/09/2014 10:38:27]
AdwCleaner[S0].txt - [33367 octets] - [25/09/2014 10:43:08]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [33428 octets] ##########
[/CODE] 3. JRT: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.2.0 (09.22.2014:1)
OS: Windows 7 Professional x86
Ran by User1 on 25.09.2014 at 10:51:21,05
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\GTaskMMC_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\GTaskMMC_RASMANCS
~~~ Files
Successfully deleted: [File] "C:\Users\User1\appdata\locallow\microsoft\silverlight\outofbrowser\index\portal.qtrax.com"
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
Successfully deleted: [Folder] "C:\Users\User1\AppData\Roaming\getrighttogo"
Successfully deleted: [Folder] "C:\Users\User1\music\qtrax media library"
~~~ FireFox
Successfully deleted: [Folder] C:\Users\User1\AppData\Roaming\mozilla\firefox\profiles\9we27dqw.default\extensions\staged
Emptied folder: C:\Users\User1\AppData\Roaming\mozilla\firefox\profiles\9we27dqw.default\minidumps [58 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 25.09.2014 at 10:53:18,09
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
a) FRST.txt FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-09-2014
Ran by User1 (administrator) on ZEEH-HP on 25-09-2014 10:56:50
Running from C:\Users\User1\Desktop
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(ALWIL Software) C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
(ALWIL Software) C:\Program Files\Alwil Software\Avast4\aswServ.exe
() C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ALWIL Software) C:\Program Files\Alwil Software\Avast4\AvAgent.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
() C:\Program Files\GNU\GnuPG\dirmngr.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(PDF Complete Inc) C:\Program Files\PDF Complete\pdfsvc.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version6\TeamViewer.exe
(ALWIL Software) C:\Program Files\Alwil Software\Avast4\aswDisp.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe
() C:\Program Files\AirVideoServer\AirVideoServer.exe
(1&1 Mail & Media GmbH) C:\Program Files\WEB.DE\WEB.DE SmartDrive Manager\DAVSRV.EXE
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudDrive.exe
(Ruiware LLC) C:\Program Files\Ruiware\WinPatrol\WinPatrol.exe
(Audible, Inc.) C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe
(ReNoStar GmbH) C:\Renostar\ziuboost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Dropbox, Inc.) C:\Users\User1\AppData\Roaming\Dropbox\bin\Dropbox.exe
(ReNoStar GmbH) C:\Renostar\ziuserv.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
() C:\Program Files\Printer Pro Desktop\PrinterProDesktop.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Users\User1\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [avast!] => C:\Program Files\Alwil Software\Avast4\aswDisp.exe [81000 2010-02-18] (ALWIL Software)
HKLM\...\Run: [AppleSyncNotifier] => C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-10-06] (Apple Inc.)
HKLM\...\Run: [ApplyEsf-eDocPrintPro] => C:\Program Files\Common Files\MAYComputer\eDocPrintPro\\ApplyEsf.exe [315392 2009-05-19] (May Software)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM\...\Run: [LexwareInfoService] => C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe [339312 2010-09-15] (Haufe-Lexware GmbH & Co. KG)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKLM\...\Run: [Adobe Photo Downloader] => C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe [57344 2005-09-09] (Adobe Systems Incorporated)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-08-19] (Hewlett-Packard)
HKLM\...\Policies\Explorer: [NoWelcomeScreen] 1
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 0
HKLM\...\Policies\Explorer: [HideSCAHealth] 0
HKU\S-1-5-21-1903734357-4184266498-2229017531-1000\...\Run: [AirVideoServer] => C:\Program Files\AirVideoServer\AirVideoServer.exe [4923784 2010-09-22] ()
HKU\S-1-5-21-1903734357-4184266498-2229017531-1000\...\Run: [WEB.DE_WEB.DE SmartDrive Manager] => C:\Program Files\WEB.DE\WEB.DE SmartDrive Manager\DAVSRV.EXE [1259624 2011-11-21] (1&1 Mail & Media GmbH)
HKU\S-1-5-21-1903734357-4184266498-2229017531-1000\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-08-08] (Apple Inc.)
HKU\S-1-5-21-1903734357-4184266498-2229017531-1000\...\Run: [ApplePhotoStreams] => C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-08-14] (Apple Inc.)
HKU\S-1-5-21-1903734357-4184266498-2229017531-1000\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [22734160 2014-08-08] (Google)
HKU\S-1-5-21-1903734357-4184266498-2229017531-1000\...\Run: [iCloudDrive] => C:\Program Files\Common Files\Apple\Internet Services\iCloudDrive.exe [43816 2014-08-15] (Apple Inc.)
HKU\S-1-5-21-1903734357-4184266498-2229017531-1000\...\Run: [WinPatrol] => C:\Program Files\Ruiware\WinPatrol\winpatrol.exe [1154112 2014-07-21] (Ruiware LLC)
HKU\S-1-5-21-1903734357-4184266498-2229017531-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-1903734357-4184266498-2229017531-1000\...\Policies\Explorer: [TaskbarNoNotification] 0
HKU\S-1-5-21-1903734357-4184266498-2229017531-1005\...\Run: [HPADVISOR] => C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat - Schnellstart.lnk
ShortcutTarget: Adobe Acrobat - Schnellstart.lnk -> C:\Windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
ShortcutTarget: Adobe Reader Synchronizer.lnk -> C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Audible Download Manager.lnk
ShortcutTarget: Audible Download Manager.lnk -> C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe (Audible, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RenoBoost.lnk
ShortcutTarget: RenoBoost.lnk -> C:\Renostar\ziuboost.exe (ReNoStar GmbH)
Startup: C:\Users\User1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\User1\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: 01Mediencenter_InSync -> {77BC4082-DB5F-439A-8DC8-F9E24A63B0DE} => C:\Users\User1\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll (Deutsche Telekom AG)
ShellIconOverlayIdentifiers: 02Mediencenter_ToSync -> {528EE335-5034-4EFC-834E-63E5F02D2BC2} => C:\Users\User1\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll (Deutsche Telekom AG)
ShellIconOverlayIdentifiers: 03Mediencenter_Failed -> {6066ADF0-9EB0-43E5-ADB6-990F5A3B979C} => C:\Users\User1\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll (Deutsche Telekom AG)
ShellIconOverlayIdentifiers: GDriveBlacklistedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedEditOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedViewOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncingOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: NTFSLink_Hardlink -> {0314E3A0-45DB-4D75-BB86-27B8EF28907B} => C:\Program Files\NTFS Link\ntfslink.dll (Michael Elsdoerfer)
ShellIconOverlayIdentifiers: NTFSLink_Junction -> {61702EF5-1B33-487F-995F-6FA23F1D6652} => C:\Program Files\NTFS Link\ntfslink.dll (Michael Elsdoerfer)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKCU - {959BE5A4-EE6C-421B-BCF4-D90E4D8F869C} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO: Free Download Manager -> {CC59E0F9-7E43-44FA-9FAA-8377850BF205} -> C:\Program Files\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.253
Tcpip\..\Interfaces\{9070C6BC-FDE8-47DC-990D-F527F074EC3D}: [NameServer] 192.168.0.250
FireFox:
========
FF ProfilePath: C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\9we27dqw.default
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.spiegel.de/|hxxp://www.rollingstone.de/|hxxp://www.zeit.de/index|https://secure-squashtv.premiumtv.co.uk/page/secure/BuyNow/?schemeAndHost=http%3A%2F%2Fwww.psasquashtv.com|https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=11&ct=1335336225&rver=6.1.6206.0&wp=MBI_SSL_SHARED&wreply=https:%2F%2Fskydrive.live.com%2F%3Flc%3D1031&lc=1031&id=250206&mkt=de-DE&cbcxt=sky
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.21.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll No File
FF Plugin: @java.com/JavaPlugin,version=10.21.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\User1\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\User1\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\User1\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\User1\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\User1\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\User1\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Разпознаване на устройство Logitech - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\9we27dqw.default\Extensions\DeviceDetection@logitech.com [2011-10-19]
FF Extension: Free Download Manager plugin - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\9we27dqw.default\Extensions\fdm_ffext@freedownloadmanager.org [2012-12-13]
FF Extension: Xmarks - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\9we27dqw.default\Extensions\foxmarks@kei.com [2014-09-22]
FF Extension: KeeFox - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\9we27dqw.default\Extensions\keefox@chris.tomlinson [2014-09-22]
FF Extension: facebookvideo - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\9we27dqw.default\Extensions\{43c35458-c907-439b-bcfd-07d373834689} [2010-06-25]
FF Extension: FT SleekDark - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\9we27dqw.default\Extensions\{a21cd440-41d6-11e0-9207-0800200c9a66} [2012-05-09]
FF Extension: Aviary - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\9we27dqw.default\Extensions\{d5eeb813-935a-435d-b01e-b3a02f2cb408} [2011-12-17]
FF Extension: Embedded Objects - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\9we27dqw.default\Extensions\firefox@red-cog.com.xpi [2012-01-24]
FF Extension: Facebook Privacy Watcher - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\9we27dqw.default\Extensions\fpw@informatik.tu-darmstadt.de.xpi [2012-11-09]
FF Extension: MozRepl - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\9we27dqw.default\Extensions\mozrepl@hyperstruct.net.xpi [2011-07-26]
FF Extension: MyPermissions Cleaner - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\9we27dqw.default\Extensions\{6140bbfd-aa20-11e1-aba7-109add603214}.xpi [2014-01-10]
FF Extension: StumbleUpon - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\9we27dqw.default\Extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}.xpi [2011-10-26]
FF Extension: Menu Editor - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\9we27dqw.default\Extensions\{EDA7B1D7-F793-4e03-B074-E6F303317FB0}.xpi [2011-03-14]
FF Extension: Hotspot Shield Extension - C:\Program Files\Mozilla Firefox\browser\extensions\afproxy@anchorfree.com [2014-09-24]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]
FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
Chrome:
=======
CHR HomePage: Default -> hxxp://www.spiegel.de/
CHR StartupUrls: Default -> "hxxp://www.spiegel.de/", "hxxp://www.zeit.de/index", "https://startpage.com/deu/"
CHR DefaultSearchKeyword: Default -> 322926C86E96565B5B186D0D93824BA7109A5AB72F38EEFF449414F716A6F639
CHR DefaultSearchURL: Default -> 431FA44896D609C9D05DAD0EBC81671B01516EE64A9157C9D94B71F353B0BCD8
CHR Plugin: (Chrome PDF Viewer) - C:\Users\User1\AppData\Local\Google\Chrome\Application\38.0.2125.66\pdf.dll ()
CHR Plugin: (Google Gears 0.5.33.0) - C:\Users\User1\AppData\Local\Google\Chrome\Application\38.0.2125.66\gears.dll No File
CHR Plugin: (Shockwave Flash) - C:\Users\User1\AppData\Local\Google\Chrome\Application\38.0.2125.66\gcswf32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.210.7) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U21) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (ClickPotatoLite Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\npclntax_ClickPotatoLiteSA.dll No File
CHR Plugin: (Microsoft Office 2003) - C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll No File
CHR Plugin: (VLC Multimedia Plug-in) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR CustomProfile: C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-07]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-21]
CHR Extension: (YouTube) - C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-01]
CHR Extension: (Google-Suche) - C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-01]
CHR Extension: (Google Wallet) - C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-07]
CHR Extension: (Evernote Web Clipper) - C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2010-09-30]
CHR Extension: (Google Mail) - C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-01]
CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\THOMAS~1\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-05-03]
CHR StartMenuInternet: Google Chrome - C:\Users\User1\AppData\Local\Google\Chrome\Application\chrome.exe
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeActiveFileMonitor4.0; C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe [102400 2005-09-09] () [File not signed]
R2 aswUpdSv; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [18752 2010-02-18] (ALWIL Software)
R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast4\aswServ.exe [138680 2010-02-18] (ALWIL Software)
S3 avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\aswMaiSv.exe [254040 2010-02-18] (ALWIL Software)
R2 avast! NetAgent; C:\Program Files\Alwil Software\Avast4\AvAgent.exe [52160 2010-02-18] (ALWIL Software)
S3 avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\aswWebSv.exe [352920 2010-02-18] (ALWIL Software)
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S3 CGVPNCliSrvc; C:\Program Files\CyberGhost VPN\CGVPNCliService.exe [2430128 2011-12-06] (mobile concepts GmbH)
R2 DirMngr; C:\Program Files\GNU\GnuPG\dirmngr.exe [218112 2013-07-16] () [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2013-01-09] (Macrovision Europe Ltd.) [File not signed]
R2 HP Health Check Service; C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [121344 2010-05-20] (Hewlett-Packard) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)
R2 pdfcDispatcher; C:\Program Files\PDF Complete\pdfsvc.exe [635416 2009-06-18] (PDF Complete Inc)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 AR5211; C:\Windows\System32\DRIVERS\ar5211.sys [549184 2007-10-26] (Atheros Communications, Inc.)
R2 aswFsBlk; C:\Windows\System32\DRIVERS\aswFsBlk.sys [20560 2010-02-18] (ALWIL Software)
R2 aswMonFlt; C:\Windows\System32\DRIVERS\aswMonFlt.sys [53328 2010-02-18] (ALWIL Software)
R1 aswRdr; C:\Windows\system32\Drivers\aswRdr.sys [23120 2010-02-18] (ALWIL Software)
R1 aswSP; C:\Windows\system32\Drivers\aswSP.sys [114768 2010-02-18] (ALWIL Software)
R1 aswTdi; C:\Windows\system32\Drivers\aswTdi.sys [48624 2010-02-18] (ALWIL Software)
S3 athr; C:\Windows\System32\DRIVERS\athr.sys [1269760 2010-05-19] (Atheros Communications, Inc.) [File not signed]
R3 athur; C:\Windows\System32\DRIVERS\athur.sys [1500160 2010-04-20] (Atheros Communications, Inc.)
R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [39624 2014-05-17] (AnchorFree Inc.)
S3 LVUSBSta; C:\Windows\System32\drivers\LVUSBSta.sys [41752 2008-07-26] (Logitech Inc.)
S3 MOBIOLA_Wave; C:\Windows\System32\drivers\mobiolawave.sys [25024 2010-05-14] (SHAPE Services)
S3 pepifilter; C:\Windows\System32\DRIVERS\lv302af.sys [13848 2008-07-26] (Logitech Inc.)
S3 PID_PEPI; C:\Windows\System32\DRIVERS\LV302V32.SYS [2570520 2008-07-26] (Logitech Inc.)
R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [20640 2010-09-28] (Sonic Solutions) [File not signed]
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [26112 2010-11-23] (The OpenVPN Project)
S3 taphss; C:\Windows\System32\DRIVERS\taphss.sys [32768 2010-09-21] (AnchorFree Inc)
R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [37064 2014-05-17] (Anchorfree Inc.)
R2 tifsfilter; C:\Windows\System32\DRIVERS\tifsfilt.sys [44384 2012-03-06] (Acronis)
R1 uiwbrdr; C:\Windows\System32\DRIVERS\uiwbrdr.sys [144896 2011-11-21] (1&1 Mail & Media GmbH) [File not signed]
R3 WsAudioDevice_383; C:\Windows\System32\drivers\WsAudioDevice_383.sys [16640 2008-11-19] (Wondershare) [File not signed]
S3 catchme; \??\C:\Users\THOMAS~1\AppData\Local\Temp\catchme.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-25 10:53 - 2014-09-25 10:55 - 00001433 _____ () C:\Users\User1\Desktop\JRT.txt
2014-09-25 10:51 - 2014-09-25 10:51 - 00000000 ____D () C:\Windows\ERUNT
2014-09-25 10:50 - 2014-09-25 10:50 - 01024790 _____ (Thisisu) C:\Users\User1\Desktop\JRT.exe
2014-09-25 10:48 - 2014-09-25 10:48 - 00033390 _____ () C:\Users\User1\Desktop\AdwCleaner[S0].txt
2014-09-25 10:45 - 2014-09-25 10:45 - 00000022 _____ () C:\Windows\S.dirmngr
2014-09-25 10:38 - 2014-09-25 10:43 - 00000000 ____D () C:\AdwCleaner
2014-09-25 10:33 - 2014-09-25 10:35 - 00010138 _____ () C:\Users\User1\Desktop\Malware_25_09_2014.txt
2014-09-25 10:19 - 2014-09-25 10:19 - 01373475 _____ () C:\Users\User1\Desktop\AdwCleaner_3.310.exe
2014-09-24 18:10 - 2014-05-17 04:33 - 00039624 _____ (AnchorFree Inc.) C:\Windows\system32\Drivers\hssdrv6.sys
2014-09-24 18:07 - 2014-09-24 18:07 - 00001006 _____ () C:\Users\Public\Desktop\Hotspot Shield.lnk
2014-09-24 17:42 - 2014-09-24 17:42 - 00000000 ____D () C:\Users\User1\AppData\Roaming\WinPatrol
2014-09-24 17:41 - 2014-09-24 17:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
2014-09-24 17:41 - 2014-09-24 17:41 - 00000000 ____D () C:\ProgramData\InstallMate
2014-09-24 17:41 - 2014-09-24 17:41 - 00000000 ____D () C:\Program Files\Ruiware
2014-09-24 17:36 - 2014-09-24 17:36 - 01156136 _____ (Ruiware) C:\Users\User1\Desktop\wpsetup.exe
2014-09-24 15:12 - 2014-09-24 15:12 - 00036320 _____ () C:\ComboFix.txt
2014-09-24 14:42 - 2014-09-24 15:12 - 00000000 ____D () C:\Qoobox
2014-09-24 14:42 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-09-24 14:42 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-09-24 14:42 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-09-24 14:42 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-09-24 14:42 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-09-24 14:42 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-09-24 14:42 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-09-24 14:42 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-09-24 14:41 - 2014-09-24 15:10 - 00000000 ____D () C:\Windows\erdnt
2014-09-24 14:38 - 2014-09-24 14:38 - 05579290 ____R (Swearware) C:\Users\User1\Desktop\ComboFix.exe
2014-09-24 09:50 - 2014-09-24 09:50 - 00006570 _____ () C:\Users\User1\Desktop\GMER_24_09_2014.log
2014-09-24 08:59 - 2014-09-24 08:59 - 00380416 _____ () C:\Users\User1\Desktop\Gmer-19357.exe
2014-09-24 08:42 - 2014-09-25 10:57 - 00027187 _____ () C:\Users\User1\Desktop\FRST.txt
2014-09-24 08:42 - 2014-09-25 10:56 - 00000000 ____D () C:\FRST
2014-09-24 08:41 - 2014-09-24 08:41 - 01098240 _____ (Farbar) C:\Users\User1\Desktop\FRST.exe
2014-09-24 08:40 - 2014-09-24 08:40 - 00000000 _____ () C:\Users\User1\defogger_reenable
2014-09-24 08:39 - 2014-09-24 08:39 - 00050477 _____ () C:\Users\User1\Desktop\Defogger.exe
2014-09-24 08:27 - 2014-09-09 23:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-23 17:57 - 2014-09-23 18:52 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-09-23 17:56 - 2014-09-23 18:52 - 00000000 ____D () C:\Users\User1\Desktop\mbar
2014-09-23 17:14 - 2014-09-25 10:46 - 00000000 ___RD () C:\Users\User1\iCloudDrive
2014-09-23 17:12 - 2014-09-25 10:31 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-23 17:11 - 2014-09-23 17:56 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-23 17:11 - 2014-09-23 17:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-09-23 17:11 - 2014-09-23 17:11 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware
2014-09-23 17:11 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-23 17:00 - 2014-09-23 17:00 - 00000000 ____D () C:\Users\User1\AppData\Local\Apple Inc
2014-09-23 15:05 - 2014-09-23 15:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2014-09-22 18:54 - 2014-09-22 18:54 - 01010176 _____ () C:\Users\User1\Downloads\MicrosoftFixit50884 (1).msi
2014-09-22 18:53 - 2014-09-22 18:53 - 01010176 _____ () C:\Users\User1\Downloads\MicrosoftFixit50884.msi
2014-09-22 18:33 - 2014-09-22 18:36 - 117536504 _____ (Microsoft Corporation) C:\Users\User1\Downloads\msert.exe
2014-09-22 18:24 - 2014-09-22 18:24 - 00000000 ____D () C:\Users\User1\AppData\Roaming\Simply Super Software
2014-09-22 18:00 - 2014-09-24 14:57 - 00000000 ____D () C:\ProgramData\TEMP
2014-09-22 18:00 - 2014-09-22 18:00 - 00001101 _____ () C:\Users\Public\Desktop\Trojan Remover.lnk
2014-09-22 18:00 - 2014-09-22 18:00 - 00000000 ____D () C:\ProgramData\Simply Super Software
2014-09-22 18:00 - 2014-09-22 18:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
2014-09-22 18:00 - 2014-09-22 18:00 - 00000000 ____D () C:\ProgramData\Licenses
2014-09-22 18:00 - 2014-09-22 18:00 - 00000000 ____D () C:\Program Files\Trojan Remover
2014-09-22 17:58 - 2014-09-22 17:59 - 21657592 _____ (Simply Super Software ) C:\Users\User1\Downloads\trjsetup691.exe
2014-09-22 17:31 - 2014-09-22 17:31 - 00000000 ____D () C:\Users\User1\AppData\Roaming\Yzuxri
2014-09-17 13:17 - 2014-09-17 13:17 - 00000000 ____D () C:\Users\User1\Desktop\temp_files
2014-09-11 12:47 - 2014-09-15 11:05 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-09-11 03:14 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-11 03:14 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-11 03:14 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-11 03:14 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-11 03:14 - 2014-08-18 23:57 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-11 03:14 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-11 03:14 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-11 03:14 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-11 03:14 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-11 03:14 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-11 03:14 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-11 03:14 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-11 03:14 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-11 03:14 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-11 03:14 - 2014-08-18 23:36 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-11 03:14 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-11 03:14 - 2014-08-18 23:30 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-11 03:14 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-11 03:14 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-11 03:14 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-11 03:14 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-11 03:14 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-11 03:14 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-11 03:14 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-11 03:14 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-11 03:14 - 2014-08-18 23:08 - 00673792 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-11 03:14 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-11 03:14 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-11 03:14 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-11 03:14 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-11 03:14 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-11 02:20 - 2014-07-07 03:40 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-11 02:20 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-11 02:19 - 2014-09-05 03:52 - 00445952 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-11 02:19 - 2014-09-05 03:47 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-11 02:19 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-11 02:19 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-10 09:49 - 2014-09-10 09:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-09-10 09:48 - 2014-09-10 09:48 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-09-10 09:48 - 2014-09-10 09:48 - 00000000 ____D () C:\Program Files\iPod
2014-09-05 11:52 - 2014-09-05 11:52 - 00000000 ____D () C:\Users\User1\AppData\Roaming\Opera
2014-09-03 15:59 - 2014-09-03 15:59 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-08-28 09:15 - 2014-08-23 03:46 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-28 09:15 - 2014-08-23 02:42 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-25 10:57 - 2014-09-24 08:42 - 00027187 _____ () C:\Users\User1\Desktop\FRST.txt
2014-09-25 10:56 - 2014-09-24 08:42 - 00000000 ____D () C:\FRST
2014-09-25 10:56 - 2010-09-22 17:04 - 00000041 _____ () C:\Windows\Filzip.ini
2014-09-25 10:55 - 2014-09-25 10:53 - 00001433 _____ () C:\Users\User1\Desktop\JRT.txt
2014-09-25 10:52 - 2012-04-25 08:38 - 00000000 ___RD () C:\Users\User1\SkyDrive
2014-09-25 10:52 - 2009-07-14 06:34 - 00021680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-25 10:52 - 2009-07-14 06:34 - 00021680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-25 10:51 - 2014-09-25 10:51 - 00000000 ____D () C:\Windows\ERUNT
2014-09-25 10:50 - 2014-09-25 10:50 - 01024790 _____ (Thisisu) C:\Users\User1\Desktop\JRT.exe
2014-09-25 10:50 - 2010-04-26 17:11 - 00000000 ____D () C:\Users\User1\AppData\Roaming\Skype
2014-09-25 10:49 - 2010-05-31 10:28 - 00001144 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1903734357-4184266498-2229017531-1000UA.job
2014-09-25 10:48 - 2014-09-25 10:48 - 00033390 _____ () C:\Users\User1\Desktop\AdwCleaner[S0].txt
2014-09-25 10:48 - 2010-04-21 17:19 - 01093111 _____ () C:\Windows\WindowsUpdate.log
2014-09-25 10:47 - 2011-02-16 19:01 - 00000000 ____D () C:\jexepackres
2014-09-25 10:46 - 2014-09-23 17:14 - 00000000 ___RD () C:\Users\User1\iCloudDrive
2014-09-25 10:46 - 2012-04-30 14:50 - 00000000 ___RD () C:\Users\User1\Google Drive
2014-09-25 10:46 - 2010-10-04 15:49 - 00000000 ____D () C:\Users\User1\AppData\Roaming\Dropbox
2014-09-25 10:45 - 2014-09-25 10:45 - 00000022 _____ () C:\Windows\S.dirmngr
2014-09-25 10:45 - 2010-07-12 16:46 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-25 10:45 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-25 10:44 - 2014-08-14 09:09 - 00008308 _____ () C:\Windows\PFRO.log
2014-09-25 10:44 - 2014-03-06 11:50 - 00007592 _____ () C:\Windows\setupact.log
2014-09-25 10:44 - 2010-04-21 17:45 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-09-25 10:43 - 2014-09-25 10:38 - 00000000 ____D () C:\AdwCleaner
2014-09-25 10:37 - 2010-07-12 16:46 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-25 10:35 - 2014-09-25 10:33 - 00010138 _____ () C:\Users\User1\Desktop\Malware_25_09_2014.txt
2014-09-25 10:31 - 2014-09-23 17:12 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-25 10:27 - 2010-12-06 17:08 - 00000000 ____D () C:\Windows\Msagent
2014-09-25 10:19 - 2014-09-25 10:19 - 01373475 _____ () C:\Users\User1\Desktop\AdwCleaner_3.310.exe
2014-09-25 10:14 - 2012-06-26 10:17 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-25 09:58 - 2009-07-25 14:54 - 01629442 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-25 09:03 - 2014-02-20 10:19 - 00002215 _____ () C:\Users\User1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2014-09-24 20:24 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-09-24 20:00 - 2012-04-20 18:40 - 00000000 ____D () C:\Users\User1\Downloads\iPod Photo Cache
2014-09-24 18:07 - 2014-09-24 18:07 - 00001006 _____ () C:\Users\Public\Desktop\Hotspot Shield.lnk
2014-09-24 17:42 - 2014-09-24 17:42 - 00000000 ____D () C:\Users\User1\AppData\Roaming\WinPatrol
2014-09-24 17:41 - 2014-09-24 17:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
2014-09-24 17:41 - 2014-09-24 17:41 - 00000000 ____D () C:\ProgramData\InstallMate
2014-09-24 17:41 - 2014-09-24 17:41 - 00000000 ____D () C:\Program Files\Ruiware
2014-09-24 17:36 - 2014-09-24 17:36 - 01156136 _____ (Ruiware) C:\Users\User1\Desktop\wpsetup.exe
2014-09-24 16:49 - 2010-05-31 10:28 - 00001092 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1903734357-4184266498-2229017531-1000Core.job
2014-09-24 16:22 - 2010-08-30 09:05 - 00000000 ____D () C:\Users\User1\AppData\Local\Gladinet
2014-09-24 15:12 - 2014-09-24 15:12 - 00036320 _____ () C:\ComboFix.txt
2014-09-24 15:12 - 2014-09-24 14:42 - 00000000 ____D () C:\Qoobox
2014-09-24 15:12 - 2010-10-26 09:00 - 00000000 ____D () C:\Users\Transfer
2014-09-24 15:12 - 2009-07-14 04:37 - 00000000 __RHD () C:\Users\Default
2014-09-24 15:12 - 2009-07-14 04:37 - 00000000 ___RD () C:\Users\Public
2014-09-24 15:10 - 2014-09-24 14:41 - 00000000 ____D () C:\Windows\erdnt
2014-09-24 15:05 - 2009-07-14 04:04 - 00000215 _____ () C:\Windows\system.ini
2014-09-24 15:01 - 2011-04-19 10:32 - 00000000 ____D () C:\Program Files\You Ripper
2014-09-24 14:57 - 2014-09-22 18:00 - 00000000 ____D () C:\ProgramData\TEMP
2014-09-24 14:38 - 2014-09-24 14:38 - 05579290 ____R (Swearware) C:\Users\User1\Desktop\ComboFix.exe
2014-09-24 09:50 - 2014-09-24 09:50 - 00006570 _____ () C:\Users\User1\Desktop\GMER_24_09_2014.log
2014-09-24 08:59 - 2014-09-24 08:59 - 00380416 _____ () C:\Users\User1\Desktop\Gmer-19357.exe
2014-09-24 08:41 - 2014-09-24 08:41 - 01098240 _____ (Farbar) C:\Users\User1\Desktop\FRST.exe
2014-09-24 08:40 - 2014-09-24 08:40 - 00000000 _____ () C:\Users\User1\defogger_reenable
2014-09-24 08:40 - 2012-01-16 18:10 - 00000000 ____D () C:\Program Files\Free Download Manager
2014-09-24 08:40 - 2010-04-21 17:44 - 00000000 ____D () C:\Users\User1
2014-09-24 08:39 - 2014-09-24 08:39 - 00050477 _____ () C:\Users\User1\Desktop\Defogger.exe
2014-09-23 18:52 - 2014-09-23 17:57 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-09-23 18:52 - 2014-09-23 17:56 - 00000000 ____D () C:\Users\User1\Desktop\mbar
2014-09-23 17:56 - 2014-09-23 17:11 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-23 17:45 - 2010-04-21 18:46 - 00000000 ____D () C:\Windows\PCHEALTH
2014-09-23 17:11 - 2014-09-23 17:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-09-23 17:11 - 2014-09-23 17:11 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware
2014-09-23 17:11 - 2012-07-05 16:13 - 00001064 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-09-23 17:11 - 2012-07-05 16:13 - 00000000 ____D () C:\Users\User1\AppData\Roaming\Malwarebytes
2014-09-23 17:11 - 2012-07-05 16:13 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-23 17:00 - 2014-09-23 17:00 - 00000000 ____D () C:\Users\User1\AppData\Local\Apple Inc
2014-09-23 17:00 - 2010-04-26 17:01 - 00000000 ____D () C:\Users\User1\AppData\Roaming\Apple Computer
2014-09-23 15:05 - 2014-09-23 15:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2014-09-23 00:00 - 2010-04-21 17:25 - 00000000 ____D () C:\ProgramData\PDFC
2014-09-22 18:54 - 2014-09-22 18:54 - 01010176 _____ () C:\Users\User1\Downloads\MicrosoftFixit50884 (1).msi
2014-09-22 18:53 - 2014-09-22 18:53 - 01010176 _____ () C:\Users\User1\Downloads\MicrosoftFixit50884.msi
2014-09-22 18:36 - 2014-09-22 18:33 - 117536504 _____ (Microsoft Corporation) C:\Users\User1\Downloads\msert.exe
2014-09-22 18:24 - 2014-09-22 18:24 - 00000000 ____D () C:\Users\User1\AppData\Roaming\Simply Super Software
2014-09-22 18:00 - 2014-09-22 18:00 - 00001101 _____ () C:\Users\Public\Desktop\Trojan Remover.lnk
2014-09-22 18:00 - 2014-09-22 18:00 - 00000000 ____D () C:\ProgramData\Simply Super Software
2014-09-22 18:00 - 2014-09-22 18:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
2014-09-22 18:00 - 2014-09-22 18:00 - 00000000 ____D () C:\ProgramData\Licenses
2014-09-22 18:00 - 2014-09-22 18:00 - 00000000 ____D () C:\Program Files\Trojan Remover
2014-09-22 17:59 - 2014-09-22 17:58 - 21657592 _____ (Simply Super Software ) C:\Users\User1\Downloads\trjsetup691.exe
2014-09-22 17:39 - 2013-12-02 09:54 - 00000344 _____ () C:\Windows\Tasks\HPCeeScheduleForUser1.job
2014-09-22 17:31 - 2014-09-22 17:31 - 00000000 ____D () C:\Users\User1\AppData\Roaming\Yzuxri
2014-09-22 15:21 - 2010-10-08 14:43 - 00000052 _____ () C:\Windows\system32\DOErrors.log
2014-09-22 15:01 - 2010-10-04 15:51 - 00001038 _____ () C:\Users\User1\Desktop\Dropbox.lnk
2014-09-22 15:01 - 2010-10-04 15:49 - 00000000 ____D () C:\Users\User1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-09-19 14:56 - 2011-06-29 15:35 - 00000000 ____D () C:\Users\User1\AppData\Local\PokerStars.EU
2014-09-19 14:56 - 2010-04-21 19:40 - 00000000 ____D () C:\Program Files\Holdem Indicator
2014-09-18 06:51 - 2010-05-31 10:29 - 00002393 _____ () C:\Users\User1\Desktop\Google Chrome.lnk
2014-09-17 14:42 - 2014-07-11 11:41 - 00000000 ____D () C:\Users\User1\AppData\Roaming\iFunbox_UserCache
2014-09-17 13:17 - 2014-09-17 13:17 - 00000000 ____D () C:\Users\User1\Desktop\temp_files
2014-09-16 09:01 - 2012-04-27 10:30 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-09-15 11:05 - 2014-09-11 12:47 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-09-15 09:06 - 2010-04-21 18:33 - 00231568 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-11 03:41 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-09-11 03:14 - 2013-08-20 03:06 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-11 03:04 - 2014-05-06 20:09 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-11 03:04 - 2011-08-23 11:24 - 98758480 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-10 14:14 - 2012-06-26 10:17 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-09-10 14:14 - 2012-06-26 10:17 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-09-10 09:49 - 2014-09-10 09:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-09-10 09:49 - 2014-07-22 11:30 - 00001755 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-09-10 09:48 - 2014-09-10 09:48 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-09-10 09:48 - 2014-09-10 09:48 - 00000000 ____D () C:\Program Files\iPod
2014-09-10 09:48 - 2011-01-24 22:12 - 00000000 ____D () C:\Program Files\iTunes
2014-09-10 09:48 - 2010-04-26 16:59 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-09-09 23:47 - 2014-09-24 08:27 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-09 15:57 - 2010-10-10 22:46 - 00007602 _____ () C:\Users\User1\AppData\Local\resmon.resmoncfg
2014-09-05 11:52 - 2014-09-05 11:52 - 00000000 ____D () C:\Users\User1\AppData\Roaming\Opera
2014-09-05 11:52 - 2009-07-14 04:04 - 00000520 _____ () C:\Windows\win.ini
2014-09-05 03:52 - 2014-09-11 02:19 - 00445952 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-05 03:47 - 2014-09-11 02:19 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-04 16:38 - 2011-06-29 15:35 - 00000000 ____D () C:\Program Files\PokerStars
2014-09-03 15:59 - 2014-09-03 15:59 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-09-03 15:59 - 2010-04-26 17:10 - 00000000 ____D () C:\ProgramData\Skype
2014-08-29 03:21 - 2009-07-14 06:33 - 00539384 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-26 09:19 - 2010-12-02 12:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ReNoStar
2014-08-26 09:16 - 2010-12-02 12:36 - 00000000 ____D () C:\Renostar
Some content of TEMP:
====================
C:\Users\User1\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpbazx2i.dll
C:\Users\User1\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-09-16 19:39
==================== End Of Log ============================
--- --- --- [/CODE] Für die Addition.txt war kein Platz mehr. Ich hänge die mal vorsichtshalber an. Vielen Dank nochmal für die Hilfe. Ich hoffe, wir nähern uns der endgültigen Bereinigung ;-) Gruß Thomas |
|
25.09.2014, 13:14
| #6 |
| /// the machine /// TB-Ausbilder | Win7 Prof. Infiziert mit Win32/Packed.Asprotect.DS Trojaner! Entfernung?ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ --> Win7 Prof. Infiziert mit Win32/Packed.Asprotect.DS Trojaner! Entfernung? |
|
26.09.2014, 09:12
| #7 |
| | Win7 Prof. Infiziert mit Win32/Packed.Asprotect.DS Trojaner! Entfernung? Hallo Schrauber, anbei die Logs. SecurityCheck meldet, dass mein Betriebssystem nicht unterstützt wird.. Ansonsten gibt es keine aktuellen Probleme, ich will aber sicher sein, dass die Seuche vom Computer ist. Vielen Dank!! 1. ESET: Code:
ATTFilter C:\AdwCleaner\Quarantine\C\Program Files\DVDVideoSoftTB\DVDVideoSoftTBToolbarHelper.exe.vir Win32/Toolbar.Conduit.V evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files\DVDVideoSoftTB\DVDVideoSoftTBToolbarHelper1.exe.vir Win32/Toolbar.Conduit.V evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files\DVDVideoSoftTB\hk64tbDVD0.dll.vir Variante von Win64/Toolbar.Conduit.B evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files\DVDVideoSoftTB\hk64tbDVD2.dll.vir Win64/Toolbar.Conduit.A evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files\DVDVideoSoftTB\hktbDVD0.dll.vir Variante von Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files\DVDVideoSoftTB\hktbDVD2.dll.vir Win32/Toolbar.Conduit.W evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files\DVDVideoSoftTB\ldrtbDVD0.dll.vir Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files\DVDVideoSoftTB\ldrtbDVD2.dll.vir Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files\DVDVideoSoftTB\prxtbDVD0.dll.vir Win32/Toolbar.Conduit.N evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files\DVDVideoSoftTB\prxtbDVD2.dll.vir Win32/Toolbar.Conduit.W evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files\DVDVideoSoftTB\tbDVD0.dll.vir Variante von Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files\DVDVideoSoftTB\tbDVD2.dll.vir Variante von Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files\DVDVideoSoftTB\tbDVDV.dll.vir Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Users\Thomas Zeeh\AppData\Local\Conduit\CT2269050\DVDVideoSoftTBAutoUpdateHelper.exe.vir Variante von Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Users\Thomas Zeeh\AppData\LocalLow\DVDVideoSoftTB\hk64tbDVD0.dll.vir Variante von Win64/Toolbar.Conduit.B evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Users\Thomas Zeeh\AppData\LocalLow\DVDVideoSoftTB\hk64tbDVD2.dll.vir Win64/Toolbar.Conduit.A evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Users\Thomas Zeeh\AppData\LocalLow\DVDVideoSoftTB\hktbDVD0.dll.vir Variante von Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Users\Thomas Zeeh\AppData\LocalLow\DVDVideoSoftTB\hktbDVD2.dll.vir Win32/Toolbar.Conduit.W evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Users\Thomas Zeeh\AppData\LocalLow\DVDVideoSoftTB\ldrtbDVD0.dll.vir Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Users\Thomas Zeeh\AppData\LocalLow\DVDVideoSoftTB\ldrtbDVD2.dll.vir Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Users\Thomas Zeeh\AppData\LocalLow\DVDVideoSoftTB\tbDVD0.dll.vir Variante von Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Users\Thomas Zeeh\AppData\LocalLow\DVDVideoSoftTB\tbDVD1.dll.vir Variante von Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Users\Thomas Zeeh\AppData\LocalLow\DVDVideoSoftTB\tbDVD2.dll.vir Variante von Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Users\Thomas Zeeh\AppData\LocalLow\DVDVideoSoftTB\tbDVDV.dll.vir Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Users\Thomas Zeeh\AppData\LocalLow\DVDVideoSoftTB\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.6.12\bin\PriceGongIE.dll.vir Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Users\Thomas Zeeh\AppData\Roaming\OpenCandy\8625182C5B5441FC81376116A8740B4B\speedupmypcDE.exe.vir Win32/SpeedUpMyPC evtl. unerwünschte Anwendung
C:\Documents and Settings\Thomas Zeeh\Desktop\HSS-1.51-install-anchorfree-76-conduit.exe Variante von Win32/HotSpotShield evtl. unerwünschte Anwendung
C:\Documents and Settings\Thomas Zeeh\Downloads\java_setup.exe Win32/AdWare.iBryte.AW Anwendung
C:\Documents and Settings\Thomas Zeeh\Downloads\setup (1).exe Win32/OutBrowse.G evtl. unerwünschte Anwendung
C:\Documents and Settings\Thomas Zeeh\Downloads\setup (2).exe Win32/OutBrowse.G evtl. unerwünschte Anwendung
C:\Documents and Settings\Thomas Zeeh\Downloads\setup.exe Win32/OutBrowse.G evtl. unerwünschte Anwendung
C:\Documents and Settings\Thomas Zeeh\Downloads\SoftonicDownloader_fuer_iringer.exe Win32/SoftonicDownloader.G evtl. unerwünschte Anwendung
C:\Dokumente und Einstellungen\Thomas Zeeh\Desktop\HSS-1.51-install-anchorfree-76-conduit.exe Variante von Win32/HotSpotShield evtl. unerwünschte Anwendung
C:\Dokumente und Einstellungen\Thomas Zeeh\Downloads\java_setup.exe Win32/AdWare.iBryte.AW Anwendung
C:\Dokumente und Einstellungen\Thomas Zeeh\Downloads\setup (1).exe Win32/OutBrowse.G evtl. unerwünschte Anwendung
C:\Dokumente und Einstellungen\Thomas Zeeh\Downloads\setup (2).exe Win32/OutBrowse.G evtl. unerwünschte Anwendung
C:\Dokumente und Einstellungen\Thomas Zeeh\Downloads\setup.exe Win32/OutBrowse.G evtl. unerwünschte Anwendung
C:\Dokumente und Einstellungen\Thomas Zeeh\Downloads\SoftonicDownloader_fuer_iringer.exe Win32/SoftonicDownloader.G evtl. unerwünschte Anwendung
C:\Program Files\PDFCreator\Toolbar\pdfforge Toolbar_setup.exe Win32/Toolbar.Widgi evtl. unerwünschte Anwendung
C:\Programme\PDFCreator\Toolbar\pdfforge Toolbar_setup.exe Win32/Toolbar.Widgi evtl. unerwünschte Anwendung
C:\Qoobox\Quarantine\C\Users\Thomas Zeeh\AppData\Roaming\Ryxui\gyup.exe.vir Variante von Win32/Packed.Asprotect.DS Trojaner
C:\Users\Thomas Zeeh\Desktop\HSS-1.51-install-anchorfree-76-conduit.exe Variante von Win32/HotSpotShield evtl. unerwünschte Anwendung
C:\Users\Thomas Zeeh\Downloads\java_setup.exe Win32/AdWare.iBryte.AW Anwendung
C:\Users\Thomas Zeeh\Downloads\setup (1).exe Win32/OutBrowse.G evtl. unerwünschte Anwendung
C:\Users\Thomas Zeeh\Downloads\setup (2).exe Win32/OutBrowse.G evtl. unerwünschte Anwendung
C:\Users\Thomas Zeeh\Downloads\setup.exe Win32/OutBrowse.G evtl. unerwünschte Anwendung
C:\Users\Thomas Zeeh\Downloads\SoftonicDownloader_fuer_iringer.exe Win32/SoftonicDownloader.G evtl. unerwünschte Anwendung
D:\wichtige_0676.zip Variante von Win32/Kryptik.CLUJ Trojaner
D:\Downloads\cnet2_powertab_zip.exe Variante von Win32/InstallCore.D evtl. unerwünschte Anwendung
D:\Downloads\FreeVideoToDVDConverter.exe Win32/Toolbar.Conduit evtl. unerwünschte Anwendung
D:\Downloads\FreeYouTubeToMP3Converter(1).exe Variante von Win32/Toolbar.Conduit.AI evtl. unerwünschte Anwendung
D:\Downloads\FreeYouTubeToMP3Converter.exe Variante von Win32/Toolbar.Conduit.AI evtl. unerwünschte Anwendung
D:\Downloads\iLividSetup-r563-n-bf.exe Win32/Toolbar.SearchSuite evtl. unerwünschte Anwendung
D:\Downloads\Integrated_CT2325506.exe Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung
D:\Downloads\Mv2%20Player.exe MSIL/Solimba evtl. unerwünschte Anwendung
D:\Downloads\PDFCreator-1_2_3_setup.exe Win32/Toolbar.Widgi evtl. unerwünschte Anwendung
D:\Downloads\ZipOpenerSetup.exe Win32/InstallCore.BN evtl. unerwünschte Anwendung
D:\Downloads bis 3_5_2011\HoldemIndicatorSetup.exe Variante von Win32/Packed.Themida evtl. unerwünschte Anwendung
D:\Downloads bis 3_5_2011\SoftonicDownloader96007.exe Win32/SoftonicDownloader.A evtl. unerwünschte Anwendung
H:\HomeSafe\Eigene Dateien Festplatte E\Downloads\Privat\keylogger.zip Mehrere Bedrohungen
H:\HomeSafe\Eigene Dateien Festplatte E\Downloads\Geschäft\Downloads\HoldemIndicatorSetup.exe Variante von Win32/Packed.Themida evtl. unerwünschte Anwendung
H:\HomeSafe\Eigene Dateien Festplatte E\Downloads\Geschäft\Downloads\Setup_Moorhuhn_Winter_GER-dm.exe Variante von Win32/Adware.Trymedia.A evtl. unerwünschte Anwendung
H:\HomeSafe\Eigene Dateien Festplatte E\Sicherung\Sicherung Netz 2001\UTIL\NSM\CALCPSW.EXE möglicherweise unbekannter Virus POLY.CRYPT.TSR.COM.EXE Virus
H:\HomeSafe\Eigene Dateien Festplatte E\Sicherung\OLDCOMP\DOKUME~1\WRAPST~1.EXE Win32/Adware.Webhancer.A Anwendung
Code:
ATTFilter UNSUPPORTED OPERATING SYSTEM! ABORTED!
FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-09-2014
Ran by User1 (administrator) on User1-HP on 26-09-2014 08:45:31
Running from C:\Users\User1\Desktop
Loaded Profiles: User1 & UpdatusUser (Available profiles: User1 & UpdatusUser)
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(ALWIL Software) C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
(ALWIL Software) C:\Program Files\Alwil Software\Avast4\aswServ.exe
() C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ALWIL Software) C:\Program Files\Alwil Software\Avast4\AvAgent.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
() C:\Program Files\GNU\GnuPG\dirmngr.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(PDF Complete Inc) C:\Program Files\PDF Complete\pdfsvc.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version6\TeamViewer.exe
(ALWIL Software) C:\Program Files\Alwil Software\Avast4\aswDisp.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe
() C:\Program Files\AirVideoServer\AirVideoServer.exe
(1&1 Mail & Media GmbH) C:\Program Files\WEB.DE\WEB.DE SmartDrive Manager\DAVSRV.EXE
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudDrive.exe
(Ruiware LLC) C:\Program Files\Ruiware\WinPatrol\WinPatrol.exe
(Audible, Inc.) C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe
(ReNoStar GmbH) C:\Renostar\ziuboost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Dropbox, Inc.) C:\Users\User1\AppData\Roaming\Dropbox\bin\Dropbox.exe
(ReNoStar GmbH) C:\Renostar\ziuserv.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
() C:\Program Files\Printer Pro Desktop\PrinterProDesktop.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Users\User1\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
(FreeDownloadManager.ORG) C:\Program Files\Free Download Manager\fdm.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe
(ALWIL Software) C:\Program Files\Alwil Software\Avast4\aswMaiSv.exe
(ALWIL Software) C:\Program Files\Alwil Software\Avast4\aswWebSv.exe
(Google Inc.) C:\Users\User1\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User1\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User1\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User1\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User1\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User1\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User1\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User1\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User1\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User1\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User1\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User1\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User1\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User1\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User1\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User1\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User1\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User1\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User1\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User1\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User1\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User1\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\User1\AppData\Local\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [avast!] => C:\Program Files\Alwil Software\Avast4\aswDisp.exe [81000 2010-02-18] (ALWIL Software)
HKLM\...\Run: [AppleSyncNotifier] => C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-10-06] (Apple Inc.)
HKLM\...\Run: [ApplyEsf-eDocPrintPro] => C:\Program Files\Common Files\MAYComputer\eDocPrintPro\\ApplyEsf.exe [315392 2009-05-19] (May Software)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM\...\Run: [LexwareInfoService] => C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe [339312 2010-09-15] (Haufe-Lexware GmbH & Co. KG)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKLM\...\Run: [Adobe Photo Downloader] => C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe [57344 2005-09-09] (Adobe Systems Incorporated)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-08-19] (Hewlett-Packard)
HKLM\...\Policies\Explorer: [NoWelcomeScreen] 1
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 0
HKLM\...\Policies\Explorer: [HideSCAHealth] 0
HKU\S-1-5-21-1903734357-4184266498-2229017531-1000\...\Run: [AirVideoServer] => C:\Program Files\AirVideoServer\AirVideoServer.exe [4923784 2010-09-22] ()
HKU\S-1-5-21-1903734357-4184266498-2229017531-1000\...\Run: [WEB.DE_WEB.DE SmartDrive Manager] => C:\Program Files\WEB.DE\WEB.DE SmartDrive Manager\DAVSRV.EXE [1259624 2011-11-21] (1&1 Mail & Media GmbH)
HKU\S-1-5-21-1903734357-4184266498-2229017531-1000\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-08-08] (Apple Inc.)
HKU\S-1-5-21-1903734357-4184266498-2229017531-1000\...\Run: [ApplePhotoStreams] => C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-08-14] (Apple Inc.)
HKU\S-1-5-21-1903734357-4184266498-2229017531-1000\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [22734160 2014-08-08] (Google)
HKU\S-1-5-21-1903734357-4184266498-2229017531-1000\...\Run: [iCloudDrive] => C:\Program Files\Common Files\Apple\Internet Services\iCloudDrive.exe [43816 2014-08-15] (Apple Inc.)
HKU\S-1-5-21-1903734357-4184266498-2229017531-1000\...\Run: [WinPatrol] => C:\Program Files\Ruiware\WinPatrol\winpatrol.exe [1154112 2014-07-21] (Ruiware LLC)
HKU\S-1-5-21-1903734357-4184266498-2229017531-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-1903734357-4184266498-2229017531-1000\...\Policies\Explorer: [TaskbarNoNotification] 0
HKU\S-1-5-21-1903734357-4184266498-2229017531-1005\...\Run: [HPADVISOR] => C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat - Schnellstart.lnk
ShortcutTarget: Adobe Acrobat - Schnellstart.lnk -> C:\Windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
ShortcutTarget: Adobe Reader Synchronizer.lnk -> C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Audible Download Manager.lnk
ShortcutTarget: Audible Download Manager.lnk -> C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe (Audible, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RenoBoost.lnk
ShortcutTarget: RenoBoost.lnk -> C:\Renostar\ziuboost.exe (ReNoStar GmbH)
Startup: C:\Users\User1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\User1\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: 01Mediencenter_InSync -> {77BC4082-DB5F-439A-8DC8-F9E24A63B0DE} => C:\Users\User1\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll (Deutsche Telekom AG)
ShellIconOverlayIdentifiers: 02Mediencenter_ToSync -> {528EE335-5034-4EFC-834E-63E5F02D2BC2} => C:\Users\User1\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll (Deutsche Telekom AG)
ShellIconOverlayIdentifiers: 03Mediencenter_Failed -> {6066ADF0-9EB0-43E5-ADB6-990F5A3B979C} => C:\Users\User1\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll (Deutsche Telekom AG)
ShellIconOverlayIdentifiers: GDriveBlacklistedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedEditOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedViewOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncingOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: NTFSLink_Hardlink -> {0314E3A0-45DB-4D75-BB86-27B8EF28907B} => C:\Program Files\NTFS Link\ntfslink.dll (Michael Elsdoerfer)
ShellIconOverlayIdentifiers: NTFSLink_Junction -> {61702EF5-1B33-487F-995F-6FA23F1D6652} => C:\Program Files\NTFS Link\ntfslink.dll (Michael Elsdoerfer)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKCU - {959BE5A4-EE6C-421B-BCF4-D90E4D8F869C} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO: Free Download Manager -> {CC59E0F9-7E43-44FA-9FAA-8377850BF205} -> C:\Program Files\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.253
Tcpip\..\Interfaces\{9070C6BC-FDE8-47DC-990D-F527F074EC3D}: [NameServer] 192.168.0.250
FireFox:
========
FF ProfilePath: C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\9we27dqw.default
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.spiegel.de/|hxxp://www.rollingstone.de/|hxxp://www.zeit.de/index|https://secure-squashtv.premiumtv.co.uk/page/secure/BuyNow/?schemeAndHost=http%3A%2F%2Fwww.psasquashtv.com|https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=11&ct=1335336225&rver=6.1.6206.0&wp=MBI_SSL_SHARED&wreply=https:%2F%2Fskydrive.live.com%2F%3Flc%3D1031&lc=1031&id=250206&mkt=de-DE&cbcxt=sky
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.21.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll No File
FF Plugin: @java.com/JavaPlugin,version=10.21.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\User1\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\User1\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\User1\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\User1\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\User1\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\User1\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Разпознаване на устройство Logitech - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\9we27dqw.default\Extensions\DeviceDetection@logitech.com [2011-10-19]
FF Extension: Free Download Manager plugin - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\9we27dqw.default\Extensions\fdm_ffext@freedownloadmanager.org [2012-12-13]
FF Extension: Xmarks - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\9we27dqw.default\Extensions\foxmarks@kei.com [2014-09-22]
FF Extension: KeeFox - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\9we27dqw.default\Extensions\keefox@chris.tomlinson [2014-09-22]
FF Extension: facebookvideo - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\9we27dqw.default\Extensions\{43c35458-c907-439b-bcfd-07d373834689} [2010-06-25]
FF Extension: FT SleekDark - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\9we27dqw.default\Extensions\{a21cd440-41d6-11e0-9207-0800200c9a66} [2012-05-09]
FF Extension: Aviary - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\9we27dqw.default\Extensions\{d5eeb813-935a-435d-b01e-b3a02f2cb408} [2011-12-17]
FF Extension: Embedded Objects - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\9we27dqw.default\Extensions\firefox@red-cog.com.xpi [2012-01-24]
FF Extension: Facebook Privacy Watcher - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\9we27dqw.default\Extensions\fpw@informatik.tu-darmstadt.de.xpi [2012-11-09]
FF Extension: MozRepl - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\9we27dqw.default\Extensions\mozrepl@hyperstruct.net.xpi [2011-07-26]
FF Extension: MyPermissions Cleaner - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\9we27dqw.default\Extensions\{6140bbfd-aa20-11e1-aba7-109add603214}.xpi [2014-01-10]
FF Extension: StumbleUpon - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\9we27dqw.default\Extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}.xpi [2011-10-26]
FF Extension: Menu Editor - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\9we27dqw.default\Extensions\{EDA7B1D7-F793-4e03-B074-E6F303317FB0}.xpi [2011-03-14]
FF Extension: Hotspot Shield Extension - C:\Program Files\Mozilla Firefox\browser\extensions\afproxy@anchorfree.com [2014-09-24]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]
FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
Chrome:
=======
CHR HomePage: Default -> hxxp://www.spiegel.de/
CHR StartupUrls: Default -> "hxxp://www.spiegel.de/", "hxxp://www.zeit.de/index", "https://startpage.com/deu/"
CHR DefaultSearchKeyword: Default -> 322926C86E96565B5B186D0D93824BA7109A5AB72F38EEFF449414F716A6F639
CHR DefaultSearchURL: Default -> 431FA44896D609C9D05DAD0EBC81671B01516EE64A9157C9D94B71F353B0BCD8
CHR Plugin: (Chrome PDF Viewer) - C:\Users\User1\AppData\Local\Google\Chrome\Application\38.0.2125.77\pdf.dll ()
CHR Plugin: (Google Gears 0.5.33.0) - C:\Users\User1\AppData\Local\Google\Chrome\Application\38.0.2125.77\gears.dll No File
CHR Plugin: (Shockwave Flash) - C:\Users\User1\AppData\Local\Google\Chrome\Application\38.0.2125.77\gcswf32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.210.7) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U21) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (ClickPotatoLite Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\npclntax_ClickPotatoLiteSA.dll No File
CHR Plugin: (Microsoft Office 2003) - C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll No File
CHR Plugin: (VLC Multimedia Plug-in) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR CustomProfile: C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-07]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-21]
CHR Extension: (YouTube) - C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-01]
CHR Extension: (Google-Suche) - C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-01]
CHR Extension: (Google Wallet) - C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-07]
CHR Extension: (Evernote Web Clipper) - C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2010-09-30]
CHR Extension: (Google Mail) - C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-01]
CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\THOMAS~1\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-05-03]
CHR StartMenuInternet: Google Chrome - C:\Users\User1\AppData\Local\Google\Chrome\Application\chrome.exe
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeActiveFileMonitor4.0; C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe [102400 2005-09-09] () [File not signed]
R2 aswUpdSv; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [18752 2010-02-18] (ALWIL Software)
R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast4\aswServ.exe [138680 2010-02-18] (ALWIL Software)
R3 avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\aswMaiSv.exe [254040 2010-02-18] (ALWIL Software)
R2 avast! NetAgent; C:\Program Files\Alwil Software\Avast4\AvAgent.exe [52160 2010-02-18] (ALWIL Software)
R3 avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\aswWebSv.exe [352920 2010-02-18] (ALWIL Software)
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S3 CGVPNCliSrvc; C:\Program Files\CyberGhost VPN\CGVPNCliService.exe [2430128 2011-12-06] (mobile concepts GmbH)
R2 DirMngr; C:\Program Files\GNU\GnuPG\dirmngr.exe [218112 2013-07-16] () [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2013-01-09] (Macrovision Europe Ltd.) [File not signed]
R2 HP Health Check Service; C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [121344 2010-05-20] (Hewlett-Packard) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)
R2 pdfcDispatcher; C:\Program Files\PDF Complete\pdfsvc.exe [635416 2009-06-18] (PDF Complete Inc)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 AR5211; C:\Windows\System32\DRIVERS\ar5211.sys [549184 2007-10-26] (Atheros Communications, Inc.)
R2 aswFsBlk; C:\Windows\System32\DRIVERS\aswFsBlk.sys [20560 2010-02-18] (ALWIL Software)
R2 aswMonFlt; C:\Windows\System32\DRIVERS\aswMonFlt.sys [53328 2010-02-18] (ALWIL Software)
R1 aswRdr; C:\Windows\system32\Drivers\aswRdr.sys [23120 2010-02-18] (ALWIL Software)
R1 aswSP; C:\Windows\system32\Drivers\aswSP.sys [114768 2010-02-18] (ALWIL Software)
R1 aswTdi; C:\Windows\system32\Drivers\aswTdi.sys [48624 2010-02-18] (ALWIL Software)
S3 athr; C:\Windows\System32\DRIVERS\athr.sys [1269760 2010-05-19] (Atheros Communications, Inc.) [File not signed]
R3 athur; C:\Windows\System32\DRIVERS\athur.sys [1500160 2010-04-20] (Atheros Communications, Inc.)
R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [39624 2014-05-17] (AnchorFree Inc.)
S3 LVUSBSta; C:\Windows\System32\drivers\LVUSBSta.sys [41752 2008-07-26] (Logitech Inc.)
S3 MOBIOLA_Wave; C:\Windows\System32\drivers\mobiolawave.sys [25024 2010-05-14] (SHAPE Services)
S3 pepifilter; C:\Windows\System32\DRIVERS\lv302af.sys [13848 2008-07-26] (Logitech Inc.)
S3 PID_PEPI; C:\Windows\System32\DRIVERS\LV302V32.SYS [2570520 2008-07-26] (Logitech Inc.)
R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [20640 2010-09-28] (Sonic Solutions) [File not signed]
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [26112 2010-11-23] (The OpenVPN Project)
S3 taphss; C:\Windows\System32\DRIVERS\taphss.sys [32768 2010-09-21] (AnchorFree Inc)
R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [37064 2014-05-17] (Anchorfree Inc.)
R2 tifsfilter; C:\Windows\System32\DRIVERS\tifsfilt.sys [44384 2012-03-06] (Acronis)
R1 uiwbrdr; C:\Windows\System32\DRIVERS\uiwbrdr.sys [144896 2011-11-21] (1&1 Mail & Media GmbH) [File not signed]
R3 WsAudioDevice_383; C:\Windows\System32\drivers\WsAudioDevice_383.sys [16640 2008-11-19] (Wondershare) [File not signed]
S3 catchme; \??\C:\Users\THOMAS~1\AppData\Local\Temp\catchme.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-26 08:45 - 2014-09-26 08:46 - 00029671 _____ () C:\Users\User1\Desktop\FRST.txt
2014-09-26 08:45 - 2014-09-26 08:45 - 00000000 ____D () C:\Users\User1\Desktop\FRST-OlderVersion
2014-09-26 08:44 - 2014-09-26 08:44 - 00000041 _____ () C:\Users\User1\Desktop\checkup.txt
2014-09-26 08:41 - 2014-09-26 08:41 - 00854417 _____ () C:\Users\User1\Desktop\SecurityCheck.exe
2014-09-26 08:38 - 2014-09-26 08:38 - 00008202 _____ () C:\Users\User1\Desktop\eset_25_09_2014.txt
2014-09-26 02:32 - 2014-09-26 02:36 - 00000000 ____D () C:\Windows\rescache
2014-09-25 19:20 - 2014-09-25 19:20 - 00000000 ____D () C:\Program Files\ESET
2014-09-25 18:09 - 2014-09-25 19:03 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-09-25 10:51 - 2014-09-25 10:51 - 00000000 ____D () C:\Windows\ERUNT
2014-09-25 10:50 - 2014-09-25 10:50 - 01024790 _____ (Thisisu) C:\Users\User1\Desktop\JRT.exe
2014-09-25 10:48 - 2014-09-25 10:48 - 00033390 _____ () C:\Users\User1\Desktop\AdwCleaner[S0].txt
2014-09-25 10:45 - 2014-09-25 10:45 - 00000022 _____ () C:\Windows\S.dirmngr
2014-09-25 10:38 - 2014-09-25 10:43 - 00000000 ____D () C:\AdwCleaner
2014-09-25 10:33 - 2014-09-25 10:35 - 00010138 _____ () C:\Users\User1\Desktop\Malware_25_09_2014.txt
2014-09-25 10:19 - 2014-09-25 10:19 - 01373475 _____ () C:\Users\User1\Desktop\AdwCleaner_3.310.exe
2014-09-24 18:10 - 2014-05-17 04:33 - 00039624 _____ (AnchorFree Inc.) C:\Windows\system32\Drivers\hssdrv6.sys
2014-09-24 18:07 - 2014-09-24 18:07 - 00001006 _____ () C:\Users\Public\Desktop\Hotspot Shield.lnk
2014-09-24 17:42 - 2014-09-24 17:42 - 00000000 ____D () C:\Users\User1\AppData\Roaming\WinPatrol
2014-09-24 17:41 - 2014-09-24 17:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
2014-09-24 17:41 - 2014-09-24 17:41 - 00000000 ____D () C:\ProgramData\InstallMate
2014-09-24 17:41 - 2014-09-24 17:41 - 00000000 ____D () C:\Program Files\Ruiware
2014-09-24 17:36 - 2014-09-24 17:36 - 01156136 _____ (Ruiware) C:\Users\User1\Desktop\wpsetup.exe
2014-09-24 15:12 - 2014-09-24 15:12 - 00036320 _____ () C:\ComboFix.txt
2014-09-24 14:42 - 2014-09-24 15:12 - 00000000 ____D () C:\Qoobox
2014-09-24 14:42 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-09-24 14:42 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-09-24 14:42 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-09-24 14:42 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-09-24 14:42 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-09-24 14:42 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-09-24 14:42 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-09-24 14:42 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-09-24 14:41 - 2014-09-24 15:10 - 00000000 ____D () C:\Windows\erdnt
2014-09-24 14:38 - 2014-09-24 14:38 - 05579290 ____R (Swearware) C:\Users\User1\Desktop\ComboFix.exe
2014-09-24 09:50 - 2014-09-24 09:50 - 00006570 _____ () C:\Users\User1\Desktop\GMER_24_09_2014.log
2014-09-24 08:59 - 2014-09-24 08:59 - 00380416 _____ () C:\Users\User1\Desktop\Gmer-19357.exe
2014-09-24 08:42 - 2014-09-26 08:45 - 00000000 ____D () C:\FRST
2014-09-24 08:41 - 2014-09-26 08:45 - 01100288 _____ (Farbar) C:\Users\User1\Desktop\FRST.exe
2014-09-24 08:40 - 2014-09-24 08:40 - 00000000 _____ () C:\Users\User1\defogger_reenable
2014-09-24 08:39 - 2014-09-24 08:39 - 00050477 _____ () C:\Users\User1\Desktop\Defogger.exe
2014-09-24 08:27 - 2014-09-09 23:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-23 17:57 - 2014-09-23 18:52 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-09-23 17:56 - 2014-09-23 18:52 - 00000000 ____D () C:\Users\User1\Desktop\mbar
2014-09-23 17:14 - 2014-09-25 10:46 - 00000000 ___RD () C:\Users\User1\iCloudDrive
2014-09-23 17:12 - 2014-09-25 10:31 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-23 17:11 - 2014-09-23 17:56 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-23 17:11 - 2014-09-23 17:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-09-23 17:11 - 2014-09-23 17:11 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware
2014-09-23 17:11 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-23 17:00 - 2014-09-23 17:00 - 00000000 ____D () C:\Users\User1\AppData\Local\Apple Inc
2014-09-23 15:05 - 2014-09-23 15:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2014-09-22 18:54 - 2014-09-22 18:54 - 01010176 _____ () C:\Users\User1\Downloads\MicrosoftFixit50884 (1).msi
2014-09-22 18:53 - 2014-09-22 18:53 - 01010176 _____ () C:\Users\User1\Downloads\MicrosoftFixit50884.msi
2014-09-22 18:33 - 2014-09-22 18:36 - 117536504 _____ (Microsoft Corporation) C:\Users\User1\Downloads\msert.exe
2014-09-22 18:24 - 2014-09-22 18:24 - 00000000 ____D () C:\Users\User1\AppData\Roaming\Simply Super Software
2014-09-22 18:00 - 2014-09-24 14:57 - 00000000 ____D () C:\ProgramData\TEMP
2014-09-22 18:00 - 2014-09-22 18:00 - 00001101 _____ () C:\Users\Public\Desktop\Trojan Remover.lnk
2014-09-22 18:00 - 2014-09-22 18:00 - 00000000 ____D () C:\ProgramData\Simply Super Software
2014-09-22 18:00 - 2014-09-22 18:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
2014-09-22 18:00 - 2014-09-22 18:00 - 00000000 ____D () C:\ProgramData\Licenses
2014-09-22 18:00 - 2014-09-22 18:00 - 00000000 ____D () C:\Program Files\Trojan Remover
2014-09-22 17:58 - 2014-09-22 17:59 - 21657592 _____ (Simply Super Software ) C:\Users\User1\Downloads\trjsetup691.exe
2014-09-22 17:31 - 2014-09-22 17:31 - 00000000 ____D () C:\Users\User1\AppData\Roaming\Yzuxri
2014-09-17 13:17 - 2014-09-17 13:17 - 00000000 ____D () C:\Users\User1\Desktop\temp_files
2014-09-11 03:14 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-11 03:14 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-11 03:14 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-11 03:14 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-11 03:14 - 2014-08-18 23:57 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-11 03:14 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-11 03:14 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-11 03:14 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-11 03:14 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-11 03:14 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-11 03:14 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-11 03:14 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-11 03:14 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-11 03:14 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-11 03:14 - 2014-08-18 23:36 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-11 03:14 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-11 03:14 - 2014-08-18 23:30 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-11 03:14 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-11 03:14 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-11 03:14 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-11 03:14 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-11 03:14 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-11 03:14 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-11 03:14 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-11 03:14 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-11 03:14 - 2014-08-18 23:08 - 00673792 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-11 03:14 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-11 03:14 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-11 03:14 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-11 03:14 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-11 03:14 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-11 02:20 - 2014-07-07 03:40 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-11 02:20 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-11 02:19 - 2014-09-05 03:52 - 00445952 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-11 02:19 - 2014-09-05 03:47 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-11 02:19 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-11 02:19 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-10 09:49 - 2014-09-10 09:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-09-10 09:48 - 2014-09-10 09:48 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-09-10 09:48 - 2014-09-10 09:48 - 00000000 ____D () C:\Program Files\iPod
2014-09-05 11:52 - 2014-09-05 11:52 - 00000000 ____D () C:\Users\User1\AppData\Roaming\Opera
2014-09-03 15:59 - 2014-09-03 15:59 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-08-28 09:15 - 2014-08-23 03:46 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-28 09:15 - 2014-08-23 02:42 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-26 08:44 - 2010-09-22 17:04 - 00000041 _____ () C:\Windows\Filzip.ini
2014-09-26 08:37 - 2010-07-12 16:46 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-26 08:14 - 2012-06-26 10:17 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-26 07:49 - 2010-05-31 10:28 - 00001144 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1903734357-4184266498-2229017531-1000UA.job
2014-09-26 03:10 - 2010-04-21 17:19 - 01119574 _____ () C:\Windows\WindowsUpdate.log
2014-09-25 19:37 - 2010-07-12 16:46 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-25 19:18 - 2010-04-26 17:11 - 00000000 ____D () C:\Users\User1\AppData\Roaming\Skype
2014-09-25 19:04 - 2012-04-20 18:40 - 00000000 ____D () C:\Users\User1\Downloads\iPod Photo Cache
2014-09-25 19:03 - 2012-04-27 10:30 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-09-25 16:49 - 2010-05-31 10:28 - 00001092 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1903734357-4184266498-2229017531-1000Core.job
2014-09-25 14:58 - 2010-05-31 10:29 - 00002389 _____ () C:\Users\User1\Desktop\Google Chrome.lnk
2014-09-25 10:52 - 2012-04-25 08:38 - 00000000 ___RD () C:\Users\User1\SkyDrive
2014-09-25 10:52 - 2009-07-14 06:34 - 00021680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-25 10:52 - 2009-07-14 06:34 - 00021680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-25 10:47 - 2011-02-16 19:01 - 00000000 ____D () C:\jexepackres
2014-09-25 10:46 - 2012-04-30 14:50 - 00000000 ___RD () C:\Users\User1\Google Drive
2014-09-25 10:46 - 2010-10-04 15:49 - 00000000 ____D () C:\Users\User1\AppData\Roaming\Dropbox
2014-09-25 10:45 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-25 10:44 - 2014-08-14 09:09 - 00008308 _____ () C:\Windows\PFRO.log
2014-09-25 10:44 - 2014-03-06 11:50 - 00007592 _____ () C:\Windows\setupact.log
2014-09-25 10:44 - 2010-04-21 17:45 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-09-25 10:27 - 2010-12-06 17:08 - 00000000 ____D () C:\Windows\Msagent
2014-09-25 09:58 - 2009-07-25 14:54 - 01629442 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-25 09:03 - 2014-02-20 10:19 - 00002215 _____ () C:\Users\User1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2014-09-24 20:24 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-09-24 16:22 - 2010-08-30 09:05 - 00000000 ____D () C:\Users\User1\AppData\Local\Gladinet
2014-09-24 15:12 - 2010-10-26 09:00 - 00000000 ____D () C:\Users\Transfer
2014-09-24 15:12 - 2009-07-14 04:37 - 00000000 __RHD () C:\Users\Default
2014-09-24 15:12 - 2009-07-14 04:37 - 00000000 ___RD () C:\Users\Public
2014-09-24 15:05 - 2009-07-14 04:04 - 00000215 _____ () C:\Windows\system.ini
2014-09-24 15:01 - 2011-04-19 10:32 - 00000000 ____D () C:\Program Files\You Ripper
2014-09-24 08:40 - 2012-01-16 18:10 - 00000000 ____D () C:\Program Files\Free Download Manager
2014-09-24 08:40 - 2010-04-21 17:44 - 00000000 ____D () C:\Users\User1
2014-09-23 17:45 - 2010-04-21 18:46 - 00000000 ____D () C:\Windows\PCHEALTH
2014-09-23 17:11 - 2012-07-05 16:13 - 00001064 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-09-23 17:11 - 2012-07-05 16:13 - 00000000 ____D () C:\Users\User1\AppData\Roaming\Malwarebytes
2014-09-23 17:11 - 2012-07-05 16:13 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-23 17:00 - 2010-04-26 17:01 - 00000000 ____D () C:\Users\User1\AppData\Roaming\Apple Computer
2014-09-23 00:00 - 2010-04-21 17:25 - 00000000 ____D () C:\ProgramData\PDFC
2014-09-22 17:39 - 2013-12-02 09:54 - 00000344 _____ () C:\Windows\Tasks\HPCeeScheduleForUser1.job
2014-09-22 15:21 - 2010-10-08 14:43 - 00000052 _____ () C:\Windows\system32\DOErrors.log
2014-09-22 15:01 - 2010-10-04 15:51 - 00001038 _____ () C:\Users\User1\Desktop\Dropbox.lnk
2014-09-22 15:01 - 2010-10-04 15:49 - 00000000 ____D () C:\Users\User1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-09-19 14:56 - 2011-06-29 15:35 - 00000000 ____D () C:\Users\User1\AppData\Local\PokerStars.EU
2014-09-19 14:56 - 2010-04-21 19:40 - 00000000 ____D () C:\Program Files\Holdem Indicator
2014-09-17 14:42 - 2014-07-11 11:41 - 00000000 ____D () C:\Users\User1\AppData\Roaming\iFunbox_UserCache
2014-09-15 09:06 - 2010-04-21 18:33 - 00231568 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-11 03:41 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-09-11 03:14 - 2013-08-20 03:06 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-11 03:04 - 2014-05-06 20:09 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-11 03:04 - 2011-08-23 11:24 - 98758480 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-10 14:14 - 2012-06-26 10:17 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-09-10 14:14 - 2012-06-26 10:17 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-09-10 09:49 - 2014-07-22 11:30 - 00001755 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-09-10 09:48 - 2011-01-24 22:12 - 00000000 ____D () C:\Program Files\iTunes
2014-09-10 09:48 - 2010-04-26 16:59 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-09-09 15:57 - 2010-10-10 22:46 - 00007602 _____ () C:\Users\User1\AppData\Local\resmon.resmoncfg
2014-09-05 11:52 - 2009-07-14 04:04 - 00000520 _____ () C:\Windows\win.ini
2014-09-04 16:38 - 2011-06-29 15:35 - 00000000 ____D () C:\Program Files\PokerStars
2014-09-03 15:59 - 2010-04-26 17:10 - 00000000 ____D () C:\ProgramData\Skype
2014-08-29 03:21 - 2009-07-14 06:33 - 00539384 _____ () C:\Windows\system32\FNTCACHE.DAT
Some content of TEMP:
====================
C:\Users\User1\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpbazx2i.dll
C:\Users\User1\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-09-26 02:25
==================== End Of Log ============================
--- --- --- --- --- --- und die Addition.txt: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 26-09-2014
Ran by User1 at 2014-09-26 08:46:51
Running from C:\Users\User1\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
1.5 (HKLM\...\{45CEBDDE-AD94-4C5A-999D-0D35CE61405B}_is1) (Version: - Dirk Paehl)
7-Zip 9.20 (HKLM\...\7-Zip) (Version: - )
802.11g Wireless PCI Adapter (HKLM\...\InstallShield_{73B944DE-5AAF-4AD8-8688-60872CB227C6}) (Version: 1.0.0.1 - SMC)
802.11g Wireless PCI Adapter (Version: 1.0.0.1 - SMC) Hidden
ActiveCheck component for HP Active Support Library (Version: 3.0.0.3 - Hewlett-Packard) Hidden
Adobe Acrobat 8 Professional - English, Français, Deutsch (HKLM\...\Adobe Acrobat 8 Professional - English, Français, Deutsch) (Version: 8.0.0 - Adobe Systems)
Adobe Acrobat 8 Professional - English, Français, Deutsch (Version: 8.0.0 - Adobe Systems) Hidden
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Help Center 2.0 (Version: 2.0.0 - Adobe Systems) Hidden
Adobe Photoshop Elements 4.0 (HKLM\...\Adobe Photoshop Elements 4) (Version: 4.0 - Adobe Systems, Inc.)
Adobe Photoshop Elements 4.0 (Version: 4.0 - Adobe Systems, Inc.) Hidden
Adobe Shockwave Player 12.0 (HKLM\...\Adobe Shockwave Player) (Version: 12.0.2.122 - Adobe Systems, Inc.)
Aimersoft DVD Creator(Build 2.5.2.15) (HKLM\...\Aimersoft DVD Creator_is1) (Version: - Wondershare Software)
Air Video Server 2.4.3 (HKLM\...\Air Video Server) (Version: 2.4.3 - InMethod, s.r.o.)
Apple Application Support (HKLM\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C0CC75CD-F5B7-46AD-B016-17C0F5171718}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 1.2.6 (HKLM\...\Audacity_is1) (Version: - )
Audible Download Manager (HKLM\...\AudibleDownloadManager) (Version: 6.6.0.15 - Audible, Inc.)
avast! Antivirus (managed) (HKLM\...\avast!NET) (Version: 4.8 - Alwil Software)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Canon Utilities Digital Photo Professional 3.9 (HKLM\...\DPP) (Version: 3.9.2.0 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 3.05 - Piriform)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.4.1.3341 - CDBurnerXP)
ChannelEditor (HKLM\...\{2CB14BDA-5241-4F45-98C5-23520E366B89}) (Version: 1.0.0 - inverto.tv)
CyberGhost VPN (HKLM\...\CyberGhost VPN_is1) (Version: - CyberGhost S.R.L.)
DMG Extractor (HKCU\...\DMG Extractor) (Version: 1.2.1.0 - Reincubate Ltd)
Drago 4.20 (HKLM\...\Drago_is1) (Version: - Gilles Arcas-Luque)
Dropbox (HKCU\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)
DVD Flick 1.3.0.7 (HKLM\...\DVD Flick_is1) (Version: 1.3.0.7 - Dennis Meuwissen)
DVD Shrink 3.2 (HKLM\...\DVD Shrink_is1) (Version: - DVD Shrink)
DVR-Studio Pro 2 (HKLM\...\{BD60F72D-3F2F-4AE1-9C41-3CF75B2CA59A}) (Version: - Haenlein Software)
eDocPrintPro v3.15.2 (HKLM\...\{45B8441A-0346-4D6C-88A8-01821DA28D04}) (Version: 3.15.2 - MAY-Computer)
Emicsoft MKV Converter (HKLM\...\Emicsoft MKV Converter_is1) (Version: - )
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - )
Evernote v. 4.5.10 (HKLM\...\{EF7E46B8-1FB7-11E2-B6B3-984BE15F174E}) (Version: 4.5.10.7472 - Evernote Corp.)
Express Scribe (HKLM\...\Scribe) (Version: - NCH Software)
FileZilla Client 3.5.3 (HKLM\...\FileZilla Client) (Version: 3.5.3 - FileZilla Project)
Filzip 3.06 (HKLM\...\Filzip 3.0.6.93_is1) (Version: 3.0.6 - Philipp Engel)
Free Audio Converter version 5.0.26.622 (HKLM\...\Free Audio Converter_is1) (Version: 5.0.26.622 - DVDVideoSoft Ltd.)
Free Download Manager 3.9.2 (HKLM\...\Free Download Manager_is1) (Version: - FreeDownloadManager.ORG)
Full Tilt Poker (HKLM\...\{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}) (Version: 4.46.3.WIN.FullTilt.COM - )
Google Calendar Sync (HKLM\...\Google Calendar Sync) (Version: - )
Google Chrome (HKCU\...\Google Chrome) (Version: 38.0.2125.77 - Google Inc.)
Google Drive (HKLM\...\{C6640705-7479-4EE5-BC86-879F05F65E74}) (Version: 1.17.7290.4094 - Google, Inc.)
Google Talk Plugin (HKLM\...\{C1E3DFE7-4EAD-3E9E-A826-E06055BA5921}) (Version: 5.4.2.18903 - Google)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
Gpg4win (2.2.0-beta34) (HKLM\...\GPG4Win) (Version: 2.2.0-beta34 - The Gpg4win Project)
gs_x86 (HKLM\...\{6AB6CBD4-ED44-4EAA-8496-228395B1C1D0}) (Version: 8.64 - MAY-Computer)
HandBrake 0.9.5 (HKLM\...\HandBrake) (Version: 0.9.5 - )
HDD-Booster v1.2 (HKLM\...\HDD-Booster_is1) (Version: - ASCOMP Software GmbH)
Holdem Indicator 1.8.4 (HKLM\...\Holdem Indicator_is1) (Version: - hxxp://www.HoldemIndicator.com)
HP Customer Experience Enhancements (Version: 6.0.1.3 - Hewlett-Packard) Hidden
HP Softpaq SP500287 (HKLM\...\SP50028) (Version: - )
HPAsset component for HP Active Support Library (Version: 3.0.2.2 - Hewlett-Packard) Hidden
iBackupBot for iTunes 3.1.6 (HKLM\...\iBackupBot for iTunes) (Version: 3.1.6 - VOWSoft, Ltd.)
iCloud (HKLM\...\{8D9592B4-7E22-4D1F-B2CB-B5F0F2F619CB}) (Version: 4.0.3.56 - Apple Inc.)
iFunbox (v2.8.2414.748), iFunbox DevTeam (HKLM\...\iFunbox_is1) (Version: v2.8.2414.748 - )
iPhoneBrowser (HKLM\...\{C1FCDCA1-2759-4E5E-84EE-3A665BB2F513}) (Version: 1.9.3 - Cranium Consulting and Custom Software)
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.30 - Irfan Skiljan)
iTuner (HKLM\...\{E233EF8A-D04F-49B9-996B-218F3C3EA543}) (Version: 1.2.3782 - River Software)
iTunes (HKLM\...\{F32DC846-4457-40A8-BECA-BCC0E960BC53}) (Version: 11.4.0.18 - Apple Inc.)
Java 7 Update 21 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217021FF}) (Version: 7.0.210 - Oracle)
Java Auto Updater (Version: 2.1.9.5 - Sun Microsystems, Inc.) Hidden
KeePass Password Safe 1.20 (HKLM\...\KeePass Password Safe_is1) (Version: 1.20 - Dominik Reichl)
KeePass Password Safe 2.20.1 (HKLM\...\KeePassPasswordSafe2_is1) (Version: - Dominik Reichl)
Lexware Info Service (HKLM\...\{15B2BC56-D179-4450-84B9-7A8D7F4CE1B9}) (Version: 2.70.00.0081 - Haufe-Lexware GmbH & Co.KG)
Lexware zeitmanagement 2011 (HKLM\...\{AE6E353F-A5D6-40E4-81FB-960EB7B207D7}) (Version: 2.05.00.0169 - Haufe-Lexware GmbH & Co.KG)
LibreOffice 4.1.3.2 (HKLM\...\{4F3722AD-197D-4DBB-BDFB-D2F0D6776354}) (Version: 4.1.3.2 - The Document Foundation)
Lineal (HKLM\...\Lineal v1.6b_is1) (Version: 0.1.6b - )
lingDIALOG (HKLM\...\{627C5AC0-772C-4661-B696-42E04AEB1872}) (Version: 2.00.0010 - LingCom GmbH)
Logitech Harmony Remote Software 7 (HKLM\...\{5C6F884D-680C-448B-B4C9-22296EE1B206}) (Version: 7.7.0.0 - Logitech)
Logitech Harmony Remote Software 7 (Version: 7.7.0.0 - Logitech) Hidden
MakeMKV v1.8.11 (HKLM\...\MakeMKV) (Version: v1.8.11 - GuinpinSoft inc)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Mediencenter 3.9.1055.64 (HKCU\...\Mediencenter) (Version: 3.9.1055.64 - Deutsche Telekom AG)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office Outlook 2003 (HKLM\...\{90E00407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.3.1229.0918 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Word 2000 SR-1 (HKLM\...\{00170407-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.3821 - Microsoft Corporation)
MobileMe Control Panel (HKLM\...\{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}) (Version: 3.1.8.0 - Apple Inc.)
Moorhuhn Remake (HKLM\...\{52210D57-0B1F-4681-90DD-8659DF4BCC40}) (Version: 1.00.0000 - )
Movies2iPhone 1.24 for Windows (HKLM\...\Movies2iPhone) (Version: 1.24 for Windows - OKprods Ltd)
Mozilla Firefox 30.0 (x86 de) (HKLM\...\Mozilla Firefox 30.0 (x86 de)) (Version: 30.0 - Mozilla)
Mozilla Firefox 4.0b8 (x86 de) (HKLM\...\Mozilla Firefox 4.0b8 (x86 de)) (Version: 4.0b8 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
Mozilla Thunderbird 31.1.2 (x86 de) (HKLM\...\Mozilla Thunderbird 31.1.2 (x86 de)) (Version: 31.1.2 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nipperdey plus (HKLM\...\{C5FEF96A-0C31-4D2E-9112-C782065DEE40}) (Version: 1.0.15 - C. H. Beck)
Norton Online Backup (HKLM\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 1.2.20.0 - Symantec)
NTFS Link 2.1 (HKLM\...\ntfslink_is1) (Version: - )
NVIDIA 3D Vision Controller Driver (Version: 280.19 - NVIDIA Corporation) Hidden
NVIDIA 3D Vision Controller-Treiber 280.19 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 280.19 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 311.06 - NVIDIA Corporation)
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.11.9793 - NVIDIA Corporation)
NVIDIA Grafiktreiber 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.06 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.2.23.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.2.23.3 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.108.688 - NVIDIA Corporation) Hidden
NVIDIA PhysX (Version: 9.10.0514 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.10.0514 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.10.0514 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.1106 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 311.06 (Version: 311.06 - NVIDIA Corporation) Hidden
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.11.3 - NVIDIA Corporation) Hidden
PDF Complete Special Edition (HKLM\...\PDF Complete) (Version: 3.5.109 - PDF Complete, Inc)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.2.3 - Frank Heindörfer, Philip Chinery)
PDFtoEPUB (HKLM\...\PDFtoEPUB) (Version: 1.5.0 - DNAML Pty Ltd.)
PokerStars (HKLM\...\PokerStars) (Version: - PokerStars)
Power Tab Editor 1.7 (HKLM\...\{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}) (Version: 1.7.0 - Power Tab Software)
Printer Pro Desktop (HKLM\...\PrinterProDesktop) (Version: - Readdle)
PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
QSynchronization for Outlook 2.5.5 (HKLM\...\QSynchronization for Outlook_is1) (Version: - Thomas Quester)
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Ralink RT2860 Wireless LAN Card (HKLM\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}) (Version: - Ralink)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5882 - Realtek Semiconductor Corp.)
Remote Control USB Driver (HKLM\...\{8471021C-F529-43DE-84DF-3612E10F58C4}) (Version: 2.3.2.317 - )
ReNoStar Systemdateien II v.3 (HKLM\...\{3C36D2A0-5A6F-4437-A080-699557C6C8A1}) (Version: 8.70.0.7050 - ReNoStar GmbH)
ReNoStar Systemkomponenten (HKLM\...\InstallShield_{55A1EE3A-2143-4731-8243-3F807869FA66}) (Version: 8.40.0.4000 - ReNoStar GmbH)
ReNoStar Systemkomponenten (Version: 8.40.0.4000 - ReNoStar GmbH) Hidden
ReNoTicker Version 1.0 (HKLM\...\{33FF4DB1-87B2-4934-8563-CA489A1EF80D}_is1) (Version: 1.0 - ReNoStar GmbH)
RNSInstSevOutBar (HKLM\...\{ED689BFF-452F-471A-96DF-69210FEB359D}) (Version: 1.00.0000 - ReNoStar GmbH)
SDExplorer 3.0 (HKLM\...\SDEPRO20_is1) (Version: 3.0 - CloudStorageExplorer.com)
SetEditArgus (remove only) (HKLM\...\SetEditArgus) (Version: - )
Skype Click to Call (HKLM\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.18 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
SopCast 3.3.2 (HKLM\...\SopCast) (Version: 3.3.2 - www.sopcast.com)
StreamTransport version: 1.0.2.2171 (HKLM\...\{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1) (Version: - )
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamViewer 6 (HKLM\...\TeamViewer 6) (Version: 6.0.10194 - TeamViewer GmbH)
TP-LINK-Clientinstallationsprogramm (HKLM\...\{7A2A107B-9695-423F-9462-8F17C178BD35}) (Version: 7.0 - TP-LINK)
Trojan Remover 6.9.1 (HKLM\...\Trojan Remover_is1) (Version: 6.9.1 - Simply Super Software)
TunnelBear 1.0.28 (HKLM\...\TunnelBear) (Version: 1.0.28 - TunnelBear)
Tyre (HKLM\...\Tyre_is1) (Version: 6.3.0.2 - 't Schrijverke)
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Vokabeltrainer-Update 4.0.46 (HKLM\...\{7F2A96C8-B7F8-4C0E-B575-BC2378342962}) (Version: 4.0.46 - Langenscheidt)
VSDC Free Video Editor Version 2.1.9.201 (HKLM\...\VSDC Free Video Editor_is1) (Version: 2.1.9.201 - Flash-Integro LLC)
WEB.DE SmartDrive Manager (HKLM\...\WEB.DE SmartDrive Manager) (Version: 2.0.677 - 1&1 Mail & Media GmbH)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinPatrol (HKLM\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 32.0.2014.5 - Ruiware)
WinRAR (HKLM\...\WinRAR archiver) (Version: - )
WinSCP 4.2.9 (HKLM\...\winscp3_is1) (Version: 4.2.9 - Martin Prikryl)
Wise Registry Cleaner 6.14 (HKLM\...\Wise Registry Cleaner_is1) (Version: - WiseCleaner.com, Inc.)
Wondershare Streaming Audio Recorder(Build 1.0.10.1) (HKLM\...\Wondershare Streaming Audio Recorder_is1) (Version: - Wondershare Software)
Xilisoft iPad to PC Copy (HKLM\...\Xilisoft iPad to PC Copy) (Version: 4.2.1.0526 - Xilisoft)
Xvid 1.2.1 final uninstall (HKLM\...\Xvid_is1) (Version: 1.2 - Xvid team (Koepi))
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\User1\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\User1\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\User1\AppData\Local\Google\Update\1.3.21.135\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> C:\Users\User1\AppData\Local\Google\Update\1.3.21.99\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{0E55CBE1-B06A-49B6-AD8D-9EFAA0160C6F}\InprocServer32 -> C:\Users\User1\AppData\Local\Google\Update\1.3.21.57\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{218D2740-5A50-42A8-AB9F-62FF1B168782}\InprocServer32 -> C:\Users\User1\AppData\Local\Google\Update\1.3.21.69\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\User1\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{268502F4-815D-4358-A8D6-B783FDB58EF0}\InprocServer32 -> C:\Users\User1\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.ContextMenuHandler.dll (Deutsche Telekom AG)
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8}\InprocServer32 -> C:\Users\User1\AppData\Local\Google\Update\1.2.183.39\goopdate.dll No File
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\User1\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> C:\Users\User1\AppData\Local\Google\Update\1.3.21.79\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\User1\AppData\Local\Google\Update\1.3.23.9\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Users\User1\AppData\Local\Google\Google Talk Plugin\googletalkax.dll (Google)
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\User1\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{528EE335-5034-4EFC-834E-63E5F02D2BC2}\InprocServer32 -> C:\Users\User1\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll (Deutsche Telekom AG)
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Users\User1\AppData\Local\Google\Chrome\Application\38.0.2125.77\delegate_execute.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{6066ADF0-9EB0-43E5-ADB6-990F5A3B979C}\InprocServer32 -> C:\Users\User1\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll (Deutsche Telekom AG)
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\User1\AppData\Local\Google\Update\1.3.21.145\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\User1\AppData\Local\Google\Update\1.3.21.123\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\User1\AppData\Local\Google\Update\1.3.21.153\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{77BC4082-DB5F-439A-8DC8-F9E24A63B0DE}\InprocServer32 -> C:\Users\User1\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll (Deutsche Telekom AG)
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{7B37E4E2-C62F-4914-9620-8FB5062718CC}\localserver32 -> C:\Users\User1\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\User1\AppData\Local\Google\Update\1.3.24.15\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Users\User1\AppData\Local\Google\Update\1.3.21.149\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\User1\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}\localserver32 -> "C:\Users\User1\AppData\Local\Google\Chrome\Application\22.0.1229.39\delegate_execute.exe" No (the data entry has 4 more characters).
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\User1\AppData\Local\Google\Update\1.3.22.3\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\User1\AppData\Local\Google\Update\1.3.21.165\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{AB807329-7324-431B-8B36-DBD581F56E0B}\localserver32 -> C:\Users\User1\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Users\User1\AppData\Local\Google\Google Talk Plugin\o1dax.dll (Google)
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\User1\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\User1\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\User1\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\User1\AppData\Local\Google\Update\1.3.21.115\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\User1\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{DB25D157-76D4-41C1-97B5-359E4A4CECEB}\InprocServer32 -> C:\Users\User1\AppData\Local\Google\Update\1.3.21.65\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{E5F07F0E-C4AE-4AA8-AE7E-FC3DB683977E}\InprocServer32 -> C:\Users\User1\AppData\Local\Google\Update\1.3.21.71\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\User1\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\User1\AppData\Local\Google\Update\1.3.24.15\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\User1\AppData\Local\Google\Update\1.3.22.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\User1\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\User1\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\FileSyncApi.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User1\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User1\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User1\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User1\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User1\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User1\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User1\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User1\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\User1\AppData\Local\Google\Update\1.3.21.111\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1903734357-4184266498-2229017531-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\User1\AppData\Local\Google\Update\1.3.24.7\psuser.dll No File
==================== Restore Points =========================
26-09-2014 00:32:25 Geplanter Prüfpunkt
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:04 - 2014-09-24 15:04 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {0599AEA8-8B0E-4CCA-894C-3388A51516DF} - System32\Tasks\{D5B38D15-96B0-44AE-B5E3-D7781FB183C6} => Chrome.exe hxxp://ui.skype.com/ui/0/5.1.0.112.259/en/abandoninstall?page=tsMain&installinfo=google-toolbar:notoffered;ienotdefaultbrowser2,google-chrome:notoffered;ienotdefaultbrowser2
Task: {1F6C46E3-0AF5-4425-8C9B-169308085EED} - System32\Tasks\Hewlett-Packard\HP Assistant\PC Tuneup => C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe [2010-05-19] (Hewlett-Packard)
Task: {2B5754DC-6D11-4A99-903A-590F903FCCEC} - System32\Tasks\{E05D2DC7-405E-47BE-BEFB-BF1D8BD6D684} => C:\Program Files\Skype\Phone\Skype.exe [2014-07-24] (Skype Technologies S.A.)
Task: {41B17569-4162-4349-85BD-50950BE97451} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1903734357-4184266498-2229017531-1000Core => C:\Users\User1\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-31] (Google Inc.)
Task: {4EEAF8B9-1753-4912-A7CE-1152DADC5B12} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1903734357-4184266498-2229017531-1000UA => C:\Users\User1\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-31] (Google Inc.)
Task: {68D3D043-9928-42B6-ADC0-800076647375} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-10] (Adobe Systems Incorporated)
Task: {A37ECFB2-7B4B-493B-B54C-D570865B15AC} - System32\Tasks\Hewlett-Packard\HP Assistant\PC Health Analysis => C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe [2010-05-19] (Hewlett-Packard)
Task: {AB7E5490-1C3D-41C0-9549-A352FCC95759} - System32\Tasks\HPCeeScheduleForUser1 => C:\Program Files\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07] (Hewlett-Packard)
Task: {B50336E2-7335-49CA-BB6A-0697EE5F2431} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Ghost Resign Task => c:\program files\hewlett-packard\hp health check\activecheck\product_line\HPResignFileLoader.exe [2014-08-19] (Microsoft)
Task: {DD13DB6F-2EFF-431E-AEBE-60F12CD0D628} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {E0759A1C-B0DE-49F8-A492-5C703BEDAA4F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe [2014-08-19] (Microsoft)
Task: {EC16019C-3E05-449D-BA7E-6D1CA31D24C7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-07-12] (Google Inc.)
Task: {EE704841-CE8F-4D6A-9C17-E0362C4E3A34} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-07-12] (Google Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1903734357-4184266498-2229017531-1000Core.job => C:\Users\User1\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1903734357-4184266498-2229017531-1000UA.job => C:\Users\User1\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForUser1.job => C:\Program Files\Hewlett-Packard\HP Ceement\HPCEE.exe
==================== Loaded Modules (whitelisted) =============
2011-12-01 19:57 - 2001-10-28 18:42 - 00116224 _____ () C:\Windows\System32\pdfcmnnt.dll
2005-09-09 03:24 - 2005-09-09 03:24 - 00102400 _____ () C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-07-16 15:53 - 2013-07-16 15:53 - 00218112 _____ () C:\Program Files\GNU\GnuPG\dirmngr.exe
2013-07-16 15:49 - 2013-07-16 15:49 - 00221184 _____ () C:\Program Files\GNU\GnuPG\libksba-8.dll
2013-07-16 15:48 - 2013-07-16 15:48 - 00037888 _____ () C:\Program Files\GNU\GnuPG\libgpg-error-0.dll
2013-07-16 15:46 - 2013-07-16 15:46 - 00050176 _____ () C:\Program Files\GNU\GnuPG\libw32pth-0.dll
2013-07-16 15:49 - 2013-07-16 15:49 - 00069632 _____ () C:\Program Files\GNU\GnuPG\libassuan-0.dll
2013-07-16 15:50 - 2013-07-16 15:50 - 00627712 _____ () C:\Program Files\GNU\GnuPG\libgcrypt-11.dll
2012-11-21 04:02 - 2013-01-18 16:20 - 00079648 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2010-09-22 03:03 - 2010-09-22 03:03 - 04923784 _____ () C:\Program Files\AirVideoServer\AirVideoServer.exe
1997-09-17 19:55 - 1997-09-17 19:55 - 00016896 _____ () C:\Windows\system32\fats_w32.dll
2014-09-25 10:46 - 2014-09-25 10:46 - 00043008 _____ () c:\Users\User1\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpbazx2i.dll
2013-08-23 21:01 - 2013-08-23 21:01 - 25100288 _____ () C:\Users\User1\AppData\Roaming\Dropbox\bin\libcef.dll
2014-09-25 10:46 - 2014-09-25 10:46 - 00098816 _____ () C:\Users\User1\AppData\Local\Temp\_MEI36642\win32api.pyd
2014-09-25 10:46 - 2014-09-25 10:46 - 00110080 _____ () C:\Users\User1\AppData\Local\Temp\_MEI36642\pywintypes27.dll
2014-09-25 10:46 - 2014-09-25 10:46 - 00364544 _____ () C:\Users\User1\AppData\Local\Temp\_MEI36642\pythoncom27.dll
2014-09-25 10:46 - 2014-09-25 10:46 - 00045568 _____ () C:\Users\User1\AppData\Local\Temp\_MEI36642\_socket.pyd
2014-09-25 10:46 - 2014-09-25 10:46 - 01160704 _____ () C:\Users\User1\AppData\Local\Temp\_MEI36642\_ssl.pyd
2014-09-25 10:46 - 2014-09-25 10:46 - 00320512 _____ () C:\Users\User1\AppData\Local\Temp\_MEI36642\win32com.shell.shell.pyd
2014-09-25 10:46 - 2014-09-25 10:46 - 00713216 _____ () C:\Users\User1\AppData\Local\Temp\_MEI36642\_hashlib.pyd
2014-09-25 10:46 - 2014-09-25 10:46 - 01175040 _____ () C:\Users\User1\AppData\Local\Temp\_MEI36642\wx._core_.pyd
2014-09-25 10:46 - 2014-09-25 10:46 - 00805888 _____ () C:\Users\User1\AppData\Local\Temp\_MEI36642\wx._gdi_.pyd
2014-09-25 10:46 - 2014-09-25 10:46 - 00811008 _____ () C:\Users\User1\AppData\Local\Temp\_MEI36642\wx._windows_.pyd
2014-09-25 10:46 - 2014-09-25 10:46 - 01062400 _____ () C:\Users\User1\AppData\Local\Temp\_MEI36642\wx._controls_.pyd
2014-09-25 10:46 - 2014-09-25 10:46 - 00735232 _____ () C:\Users\User1\AppData\Local\Temp\_MEI36642\wx._misc_.pyd
2014-09-25 10:46 - 2014-09-25 10:46 - 00128512 _____ () C:\Users\User1\AppData\Local\Temp\_MEI36642\_elementtree.pyd
2014-09-25 10:46 - 2014-09-25 10:46 - 00127488 _____ () C:\Users\User1\AppData\Local\Temp\_MEI36642\pyexpat.pyd
2014-09-25 10:46 - 2014-09-25 10:46 - 00557056 _____ () C:\Users\User1\AppData\Local\Temp\_MEI36642\pysqlite2._sqlite.pyd
2014-09-25 10:46 - 2014-09-25 10:46 - 00007168 _____ () C:\Users\User1\AppData\Local\Temp\_MEI36642\hashobjs_ext.pyd
2014-09-25 10:46 - 2014-09-25 10:46 - 00087552 _____ () C:\Users\User1\AppData\Local\Temp\_MEI36642\_ctypes.pyd
2014-09-25 10:46 - 2014-09-25 10:46 - 00119808 _____ () C:\Users\User1\AppData\Local\Temp\_MEI36642\win32file.pyd
2014-09-25 10:46 - 2014-09-25 10:46 - 00108544 _____ () C:\Users\User1\AppData\Local\Temp\_MEI36642\win32security.pyd
2014-09-25 10:46 - 2014-09-25 10:46 - 00018432 _____ () C:\Users\User1\AppData\Local\Temp\_MEI36642\win32event.pyd
2014-09-25 10:46 - 2014-09-25 10:46 - 00038912 _____ () C:\Users\User1\AppData\Local\Temp\_MEI36642\win32inet.pyd
2014-09-25 10:46 - 2014-09-25 10:46 - 00070656 _____ () C:\Users\User1\AppData\Local\Temp\_MEI36642\wx._html2.pyd
2014-09-25 10:46 - 2014-09-25 10:46 - 00167936 _____ () C:\Users\User1\AppData\Local\Temp\_MEI36642\win32gui.pyd
2014-09-25 10:46 - 2014-09-25 10:46 - 00011264 _____ () C:\Users\User1\AppData\Local\Temp\_MEI36642\win32crypt.pyd
2014-09-25 10:46 - 2014-09-25 10:46 - 00027136 _____ () C:\Users\User1\AppData\Local\Temp\_MEI36642\_multiprocessing.pyd
2014-09-25 10:46 - 2014-09-25 10:46 - 00686080 _____ () C:\Users\User1\AppData\Local\Temp\_MEI36642\unicodedata.pyd
2014-09-25 10:46 - 2014-09-25 10:46 - 00122368 _____ () C:\Users\User1\AppData\Local\Temp\_MEI36642\wx._wizard.pyd
2014-09-25 10:46 - 2014-09-25 10:46 - 00010240 _____ () C:\Users\User1\AppData\Local\Temp\_MEI36642\select.pyd
2014-09-25 10:46 - 2014-09-25 10:46 - 00024064 _____ () C:\Users\User1\AppData\Local\Temp\_MEI36642\win32pipe.pyd
2014-09-25 10:46 - 2014-09-25 10:46 - 00025600 _____ () C:\Users\User1\AppData\Local\Temp\_MEI36642\win32pdh.pyd
2014-09-25 10:46 - 2014-09-25 10:46 - 00525640 _____ () C:\Users\User1\AppData\Local\Temp\_MEI36642\windows._lib_cacheinvalidation.pyd
2014-09-25 10:46 - 2014-09-25 10:46 - 00035840 _____ () C:\Users\User1\AppData\Local\Temp\_MEI36642\win32process.pyd
2014-09-25 10:46 - 2014-09-25 10:46 - 00017408 _____ () C:\Users\User1\AppData\Local\Temp\_MEI36642\win32profile.pyd
2014-09-25 10:46 - 2014-09-25 10:46 - 00022528 _____ () C:\Users\User1\AppData\Local\Temp\_MEI36642\win32ts.pyd
2014-09-25 10:46 - 2014-09-25 10:46 - 00078336 _____ () C:\Users\User1\AppData\Local\Temp\_MEI36642\wx._animate.pyd
2012-02-02 18:22 - 2012-02-02 18:22 - 02132992 _____ () C:\PROGRAM FILES\PRINTER PRO DESKTOP\PRINTERPRODESKTOP.EXE
2014-09-25 09:03 - 2014-09-25 09:03 - 00081056 _____ () C:\Users\User1\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\LoggingPlatform.DLL
2012-01-08 15:41 - 2012-01-08 15:41 - 00093696 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
2010-11-10 13:56 - 2010-03-15 12:28 - 00141824 _____ () C:\Program Files\WinRAR\rarext.dll
2010-09-22 09:23 - 2004-09-08 13:45 - 00368128 _____ () C:\Program Files\Filzip\fzshext.dll
2014-09-25 09:03 - 2014-09-25 09:03 - 00081056 _____ () C:\Users\User1\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\LoggingPlatform.dll
2012-01-16 18:10 - 2012-12-26 09:13 - 03547136 _____ () C:\Program Files\Free Download Manager\fdmbtsupp.dll
2014-09-25 14:57 - 2014-09-24 13:55 - 01042760 _____ () C:\Users\User1\AppData\Local\Google\Chrome\Application\38.0.2125.77\libglesv2.dll
2014-09-25 14:57 - 2014-09-24 13:54 - 00211272 _____ () C:\Users\User1\AppData\Local\Google\Chrome\Application\38.0.2125.77\libegl.dll
2014-09-25 14:57 - 2014-09-24 13:55 - 08910664 _____ () C:\Users\User1\AppData\Local\Google\Chrome\Application\38.0.2125.77\pdf.dll
2014-09-25 14:57 - 2014-09-24 13:54 - 01681224 _____ () C:\Users\User1\AppData\Local\Google\Chrome\Application\38.0.2125.77\ffmpegsumo.dll
2014-09-25 14:57 - 2014-09-24 13:55 - 14891848 _____ () C:\Users\User1\AppData\Local\Google\Chrome\Application\38.0.2125.77\PepperFlash\pepflashplayer.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:CB0AACC9
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
========================= Accounts: ==========================
Administrator (S-1-5-21-1903734357-4184266498-2229017531-500 - Disabled - Status: Degraded)
Gast (S-1-5-21-1903734357-4184266498-2229017531-501 - Disabled - Status: Degraded)
User1 (S-1-5-21-1903734357-4184266498-2229017531-1000 - Enabled - Status: OK) => C:\Users\User1
UpdatusUser (S-1-5-21-1903734357-4184266498-2229017531-1005 - Enabled - Status: OK) => C:\Users\UpdatusUser
User1 (S-1-5-21-1903734357-4184266498-2229017531-1001 - Enabled - Status: OK)
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (09/25/2014 10:56:30 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm FRST.exe, Version 24.9.2014.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1f4c
Startzeit: 01cfd89e7cc617a5
Endzeit: 16
Anwendungspfad: C:\Users\User1\Desktop\FRST.exe
Berichts-ID: cb641db6-4491-11e4-9108-d8d3857e19f6
System errors:
=============
Error: (09/26/2014 07:24:54 AM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: Der Computer konnte eine sichere Sitzung mit einem
Domänencontroller in der Domäne User1 aufgrund der folgenden
Ursache nicht einrichten:
%%1311
Dies kann zu Authentifizierungsproblemen führen. Stellen
Sie sicher, dass der Computer mit dem Netzwerk verbunden ist.
Wenden Sie sich an den Domänenadministrator, wenn das Problem
weiterhin besteht.
ZUSÄTZLICHE INFORMATIONEN
Wenn dieser Computer ein Domänencontroller der bestimmten
Domäne ist, wird eine sichere Sitzung zum primären
Domänencontrolleremulator in der bestimmten Domäne eingerichtet.
Andernfalls richtet dieser Computer eine sichere Sitzung zu
einem beliebigen Domänencontroller in der bestimmten Domäne ein.
Error: (09/26/2014 03:16:53 AM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: Der Computer konnte eine sichere Sitzung mit einem
Domänencontroller in der Domäne User1 aufgrund der folgenden
Ursache nicht einrichten:
%%1311
Dies kann zu Authentifizierungsproblemen führen. Stellen
Sie sicher, dass der Computer mit dem Netzwerk verbunden ist.
Wenden Sie sich an den Domänenadministrator, wenn das Problem
weiterhin besteht.
ZUSÄTZLICHE INFORMATIONEN
Wenn dieser Computer ein Domänencontroller der bestimmten
Domäne ist, wird eine sichere Sitzung zum primären
Domänencontrolleremulator in der bestimmten Domäne eingerichtet.
Andernfalls richtet dieser Computer eine sichere Sitzung zu
einem beliebigen Domänencontroller in der bestimmten Domäne ein.
Error: (09/25/2014 11:08:53 PM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: Der Computer konnte eine sichere Sitzung mit einem
Domänencontroller in der Domäne User1 aufgrund der folgenden
Ursache nicht einrichten:
%%1311
Dies kann zu Authentifizierungsproblemen führen. Stellen
Sie sicher, dass der Computer mit dem Netzwerk verbunden ist.
Wenden Sie sich an den Domänenadministrator, wenn das Problem
weiterhin besteht.
ZUSÄTZLICHE INFORMATIONEN
Wenn dieser Computer ein Domänencontroller der bestimmten
Domäne ist, wird eine sichere Sitzung zum primären
Domänencontrolleremulator in der bestimmten Domäne eingerichtet.
Andernfalls richtet dieser Computer eine sichere Sitzung zu
einem beliebigen Domänencontroller in der bestimmten Domäne ein.
Error: (09/25/2014 07:00:52 PM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: Der Computer konnte eine sichere Sitzung mit einem
Domänencontroller in der Domäne User1 aufgrund der folgenden
Ursache nicht einrichten:
%%1311
Dies kann zu Authentifizierungsproblemen führen. Stellen
Sie sicher, dass der Computer mit dem Netzwerk verbunden ist.
Wenden Sie sich an den Domänenadministrator, wenn das Problem
weiterhin besteht.
ZUSÄTZLICHE INFORMATIONEN
Wenn dieser Computer ein Domänencontroller der bestimmten
Domäne ist, wird eine sichere Sitzung zum primären
Domänencontrolleremulator in der bestimmten Domäne eingerichtet.
Andernfalls richtet dieser Computer eine sichere Sitzung zu
einem beliebigen Domänencontroller in der bestimmten Domäne ein.
Error: (09/25/2014 02:53:06 PM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: Der Computer konnte eine sichere Sitzung mit einem
Domänencontroller in der Domäne User1 aufgrund der folgenden
Ursache nicht einrichten:
%%1311
Dies kann zu Authentifizierungsproblemen führen. Stellen
Sie sicher, dass der Computer mit dem Netzwerk verbunden ist.
Wenden Sie sich an den Domänenadministrator, wenn das Problem
weiterhin besteht.
ZUSÄTZLICHE INFORMATIONEN
Wenn dieser Computer ein Domänencontroller der bestimmten
Domäne ist, wird eine sichere Sitzung zum primären
Domänencontrolleremulator in der bestimmten Domäne eingerichtet.
Andernfalls richtet dieser Computer eine sichere Sitzung zu
einem beliebigen Domänencontroller in der bestimmten Domäne ein.
Error: (09/25/2014 02:39:56 PM) (Source: volsnap) (EventID: 36) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Microsoft Office Sessions:
=========================
Error: (09/25/2014 10:56:30 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: FRST.exe24.9.2014.01f4c01cfd89e7cc617a516C:\Users\User1\Desktop\FRST.execb641db6-4491-11e4-9108-d8d3857e19f6
==================== Memory info ===========================
Processor: Intel(R) Core(TM)2 Duo CPU E7500 @ 2.93GHz
Percentage of memory in use: 84%
Total physical RAM: 3071.24 MB
Available physical RAM: 461.16 MB
Total Pagefile: 6156.77 MB
Available Pagefile: 2113.25 MB
Total Virtual: 2047.88 MB
Available Virtual: 1904.18 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:60 GB) (Free:13.94 GB) NTFS
Drive d: () (Fixed) (Total:400.08 GB) (Free:52.92 GB) NTFS
Drive e: (HP_RECOVERY) (Fixed) (Total:3.67 GB) (Free:0.38 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive g: () (Removable) (Total:0.48 GB) (Free:0.46 GB) FAT
Drive h: (Elements) (Fixed) (Total:698.46 GB) (Free:47.3 GB) FAT32
Drive i: (Musik) (Fixed) (Total:176.31 GB) (Free:24.09 GB) NTFS
Drive m: (WEB.DE SmartDrive) (Network) (Total:4 GB) (Free:3.06 GB) FAT
Drive z: () (Network) (Total:99.66 GB) (Free:56.73 GB)
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 8AF67C0B)
Partition 1: (Active) - (Size=2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=60 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=400.1 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=3.7 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 698.6 GB) (Disk ID: 465232C5)
Partition 1: (Not Active) - (Size=698.6 GB) - (Type=0C)
========================================================
Disk: 2 (MBR Code: Windows 7 or Vista) (Size: 186.3 GB) (Disk ID: 88A67620)
Partition 1: (Not Active) - (Size=10 GB) - (Type=27)
Partition 2: (Not Active) - (Size=176.3 GB) - (Type=07 NTFS)
========================================================
Disk: 3 (Size: 488.5 MB) (Disk ID: 00000000)
Partition: GPT Partition Type.
==================== End Of Log ============================
Nachtrag: Habe SecurityCheck im "Kompatibilitätsmodus" laufen lassen. Hier das Ergebnis: Code:
ATTFilter Results of screen317's Security Check version 0.99.87
Windows XP Service Pack 2 x86 (UAC is disabled!)
Out of date service pack!!
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
WinPatrol
Trojan Remover 6.9.1
CCleaner
Wise Registry Cleaner 6.14
Java 7 Update 21
Java version out of Date!
Adobe Flash Player 15.0.0.152
Mozilla Firefox 4.0b8 Firefox out of Date!
Mozilla Thunderbird (31.1.2)
Google Chrome 38.0.2125.66
Google Chrome 38.0.2125.77
Google Chrome Plugins...
````````Process Check: objlist.exe by Laurent````````
WinPatrol winpatrol.exe
Alwil Software Avast4 aswUpdSv.exe
Alwil Software Avast4 aswServ.exe
Alwil Software Avast4 AvAgent.exe
Alwil Software Avast4 aswDisp.exe
Alwil Software Avast4 aswMaiSv.exe
Alwil Software Avast4 aswWebSv.exe
Ruiware WinPatrol WinPatrol.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C::
````````````````````End of Log``````````````````````
|
|
26.09.2014, 15:52
| #8 |
| /// the machine /// TB-Ausbilder | Win7 Prof. Infiziert mit Win32/Packed.Asprotect.DS Trojaner! Entfernung? Download Ordner leeren. Ebenso den ganzen Dreck auf D und H in den Download Ordnern...... Java updaten. Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop. Schließe nun alle offenen Programme und trenne Dich von dem Internet. Doppelklick auf die TFC.exe und drücke auf Start. Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen. Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
30.09.2014, 08:14
| #9 |
| | Win7 Prof. Infiziert mit Win32/Packed.Asprotect.DS Trojaner! Entfernung? Herzlichen Dank. Rechner ist spürbar schneller :-) Super Unterstützung und Hilfe |
|
01.10.2014, 07:26
| #10 |
| /// the machine /// TB-Ausbilder | Win7 Prof. Infiziert mit Win32/Packed.Asprotect.DS Trojaner! Entfernung? Gern Geschehen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
WARNUNG an die MITLESER: 
Linear-Darstellung
