| |
| |||||||
Log-Analyse und Auswertung: Polizeiseite verlangt Geld & sperrt den BrowserWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
03.10.2014, 14:48
| #1 |
| |  Polizeiseite verlangt Geld & sperrt den Browser Hallo!! wie es aussieht hat meinem Brüder eine Seite geöffnet, der nach Polizei- Seite aussah. Hier wurde ihm Geld verlangt und er konnte diese Seite nicht mehr Schließen. Egal wie oft er es versucht hat. Nach dem aus und einschalten des Laptops. Habe ich mein Avast- Antivirus (leider hat Avast kein Protokolldatei erstellt) und mein Spybot laufen lassen. Beim keine der beiden habe ich Meldungen bekommen, dass es Infiziert ist. Spybot: Code:
ATTFilter Search results from Spybot - Search & Destroy
9/29/2014 9:25:08 PM
Scan took 00:39:51.
14 items found.
Macromedia.FlashPlayer.Cookies: [SBI $1EF45977] Text file (File, nothing done)
C:\Users\User\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\YZD59TWP\skype.com\#ui\preferences.sol
Properties.size=221
Properties.md5=7868AD4722DC97664CF589AF90F1FE68
Properties.filedate=1410884028
Properties.filedatetext=2014-09-16 18:13:48
MS Direct3D: [SBI $7FB7B83F] Most recent application (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\MostRecentApplication\Name
MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Direct3D\MostRecentApplication\Name
MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-1562486164-1968951811-4095644148-1000\Software\Microsoft\Direct3D\MostRecentApplication\Name
MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Direct3D\MostRecentApplication\Name
MS DirectDraw: [SBI $EB49D5AF] Most recent application (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name
MS DirectInput: [SBI $9A063C91] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-1562486164-1968951811-4095644148-1000\Software\Microsoft\DirectInput\MostRecentApplication\Name
MS DirectInput: [SBI $7B184199] Most recent application ID (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-1562486164-1968951811-4095644148-1000\Software\Microsoft\DirectInput\MostRecentApplication\Id
Windows: [SBI $1E4E2003] Drivers installation paths (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources
Windows Explorer: [SBI $D20DA0AD] Recent file global history (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-1562486164-1968951811-4095644148-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs
Cookie: [SBI $49804B54] Browser: Cookie (8) (Browser: Cookie, nothing done)
Cache: [SBI $49804B54] Browser: Cache (76) (Browser: Cache, nothing done)
Verlauf: [SBI $49804B54] Browser: History (19) (Browser: History, nothing done)
Cookie: [SBI $49804B54] Browser: Cookie (28) (Browser: Cookie, nothing done)
--- Spybot - Search & Destroy version: 2.1.18.131 DLL (build: 20130516) ---
2013-09-20 blindman.exe (2.2.18.151)
2013-09-20 explorer.exe (2.2.18.177)
2013-09-20 SDBootCD.exe (2.2.18.109)
2013-09-20 SDCleaner.exe (2.2.18.110)
2013-09-20 SDDelFile.exe (2.2.18.94)
2013-06-18 SDDisableProxy.exe
2013-09-20 SDFiles.exe (2.2.18.135)
2013-09-20 SDFileScanHelper.exe (2.2.16.1)
2013-10-15 SDFSSvc.exe (2.2.25.211)
2013-10-10 SDHookHelper.exe (2.3.30.2)
2013-10-10 SDHookInst32.exe (2.3.30.2)
2013-09-20 SDImmunize.exe (2.2.18.130)
2013-05-16 SDLogReport.exe (2.1.18.107)
2013-10-14 SDOnAccess.exe (2.2.25.4)
2013-09-20 SDPESetup.exe (2.2.18.3)
2013-09-20 SDPEStart.exe (2.2.18.86)
2013-09-20 SDPhoneScan.exe (2.2.18.28)
2013-09-20 SDPRE.exe (2.2.18.22)
2013-09-20 SDPrepPos.exe (2.2.18.10)
2013-09-20 SDQuarantine.exe (2.2.18.103)
2013-09-20 SDRootAlyzer.exe (2.2.18.116)
2013-09-20 SDSBIEdit.exe (2.2.18.39)
2013-09-20 SDScan.exe (2.2.18.177)
2013-09-20 SDScript.exe (2.2.18.53)
2013-10-15 SDSettings.exe (2.2.25.138)
2013-09-20 SDShell.exe (2.2.18.2)
2013-09-20 SDShred.exe (2.2.18.107)
2013-09-20 SDSysRepair.exe (2.2.18.101)
2013-09-20 SDTools.exe (2.2.18.150)
2013-07-25 SDTray.exe (2.1.21.129)
2013-09-20 SDUpdate.exe (2.2.18.91)
2013-09-20 SDUpdSvc.exe (2.2.18.76)
2013-09-20 SDWelcome.exe (2.2.21.129)
2013-09-13 SDWSCSvc.exe (2.2.22.2)
2014-05-20 spybotsd2-install-bdcore-update.exe (2.3.39.0)
2014-07-31 spybotsd2-translation-esx.exe
2013-06-19 spybotsd2-translation-frx.exe
2014-08-25 spybotsd2-translation-hux2.exe
2014-09-10 spybotsd2-translation-nlx.exe
2014-02-12 unins000.exe (51.1052.0.0)
1999-12-02 xcacls.exe
2012-08-23 borlndmm.dll (10.0.2288.42451)
2012-09-05 DelZip190.dll (1.9.0.107)
2012-09-10 libeay32.dll (1.0.0.4)
2012-09-10 libssl32.dll (1.0.0.4)
2013-05-16 SDAdvancedCheckLibrary.dll (2.1.18.98)
2013-05-16 SDAV.dll
2013-05-16 SDECon32.dll (2.1.18.113)
2013-04-05 SDEvents.dll (2.1.16.2)
2013-10-14 SDFileScanLibrary.dll (2.2.25.14)
2013-10-10 SDHook32.dll (2.3.30.2)
2013-05-16 SDImmunizeLibrary.dll (2.1.18.2)
2013-05-16 SDLicense.dll (2.1.18.0)
2013-05-16 SDLists.dll (2.1.18.4)
2013-05-16 SDResources.dll (2.1.18.7)
2013-05-16 SDScanLibrary.dll (2.1.18.131)
2013-05-16 SDTasks.dll (2.1.18.15)
2013-05-16 SDWinLogon.dll (2.1.18.0)
2012-08-23 sqlite3.dll
2012-09-10 ssleay32.dll (1.0.0.4)
2013-05-16 Tools.dll (2.1.18.36)
2014-03-05 Includes\Adware-000.sbi (*)
2014-01-08 Includes\Adware-001.sbi (*)
2014-09-24 Includes\Adware-C.sbi (*)
2014-01-13 Includes\Adware.sbi (*)
2014-01-13 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2014-01-08 Includes\Dialer-000.sbi (*)
2014-01-08 Includes\Dialer-001.sbi (*)
2014-01-08 Includes\Dialer-C.sbi (*)
2014-01-13 Includes\Dialer.sbi (*)
2014-01-13 Includes\DialerC.sbi (*)
2014-01-09 Includes\Fraud-000.sbi (*)
2014-01-09 Includes\Fraud-001.sbi (*)
2014-03-31 Includes\Fraud-002.sbi (*)
2014-01-09 Includes\Fraud-003.sbi (*)
2012-11-14 Includes\HeavyDuty.sbi (*)
2014-01-08 Includes\Hijackers-000.sbi (*)
2014-01-08 Includes\Hijackers-001.sbi (*)
2014-01-08 Includes\Hijackers-C.sbi (*)
2014-01-13 Includes\Hijackers.sbi (*)
2014-01-13 Includes\HijackersC.sbi (*)
2014-01-08 Includes\iPhone-000.sbi (*)
2014-01-08 Includes\iPhone.sbi (*)
2014-01-08 Includes\Keyloggers-000.sbi (*)
2014-09-24 Includes\Keyloggers-C.sbi (*)
2014-01-13 Includes\Keyloggers.sbi (*)
2014-01-13 Includes\KeyloggersC.sbi (*)
2014-01-09 Includes\Malware-001.sbi (*)
2014-01-09 Includes\Malware-002.sbi (*)
2014-02-05 Includes\Malware-003.sbi (*)
2014-01-28 Includes\Malware-004.sbi (*)
2014-04-15 Includes\Malware-005.sbi (*)
2014-02-26 Includes\Malware-006.sbi (*)
2014-01-09 Includes\Malware-007.sbi (*)
2014-09-17 Includes\Malware-C.sbi (*)
2014-01-13 Includes\Malware.sbi (*)
2013-12-23 Includes\MalwareC.sbi (*)
2014-01-15 Includes\PUPS-000.sbi (*)
2014-01-15 Includes\PUPS-001.sbi (*)
2014-01-15 Includes\PUPS-002.sbi (*)
2014-09-24 Includes\PUPS-C.sbi (*)
2012-11-14 Includes\PUPS.sbi (*)
2014-01-07 Includes\PUPSC.sbi (*)
2014-01-08 Includes\Security-000.sbi (*)
2014-01-08 Includes\Security-C.sbi (*)
2014-01-21 Includes\Security.sbi (*)
2014-01-21 Includes\SecurityC.sbi (*)
2014-01-08 Includes\Spyware-000.sbi (*)
2014-01-08 Includes\Spyware-001.sbi (*)
2014-01-08 Includes\Spyware-C.sbi (*)
2014-01-21 Includes\Spyware.sbi (*)
2014-01-21 Includes\SpywareC.sbi (*)
2011-06-07 Includes\Tracks.sbi (*)
2012-11-19 Includes\Tracks.uti (*)
2014-01-15 Includes\Trojans-000.sbi (*)
2014-01-15 Includes\Trojans-001.sbi (*)
2014-01-15 Includes\Trojans-002.sbi (*)
2014-01-15 Includes\Trojans-003.sbi (*)
2014-01-15 Includes\Trojans-004.sbi (*)
2014-03-19 Includes\Trojans-005.sbi (*)
2014-07-09 Includes\Trojans-006.sbi (*)
2014-01-15 Includes\Trojans-007.sbi (*)
2014-07-09 Includes\Trojans-008.sbi (*)
2014-07-09 Includes\Trojans-009.sbi (*)
2014-09-24 Includes\Trojans-C.sbi (*)
2014-01-15 Includes\Trojans-OG-000.sbi (*)
2014-01-15 Includes\Trojans-TD-000.sbi (*)
2014-01-15 Includes\Trojans-VM-000.sbi (*)
2014-01-15 Includes\Trojans-VM-001.sbi (*)
2014-01-15 Includes\Trojans-VM-002.sbi (*)
2014-01-15 Includes\Trojans-VM-003.sbi (*)
2014-01-15 Includes\Trojans-VM-004.sbi (*)
2014-01-15 Includes\Trojans-VM-005.sbi (*)
2014-01-15 Includes\Trojans-VM-006.sbi (*)
2014-01-15 Includes\Trojans-VM-007.sbi (*)
2014-01-15 Includes\Trojans-VM-008.sbi (*)
2014-01-15 Includes\Trojans-VM-009.sbi (*)
2014-01-15 Includes\Trojans-VM-010.sbi (*)
2014-01-15 Includes\Trojans-VM-011.sbi (*)
2014-01-15 Includes\Trojans-VM-012.sbi (*)
2014-01-15 Includes\Trojans-VM-013.sbi (*)
2014-01-15 Includes\Trojans-VM-014.sbi (*)
2014-01-15 Includes\Trojans-VM-015.sbi (*)
2014-01-15 Includes\Trojans-VM-016.sbi (*)
2014-01-15 Includes\Trojans-VM-017.sbi (*)
2014-01-15 Includes\Trojans-VM-018.sbi (*)
2014-01-15 Includes\Trojans-VM-019.sbi (*)
2014-01-15 Includes\Trojans-VM-020.sbi (*)
2014-01-15 Includes\Trojans-VM-021.sbi (*)
2014-01-15 Includes\Trojans-VM-022.sbi (*)
2014-01-15 Includes\Trojans-VM-023.sbi (*)
2014-01-15 Includes\Trojans-VM-024.sbi (*)
2014-01-15 Includes\Trojans-ZB-000.sbi (*)
2014-01-15 Includes\Trojans-ZL-000.sbi (*)
2014-01-09 Includes\Trojans.sbi (*)
2014-01-16 Includes\TrojansC-01.sbi (*)
2014-01-16 Includes\TrojansC-02.sbi (*)
2014-01-16 Includes\TrojansC-03.sbi (*)
2014-01-16 Includes\TrojansC-04.sbi (*)
2014-01-16 Includes\TrojansC-05.sbi (*)
2014-01-09 Includes\TrojansC.sbi (*)
Danach habe ich den FRST laufen lassen. Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-10-2014
Ran by SYSTEM on MININT-ABK8BQ5 on 03-10-2014 14:48:33
Running from G:\
Platform: Windows 7 Home Premium (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Recovery
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9177632 2010-04-23] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe [1423904 2010-04-23] (Realtek Semiconductor)
HKLM\...\Run: [HotkeyApp] => C:\Program Files\Launch Manager\HotkeyApp.exe [200704 2009-12-14] (Wistron)
HKLM\...\Run: [LMgrVolOSD] => C:\Program Files\Launch Manager\OSD.exe [348960 2009-12-11] (Wistron Corp.)
HKLM\...\Run: [LMgrOSD] => "C:\Program Files\Launch Manager\OSDCtrl.exe"
HKLM\...\Run: [Wbutton] => C:\Program Files\Launch Manager\Wbutton.exe [413696 2010-01-13] (Wistron Corp.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1594664 2009-12-10] (Synaptics Incorporated)
HKLM\...\Run: [CLMLServer] => C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-11-02] (CyberLink)
HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1225944 2014-03-25] (COMODO)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-07-31] (AVAST Software)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-03-29] (Adobe Systems Incorporated)
HKLM\...\Run: [SwitchBoard] => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-11] (Adobe Systems Incorporated)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM\...\Run: [AdobeCS4ServiceManager] => C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [611712 2008-08-13] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe Acrobat Speed Launcher] => "G:\CS4--06.2014\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Acrobat Assistant 8.0] => "G:\CS4--06.2014\Acrobat 9.0\Acrobat\Acrotray.exe"
HKLM\...\Run: [Adobe_ID0ENQBO] => C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe [378224 2008-08-14] (Adobe Systems Incorporated)
HKLM\...\Run: [osu!install.exe] => C:\Users\User\Downloads\osu!install.exe [69974088 2014-07-14] (ppy Pty. Ltd.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM\...\Run: [tvncontrol] => C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2014-09-24] (Comodo Security Solutions, Inc.)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\Default\...\RunOnce: [Screensaver] => C:\Windows\Web\Wallpaper\MEDION\start.vbs
HKU\Default User\...\RunOnce: [Screensaver] => C:\Windows\Web\Wallpaper\MEDION\start.vbs
HKU\User\...\Run: [HP Deskjet 3050A J611 series (NET)] => C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe [1837672 2012-10-16] (Hewlett-Packard Co.)
HKU\User\...\Run: [Spotify Web Helper] => C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1245752 2014-09-28] (Spotify Ltd)
HKU\User\...\Run: [Spybot-S&D Cleaning] => C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe [3666224 2013-09-20] (Safer-Networking Ltd.)
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
BootExecute: autocheck autochk * sdnclean.exe
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 Adobe Version Cue CS4; C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [284016 2008-08-14] (Adobe Systems Incorporated)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-02] (AVAST Software)
S2 CLPSLauncher; C:\Program Files\Common Files\COMODO\launcher_service.exe [70864 2014-09-24] (Comodo Security Solutions, Inc.)
S2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5306504 2014-04-16] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [1663192 2014-03-25] (COMODO)
S2 CVPND; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1528608 2009-01-13] (Cisco Systems, Inc.)
S2 DragonUpdater; C:\Program Files\Comodo\Dragon\dragon_updater.exe [2094216 2013-05-29] ()
S2 GeekBuddyRSP; C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2014-09-24] (Comodo Security Solutions, Inc.)
S2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [244904 2010-02-10] ()
S2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
S3 WisLMSvc; C:\Program Files\Launch Manager\WisLMSvc.exe [118560 2009-10-22] (Wistron Corp.)
S2 x10nets; C:\Program Files\Common Files\X10\Common\X10nets.exe [20480 2009-11-06] (X10)
S3 WinHttpAutoProxySvc; winhttp.dll [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-07-02] ()
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-07-02] (AVAST Software)
S1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-07-02] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49944 2014-07-02] ()
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [779536 2014-07-02] (AVAST Software)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [414520 2014-07-07] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [71944 2014-07-02] (AVAST Software)
S3 aswTap; C:\Windows\System32\DRIVERS\aswTap.sys [38472 2013-10-22] (The OpenVPN Project)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [192352 2014-07-02] ()
S1 CFRMD; C:\Windows\System32\DRIVERS\CFRMD.sys [35064 2014-06-25] (Windows (R) Win 7 DDK provider)
S1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [20072 2014-04-16] (COMODO)
S1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [607168 2014-04-16] (COMODO)
S1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [43728 2014-04-16] (COMODO)
S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
S2 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [306811 2009-01-13] (Cisco Systems, Inc.)
S3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [131856 2008-08-28] (Deterministic Networks, Inc.)
S1 HMD; C:\Windows\System32\DRIVERS\hmd.sys [15400 2014-06-25] ()
S1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [92656 2014-04-16] (COMODO)
S3 X10Hid; C:\Windows\System32\Drivers\x10hid.sys [13720 2009-05-13] (X10 Wireless Technology, Inc.)
S3 cpuz135; \??\C:\Users\User\AppData\Local\Temp\cpuz135\cpuz135_x32.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-03 14:48 - 2014-10-03 14:48 - 00000000 ____D () C:\FRST
2014-10-03 04:42 - 2014-10-03 04:43 - 02109440 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe
2014-10-03 04:42 - 2014-10-03 04:42 - 01100800 _____ (Farbar) C:\Users\User\Downloads\FRST (1).exe
2014-10-03 02:45 - 2014-10-03 02:45 - 01100800 _____ (Farbar) C:\Users\User\Downloads\FRST.exe
2014-10-03 02:39 - 2014-10-03 02:39 - 00001977 _____ () C:\Users\Public\Desktop\GeekBuddy.lnk
2014-10-03 02:39 - 2014-10-03 02:39 - 00000000 ____D () C:\Program Files\Common Files\COMODO
2014-09-29 11:31 - 2014-09-29 11:31 - 00000166 _____ () C:\Windows\wininit.ini
2014-09-29 07:35 - 2014-09-29 07:36 - 00000000 ____D () C:\Autodesk
2014-09-29 07:34 - 2014-09-29 07:35 - 10602248 _____ () C:\Users\User\Downloads\Autodesk_Maya_2015_wi_en-US_Setup.exe
2014-09-16 08:13 - 2014-09-16 08:13 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-09-08 04:28 - 2014-09-08 04:28 - 00000000 ____D () C:\Users\User\Downloads\Neuer Ordner
2014-09-05 02:00 - 2014-09-05 02:00 - 00000000 ____D () C:\Program Files\Mozilla Firefox
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-03 04:45 - 2009-07-13 20:34 - 00009696 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-03 04:45 - 2009-07-13 20:34 - 00009696 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-03 04:44 - 2013-09-17 02:00 - 01682932 _____ () C:\Windows\WindowsUpdate.log
2014-10-03 04:37 - 2013-09-25 06:50 - 00000000 ___RD () C:\Users\User\Dropbox
2014-10-03 04:37 - 2013-09-25 06:46 - 00000000 ____D () C:\Users\User\AppData\Roaming\Dropbox
2014-10-03 04:34 - 2009-07-13 20:39 - 00063179 _____ () C:\Windows\setupact.log
2014-10-03 04:07 - 2010-06-28 14:30 - 01612484 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-09-30 02:55 - 2013-11-14 10:14 - 455231106 _____ () C:\Windows\MEMORY.DMP
2014-09-30 02:55 - 2013-11-14 10:14 - 00000000 ____D () C:\Windows\Minidump
2014-09-30 02:44 - 2013-09-17 01:52 - 00096630 _____ () C:\Windows\PFRO.log
2014-09-29 11:31 - 2014-02-11 14:03 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-09-29 10:44 - 2009-07-13 18:04 - 00450709 ____R () C:\Windows\System32\Drivers\etc\hosts.20140929-213513.backup
2014-09-29 10:41 - 2014-02-11 14:03 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-09-29 09:39 - 2014-07-08 12:44 - 00000000 ____D () C:\Users\User\AppData\Roaming\Spotify
2014-09-29 08:34 - 2014-07-08 12:45 - 00000000 ____D () C:\Users\User\AppData\Local\Spotify
2014-09-29 07:57 - 2013-09-27 11:00 - 00000000 ____D () C:\Users\User\Documents\FHD
2014-09-27 13:39 - 2013-10-13 09:48 - 00002085 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-24 11:06 - 2013-09-25 07:32 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2014-09-24 11:06 - 2013-09-25 07:32 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2014-09-19 01:49 - 2013-09-25 06:50 - 00001216 _____ () C:\Users\User\Desktop\Dropbox.lnk
2014-09-18 05:34 - 2010-06-28 15:43 - 00000000 ____D () C:\Program Files\Common Files\Adobe AIR
2014-09-16 08:56 - 2014-03-26 08:00 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-16 08:54 - 2013-10-23 07:39 - 00000000 ____D () C:\Users\User\AppData\Roaming\Skype
2014-09-16 08:13 - 2014-05-15 13:56 - 00002505 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-09-16 08:13 - 2014-05-15 13:56 - 00000000 ___RD () C:\Program Files\Skype
2014-09-16 08:13 - 2013-10-23 07:39 - 00000000 ____D () C:\ProgramData\Skype
2014-09-14 23:06 - 2010-06-28 15:04 - 00231568 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2014-09-11 03:43 - 2013-09-25 07:50 - 00000000 ____D () C:\Windows\System32\MRT
2014-09-11 03:43 - 2010-06-28 15:06 - 98758480 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2014-09-08 17:19 - 2013-09-19 01:44 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
Some content of TEMP:
====================
C:\Users\User\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpv7ebha.dll
C:\Users\User\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpxahheh.dll
C:\Users\User\AppData\Local\Temp\ose00000.exe
==================== Known DLLs (Whitelisted) ============
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE Association (whitelisted) =============
==================== Restore Points =========================
Restore point made on: 2014-08-31 15:47:00
Restore point made on: 2014-08-31 15:48:59
Restore point made on: 2014-09-01 06:35:08
Restore point made on: 2014-09-04 00:12:04
Restore point made on: 2014-09-11 01:51:52
Restore point made on: 2014-09-11 03:42:06
Restore point made on: 2014-09-16 05:17:35
Restore point made on: 2014-09-16 08:55:26
Restore point made on: 2014-09-24 10:55:09
Restore point made on: 2014-09-27 13:02:48
Restore point made on: 2014-10-03 02:34:28
==================== Memory info ===========================
Percentage of memory in use: 16%
Total physical RAM: 2934.6 MB
Available physical RAM: 2448.07 MB
Total Pagefile: 2932.88 MB
Available Pagefile: 2443.81 MB
Total Virtual: 2047.88 MB
Available Virtual: 1943.6 MB
==================== Drives ================================
Drive c: (BOOT) (Fixed) (Total:424.66 GB) (Free:334.64 GB) NTFS
Drive e: (Recover) (Fixed) (Total:40 GB) (Free:22.04 GB) NTFS
Drive g: (USB DISK) (Removable) (Total:3.74 GB) (Free:3.74 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: () (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 884D7A8E)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=424.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=40 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 3.8 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=3.7 GB) - (Type=0B)
LastRegBack: 2014-08-27 14:30
==================== End Of Log ============================
Eve |
|
03.10.2014, 14:58
| #2 |
| /// the machine /// TB-Ausbilder    |  Polizeiseite verlangt Geld & sperrt den Browser hi,
__________________bitte vom Desktop aus: Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
03.10.2014, 15:45
| #3 |
| | Polizeiseite verlangt Geld & sperrt den Browser Hallo schrauber!
__________________danke für die schnelle Antwort  so, der FRST.txt FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-10-2014
Ran by User (administrator) on USER-PC on 03-10-2014 16:09:29
Running from C:\Users\User\Desktop
Loaded Profile: User (Available profiles: User)
Platform: Microsoft Windows 7 Home Premium (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Comodo Security Solutions, Inc.) C:\Program Files\Common Files\COMODO\launcher_service.exe
(COMODO) C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchService.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
() C:\Program Files\Comodo\Dragon\dragon_updater.exe
(Comodo Security Solutions, Inc.) C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
() C:\Program Files\CyberLink\Shared files\RichVideo.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Wistron) C:\Program Files\Launch Manager\HotkeyApp.exe
(Wistron Corp.) C:\Program Files\Launch Manager\OSD.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(X10) C:\Program Files\Common Files\X10\Common\X10nets.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Wistron Corp.) C:\Program Files\Launch Manager\WisLMSvc.exe
(Wistron Corp.) C:\Program Files\Launch Manager\WButton.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(COMODO) C:\Program Files\Comodo\COMODO Internet Security\cavwp.exe
(CyberLink) C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
(COMODO) C:\Program Files\Comodo\COMODO Internet Security\cistray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(COMODO) C:\Program Files\Comodo\COMODO Internet Security\cis.exe
(Comodo Security Solutions, Inc.) C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Spotify Ltd) C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Comodo Security Solutions, Inc.) C:\Program Files\Comodo\GeekBuddy\unit_manager.exe
(Comodo Security Solutions, Inc.) C:\Program Files\Comodo\GeekBuddy\unit.exe
(Dropbox, Inc.) C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9177632 2010-04-23] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe [1423904 2010-04-23] (Realtek Semiconductor)
HKLM\...\Run: [HotkeyApp] => C:\Program Files\Launch Manager\HotkeyApp.exe [200704 2009-12-14] (Wistron)
HKLM\...\Run: [LMgrVolOSD] => C:\Program Files\Launch Manager\OSD.exe [348960 2009-12-12] (Wistron Corp.)
HKLM\...\Run: [LMgrOSD] => "C:\Program Files\Launch Manager\OSDCtrl.exe"
HKLM\...\Run: [Wbutton] => C:\Program Files\Launch Manager\Wbutton.exe [413696 2010-01-13] (Wistron Corp.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1594664 2009-12-11] (Synaptics Incorporated)
HKLM\...\Run: [CLMLServer] => C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-11-02] (CyberLink)
HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1225944 2014-03-25] (COMODO)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-07-31] (AVAST Software)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-03-30] (Adobe Systems Incorporated)
HKLM\...\Run: [SwitchBoard] => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM\...\Run: [AdobeCS4ServiceManager] => C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [611712 2008-08-14] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe Acrobat Speed Launcher] => "G:\CS4--06.2014\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Acrobat Assistant 8.0] => "G:\CS4--06.2014\Acrobat 9.0\Acrobat\Acrotray.exe"
HKLM\...\Run: [Adobe_ID0ENQBO] => C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe [378224 2008-08-15] (Adobe Systems Incorporated)
HKLM\...\Run: [osu!install.exe] => C:\Users\User\Downloads\osu!install.exe [69974088 2014-07-14] (ppy Pty. Ltd.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM\...\Run: [tvncontrol] => C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2014-09-24] (Comodo Security Solutions, Inc.)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-21-1562486164-1968951811-4095644148-1000\...\Run: [HP Deskjet 3050A J611 series (NET)] => C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe [1837672 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-1562486164-1968951811-4095644148-1000\...\Run: [Spotify Web Helper] => C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1245752 2014-09-29] (Spotify Ltd)
HKU\S-1-5-21-1562486164-1968951811-4095644148-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe [3666224 2013-09-20] (Safer-Networking Ltd.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start GeekBuddy.lnk
ShortcutTarget: Start GeekBuddy.lnk -> C:\Program Files\Comodo\GeekBuddy\launcher.exe (Comodo Security Solutions, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk
ShortcutTarget: VPN Client.lnk -> C:\Windows\Installer\{F3C1DE9E-5E16-4BA9-B854-7B53A45E3579}\Icon3E5562ED7.ico ()
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
BootExecute: autocheck autochk * sdnclean.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=AV01
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.msn.com/?pc=AV01
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=AV01
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.msn.com/?pc=AV01
SearchScopes: HKLM - DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKCU - DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKCU - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
BHO: No Name -> {074C1DC5-9320-4A9A-947D-C042949C6216} -> No File
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - No Name - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - No File
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKCU - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\qu2t0wvl.default
FF SearchEngineOrder.1: Microsoft (Bing)
FF Homepage: hxxp://www.msn.com/?pc=AV01
FF Keyword.URL: hxxp://www.bing.com/search
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @wacom.com/wacom-plugin,version=1.1.0.4 -> C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\qu2t0wvl.default\searchplugins\bing-avast.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: FlashGot - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\qu2t0wvl.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2014-05-19]
FF Extension: NoScript - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\qu2t0wvl.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-09-25]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-09-19]
FF HKLM\...\Firefox\Extensions: [{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}] - F:\ADOBE CS5 Ordner\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
Chrome:
=======
CHR CustomProfile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Prezi) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\acoonfmhnndodekhecidldfdjgooefpg [2014-05-14]
CHR Extension: (Bejeweled) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\adpkifcfcacgmnggcbpbjbkdijciiigm [2013-11-12]
CHR Extension: (Sudoku) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\agdhembpgcpfegeigidembjopfhghnpj [2014-01-28]
CHR Extension: (Google Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-09]
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-09]
CHR Extension: (MindMeister) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdehgigffdnkjpaindemkaniebfaepjm [2014-04-08]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-05]
CHR Extension: (So Many Me - Demo) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjkhidjaocnkjchjfpgbfdegeiljcdn [2013-10-22]
CHR Extension: (Doodle God 2) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bimbgfgldkfaikjoemccnihllhbdodce [2013-10-30]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-09]
CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-09]
CHR Extension: (Sumo Paint) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpgjihldbpodlmnjolekemlfbcajnmod [2014-01-28]
CHR Extension: (Sea Quail Database Diagram Tool) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\elkpialiknkiaebieojbgnhindepnlkg [2014-01-15]
CHR Extension: (avast! SafePrice) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2014-08-09]
CHR Extension: (Koding) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgbjpbdfegnodokpoejnbhnblcojccal [2014-01-15]
CHR Extension: (Caret) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\fljalecfjciodhpcledpamjachpmelml [2014-01-15]
CHR Extension: (avast! Online Security) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2013-10-14]
CHR Extension: (Timer) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhclmngbkkejbdfjmicnkmoggfpehein [2014-01-29]
CHR Extension: (Vector Paint) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnbpdiengicdefcjecjbnjnoifekhgdo [2013-11-22]
CHR Extension: (Mohiomap) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikkonmkmijjlbenemmnoakjmniihppj [2014-04-08]
CHR Extension: (Sketchpad 3.5) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkghjbajgkcialbbimbifdcjilhcgoim [2013-10-14]
CHR Extension: (Codenvy IDE) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lefigjbiimiemfhjmibbgemkpenelmag [2014-06-12]
CHR Extension: (Harmony) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbbibdblnnlapclckbdennhlbcnkkgcn [2014-01-28]
CHR Extension: (Papa s Cupcakeria) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgenmcncpakkkbapegllmbahdjboogba [2014-07-24]
CHR Extension: (Outlook.com Notifier) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkmomflkhdooajekmffpilpoenndjppk [2014-08-21]
CHR Extension: (Text) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmfbcljfglbokpmkimbfghdkjmjhdgbg [2013-10-22]
CHR Extension: (Google Wallet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-09]
CHR Extension: (Mural.ly) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnhlnnalackljjehlfocmheepffkiihf [2014-04-07]
CHR Extension: (TypingClub) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\obdbgibnhfcjmmpfijkpcihjieedpfah [2013-12-03]
CHR Extension: (Picasa) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\onlgmecjpnejhfeofkgbfgnmdlipdejb [2013-10-14]
CHR Extension: (RealtimeBoard: Whiteboard for Collaboration) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\opfmbdmhambgleempeofcjjhjclimccg [2014-04-07]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-09]
CHR Extension: (Type Fu) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pofoighmmpljaikjiidkkfhldjndfdbk [2013-10-13]
CHR Extension: (Vector Paint App) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\polhblidjnpebjjpjjhmejjalalppmhc [2013-11-22]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswwebrepchrome-sp.crx [2014-08-07]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-03]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 Adobe Version Cue CS4; C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [284016 2008-08-15] (Adobe Systems Incorporated)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-03] (AVAST Software)
R2 CLPSLauncher; C:\Program Files\Common Files\COMODO\launcher_service.exe [70864 2014-09-25] (Comodo Security Solutions, Inc.)
R2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5306504 2014-04-16] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [1663192 2014-03-25] (COMODO)
R2 CVPND; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1528608 2009-01-13] (Cisco Systems, Inc.)
R2 DragonUpdater; C:\Program Files\Comodo\Dragon\dragon_updater.exe [2094216 2013-05-29] ()
R2 GeekBuddyRSP; C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2014-09-24] (Comodo Security Solutions, Inc.)
R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [244904 2010-02-10] () [File not signed]
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
S3 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R3 WisLMSvc; C:\Program Files\Launch Manager\WisLMSvc.exe [118560 2009-10-23] (Wistron Corp.)
R2 x10nets; C:\Program Files\Common Files\X10\Common\X10nets.exe [20480 2009-11-07] (X10) [File not signed]
R3 WinHttpAutoProxySvc; winhttp.dll [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-07-03] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-07-03] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-07-03] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-07-03] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [779536 2014-07-03] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [414520 2014-07-07] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [71944 2014-07-03] (AVAST Software)
S3 aswTap; C:\Windows\System32\DRIVERS\aswTap.sys [38472 2013-10-22] (The OpenVPN Project)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [192352 2014-07-03] ()
R1 CFRMD; C:\Windows\System32\DRIVERS\CFRMD.sys [35064 2014-06-26] (Windows (R) Win 7 DDK provider)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [20072 2014-04-16] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [607168 2014-04-16] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [43728 2014-04-16] (COMODO)
S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
R2 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [306811 2009-01-13] (Cisco Systems, Inc.) [File not signed]
R3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [131856 2008-08-28] (Deterministic Networks, Inc.)
R1 HMD; C:\Windows\System32\DRIVERS\hmd.sys [15400 2014-06-26] ()
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [92656 2014-04-16] (COMODO)
R3 X10Hid; C:\Windows\System32\Drivers\x10hid.sys [13720 2009-05-13] (X10 Wireless Technology, Inc.)
S3 cpuz135; \??\C:\Users\User\AppData\Local\Temp\cpuz135\cpuz135_x32.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-04 00:48 - 2014-10-03 16:33 - 00000000 ____D () C:\FRST
2014-10-03 16:09 - 2014-10-03 16:34 - 00026223 _____ () C:\Users\User\Desktop\FRST.txt
2014-10-03 15:41 - 2014-10-03 15:41 - 00000000 ____D () C:\Users\User\Documents\ProcAlyzer Dumps
2014-10-03 14:42 - 2014-10-03 14:43 - 02109440 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe
2014-10-03 14:42 - 2014-10-03 14:42 - 01100800 _____ (Farbar) C:\Users\User\Downloads\FRST (1).exe
2014-10-03 12:45 - 2014-10-03 12:45 - 01100800 _____ (Farbar) C:\Users\User\Desktop\FRST.exe
2014-10-03 12:39 - 2014-10-03 12:39 - 00001977 _____ () C:\Users\Public\Desktop\GeekBuddy.lnk
2014-10-03 12:39 - 2014-10-03 12:39 - 00000000 ____D () C:\Program Files\Common Files\COMODO
2014-09-29 21:31 - 2014-09-29 21:31 - 00000166 _____ () C:\Windows\wininit.ini
2014-09-29 17:35 - 2014-09-29 17:36 - 00000000 ____D () C:\Autodesk
2014-09-29 17:34 - 2014-09-29 17:35 - 10602248 _____ () C:\Users\User\Downloads\Autodesk_Maya_2015_wi_en-US_Setup.exe
2014-09-16 18:13 - 2014-09-16 18:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-09-16 18:13 - 2014-09-16 18:13 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-09-08 14:28 - 2014-09-08 14:28 - 00000000 ____D () C:\Users\User\Downloads\Neuer Ordner
2014-09-05 12:00 - 2014-09-05 12:00 - 00000000 ____D () C:\Program Files\Mozilla Firefox
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-03 16:31 - 2013-10-13 19:47 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-03 16:06 - 2014-07-08 22:44 - 00000000 ____D () C:\Users\User\AppData\Roaming\Spotify
2014-10-03 16:06 - 2013-09-25 17:32 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-03 16:01 - 2014-07-08 22:45 - 00000000 ____D () C:\Users\User\AppData\Local\Spotify
2014-10-03 16:01 - 2009-07-14 06:39 - 00063291 _____ () C:\Windows\setupact.log
2014-10-03 15:41 - 2014-02-12 00:03 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-10-03 15:01 - 2009-07-14 06:34 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-03 15:01 - 2009-07-14 06:34 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-03 14:57 - 2013-09-17 12:00 - 01686916 _____ () C:\Windows\WindowsUpdate.log
2014-10-03 14:56 - 2013-09-25 16:50 - 00000000 ___RD () C:\Users\User\Dropbox
2014-10-03 14:56 - 2013-09-25 16:46 - 00000000 ____D () C:\Users\User\AppData\Roaming\Dropbox
2014-10-03 14:53 - 2013-10-13 19:47 - 00001090 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-03 14:53 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-03 14:07 - 2010-06-29 00:30 - 01612484 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-03 12:39 - 2013-09-19 12:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
2014-09-30 12:55 - 2013-11-14 20:14 - 455231106 _____ () C:\Windows\MEMORY.DMP
2014-09-30 12:55 - 2013-11-14 20:14 - 00000000 ____D () C:\Windows\Minidump
2014-09-30 12:44 - 2013-09-17 11:52 - 00096630 _____ () C:\Windows\PFRO.log
2014-09-29 20:44 - 2009-07-14 04:04 - 00450709 ____R () C:\Windows\system32\Drivers\etc\hosts.20140929-213513.backup
2014-09-29 20:41 - 2014-02-12 00:03 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-09-29 17:57 - 2013-09-27 21:00 - 00000000 ____D () C:\Users\User\Documents\FHD
2014-09-27 23:39 - 2013-10-13 19:48 - 00002085 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-24 21:06 - 2013-09-25 17:32 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-09-24 21:06 - 2013-09-25 17:32 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-09-19 11:49 - 2013-09-25 16:50 - 00001216 _____ () C:\Users\User\Desktop\Dropbox.lnk
2014-09-19 10:43 - 2013-09-25 16:47 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-09-18 15:34 - 2010-06-29 01:43 - 00000000 ____D () C:\Program Files\Common Files\Adobe AIR
2014-09-16 18:56 - 2014-03-26 18:00 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-16 18:54 - 2013-10-23 17:39 - 00000000 ____D () C:\Users\User\AppData\Roaming\Skype
2014-09-16 18:13 - 2014-05-15 23:56 - 00002505 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-09-16 18:13 - 2014-05-15 23:56 - 00000000 ___RD () C:\Program Files\Skype
2014-09-16 18:13 - 2013-10-23 17:39 - 00000000 ____D () C:\ProgramData\Skype
2014-09-15 09:06 - 2010-06-29 01:04 - 00231568 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-11 13:43 - 2013-09-25 17:50 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-11 13:43 - 2010-06-29 01:06 - 98758480 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-09 19:27 - 2009-07-14 06:53 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-09-09 03:19 - 2013-09-19 11:44 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-09-03 08:17 - 2014-03-31 17:18 - 00000000 ____D () C:\Users\User\Documents\Docu
Some content of TEMP:
====================
C:\Users\User\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpsdgr8m.dll
C:\Users\User\AppData\Local\Temp\ose00000.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-08-28 00:30
==================== End Of Log ============================
und den Addition.txt Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 02-10-2014
Ran by User at 2014-10-03 16:34:44
Running from C:\Users\User\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
AS: COMODO Antivirus (Disabled - Out of date) {0C2D2636-923D-EE52-2A83-E643204A8275}
FW: COMODO Firewall (Enabled) {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.22beta (HKLM\...\7-Zip) (Version: - )
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.0.0.0 - Adobe Systems Incorporated)
Acrobat.com (Version: 2.0.0 - Adobe Systems Incorporated) Hidden
Adobe Acrobat 9 Pro - English, Français, Deutsch (Version: 9.0.0 - Adobe Systems) Hidden
Adobe After Effects CS4 (Version: 9 - Adobe Systems Incorporated) Hidden
Adobe After Effects CS4 Presets (Version: 9 - Adobe Systems Incorporated) Hidden
Adobe After Effects CS4 Template Projects & Footage (Version: 9 - Adobe Systems Incorporated) Hidden
Adobe After Effects CS4 Third Party Content (Version: 9 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 15.0.0.249 - Adobe Systems Incorporated)
Adobe AIR (Version: 15.0.0.249 - Adobe Systems Incorporated) Hidden
Adobe Anchor Service CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Asset Services CS4 (Version: 4 - Adobe Systems Incorporated) Hidden
Adobe Bridge CS4 (Version: 3 - Adobe Systems Incorporated) Hidden
Adobe CMaps CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color - Photoshop Specific CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color EU Recommended Settings CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color JA Extra Settings CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color NA Extra Settings CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color Video Profiles AE CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Community Help (HKLM\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)
Adobe Community Help (Version: 3.4.980 - Adobe Systems Incorporated.) Hidden
Adobe Content Viewer (HKLM\...\com.adobe.dmp.contentviewer) (Version: 1.4.0 - Adobe Systems Incorporated)
Adobe Content Viewer (Version: 1.4.0 - Adobe Systems Incorporated) Hidden
Adobe Contribute CS4 (Version: 5.0 - Adobe Systems Incorporated) Hidden
Adobe Creative Suite 4 Master Collection (HKLM\...\Adobe_7e74552a59eaf9fafd13f90894ac9bd) (Version: 4.0 - Adobe Systems Incorporated)
Adobe Creative Suite 4 Master Collection (Version: 4.0 - Adobe Systems Incorporated) Hidden
Adobe Creative Suite 5.5 Master Collection (HKLM\...\{D8D2B468-8342-411A-8760-BCC362C3408F}) (Version: 5.5 - Adobe Systems Incorporated)
Adobe CS4 American English Speech Analysis Models (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe CS4 French Speech Analysis Models (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe CS4 German Speech Analysis Models (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe CS4 International English Speech Analysis Models (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe CS4 Italian Speech Analysis Models (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe CS4 Japanese Speech Analysis Models (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe CS4 Korean Speech Analysis Models (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe CS4 Spanish Speech Analysis Models (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe CSI CS4 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Default Language CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Device Central CS4 (Version: 2 - Adobe Systems Incorporated) Hidden
Adobe Dreamweaver CS4 (Version: 10.0 - Adobe Systems Incorporated) Hidden
Adobe Drive CS4 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Dynamiclink Support (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Encore CS4 (Version: 4 - Adobe Systems Incorporated) Hidden
Adobe Encore CS4 Codecs (Version: 4 - Adobe Systems Incorporated) Hidden
Adobe Encore CS4 Library (Version: 4 - Adobe Systems Incorporated) Hidden
Adobe ExtendScript Toolkit CS4 (Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe Extension Manager CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Fireworks CS4 (Version: 10.0 - Adobe Systems Incorporated) Hidden
Adobe Flash CS4 (Version: 10.0 - Adobe Systems Incorporated) Hidden
Adobe Flash CS4 Extension - Flash Lite STI others (Version: 3.0 - Adobe Systems Incorporated) Hidden
Adobe Flash CS4 STI-other (Version: 10.0 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Fonts All (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Illustrator CS4 (Version: 14.0 - Adobe Systems Incorporated) Hidden
Adobe InDesign CS4 (Version: 6.0 - Adobe Systems Incorporated) Hidden
Adobe InDesign CS4 Application Feature Set Files (Roman) (Version: 6.0 - Adobe Systems Incorporated) Hidden
Adobe InDesign CS4 Common Base Files (Version: 6.0 - Adobe Systems Incorporated) Hidden
Adobe InDesign CS4 Icon Handler (Version: 6.0 - Adobe Systems Incorporated) Hidden
Adobe Linguistics CS4 (Version: 4.0.0 - Adobe Systems Incorporated) Hidden
Adobe Media Encoder CS4 (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Media Encoder CS4 Additional Exporter (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Media Encoder CS4 Dolby (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Media Encoder CS4 Exporter (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Media Encoder CS4 Importer (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Media Player (HKLM\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1 - Adobe Systems Incorporated)
Adobe Media Player (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe MotionPicture Color Files CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe OnLocation CS4 (Version: 4 - Adobe Systems Incorporated) Hidden
Adobe Output Module (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe PDF Library Files CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS4 (Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS4 Support (Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Premiere Pro CS4 (Version: 4 - Adobe Systems Incorporated) Hidden
Adobe Premiere Pro CS4 Functional Content (Version: 4 - Adobe Systems Incorporated) Hidden
Adobe Premiere Pro CS4 Third Party Content (Version: 4 - Adobe Systems Incorporated) Hidden
Adobe Reader 9.5.5 MUI (HKLM\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
Adobe Search for Help (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Service Manager Extension (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Setup (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe SGM CS4 (Version: 3.0 - Adobe Systems Incorporated) Hidden
Adobe SING CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Soundbooth CS4 (Version: 2 - Adobe Systems Incorporated) Hidden
Adobe Soundbooth CS4 Codecs (Version: 2 - Adobe Systems Incorporated) Hidden
Adobe Type Support CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Update Manager CS4 (Version: 6.0.0 - Adobe Systems Incorporated) Hidden
Adobe Version Cue CS4 Server (Version: 4.0 - Adobe Systems Incorporated) Hidden
Adobe Widget Browser (HKLM\...\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1) (Version: 2.0 Build 230 - Adobe Systems Incorporated.)
Adobe Widget Browser (Version: 2.0.230 - Adobe Systems Incorporated.) Hidden
Adobe WinSoft Linguistics Plugin (Version: 1.1 - Adobe Systems Incorporated) Hidden
Adobe XMP Panels CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
AdobeColorCommonSetCMYK (Version: 2.0 - Adobe Systems Incorporated) Hidden
Ashampoo Burning Studio (HKLM\...\Ashampoo Burning Studio_is1) (Version: 9.23.0 - ashampoo GmbH & Co. KG)
Ashampoo Photo Commander (HKLM\...\Ashampoo Photo Commander_is1) (Version: 8.1.0 - ashampoo GmbH & Co. KG)
Ashampoo Snap (HKLM\...\Ashampoo Snap_is1) (Version: 3.4.0 - ashampoo GmbH & Co. KG)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.27 - Atheros Communications Inc.)
avast! Free Antivirus (HKLM\...\avast) (Version: 9.0.2021 - AVAST Software)
Bamboo (HKLM\...\Pen Tablet Driver) (Version: - Wacom Technology Corp.)
Cisco EAP-FAST Module (HKLM\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Cisco Systems VPN Client 5.0.05.0290 (HKLM\...\{F3C1DE9E-5E16-4BA9-B854-7B53A45E3579}) (Version: 5.0.5 - Cisco Systems, Inc.)
Comodo Dragon (HKLM\...\Comodo Dragon) (Version: 27.0.4.0 - COMODO)
COMODO Firewall (HKLM\...\{A0BABADE-E154-4F08-97A1-2903CD110E88}) (Version: 6.2.20728.2847 - COMODO Security Solutions Inc.)
Connect (Version: 1.0.0.1 - Adobe Systems Incorporated) Hidden
CorelDRAW Essentials 4 - Content (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Draw (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Filters (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - ICA (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - IPM - No VBA (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang BR (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang DE (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang EN (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang ES (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang FR (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang IT (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang NL (Version: 4.0 - Uw bedrijfsnaam) Hidden
CorelDRAW Essentials 4 - PHOTO-PAINT (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Windows Shell Extension (HKLM\...\_{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}) (Version: - Corel Corporation)
CorelDRAW Essentials 4 - Windows Shell Extension (Version: 1.1 - Corel Corporation) Hidden
CorelDRAW Essentials 4 (HKLM\...\_{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}) (Version: - Corel Corporation)
CorelDRAW Essentials 4 (Version: 4.0 - Corel Corporation) Hidden
CyberLink LabelPrint (HKLM\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2602 - CyberLink Corp.)
CyberLink LabelPrint (Version: 2.5.2602 - CyberLink Corp.) Hidden
CyberLink MediaShow (HKLM\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 5.0.1410a - CyberLink Corp.)
CyberLink MediaShow (Version: 5.0.1410a - CyberLink Corp.) Hidden
CyberLink MediaShow Espresso (HKLM\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 5.5.1412_24021 - CyberLink Corp.)
CyberLink MediaShow Espresso (Version: 5.5.1412_24021 - CyberLink Corp.) Hidden
CyberLink PhotoNow (HKLM\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.6904 - CyberLink Corp.)
CyberLink PhotoNow (Version: 1.1.6904 - CyberLink Corp.) Hidden
CyberLink Power2Go (HKLM\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3602c - CyberLink Corp.)
CyberLink Power2Go (Version: 6.1.3602c - CyberLink Corp.) Hidden
CyberLink PowerDirector (HKLM\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.2718 - CyberLink Corp.)
CyberLink PowerDirector (Version: 8.0.2718 - CyberLink Corp.) Hidden
CyberLink PowerDVD 9 (HKLM\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.2925.52 - CyberLink Corp.)
CyberLink PowerDVD 9 (Version: 9.0.2925.52 - CyberLink Corp.) Hidden
CyberLink PowerDVD Copy (HKLM\...\InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}) (Version: 1.5.1306 - CyberLink Corp.)
CyberLink PowerDVD Copy (Version: 1.5.1306 - CyberLink Corp.) Hidden
CyberLink PowerProducer (HKLM\...\InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 5.0.2.2326 - CyberLink Corp.)
CyberLink PowerProducer (Version: 5.0.2.2326 - CyberLink Corp.) Hidden
CyberLink YouCam (HKLM\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.0.2626 - CyberLink Corp.)
CyberLink YouCam (Version: 3.0.2626 - CyberLink Corp.) Hidden
Definition Update for Microsoft Office 2013 (KB2760587) 32-Bit Edition (HKLM\...\{91150000-0015-0000-0000-0000000FF1CE}_Office15.AccessR_{BF1E7B7B-8FBB-45C8-B170-214AA0F4F6AE}) (Version: - Microsoft)
DriverTuner 3.1.0.0 (HKLM\...\{520C1D80-935C-42B9-9340-E883849D804F}_is1) (Version: 3.1.0.0 - LionSea SoftWare)
Dropbox (HKCU\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)
GeekBuddy (HKLM\...\{79B9250E-3714-4877-A2B0-D6C1E93E471A}) (Version: 4.18.121 - Comodo Security Solutions Inc)
Google Chrome (HKLM\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
Google+ Auto Backup (HKLM\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
Haali Media Splitter (HKLM\...\HaaliMkx) (Version: - )
HP Deskjet 3050A J611 series - Grundlegende Software für das Gerät (HKLM\...\{DC2C5DE5-8315-48C3-8866-DC3A7C88DC84}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2141 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation)
Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (Version: 2.1.67.1 - Oracle, Inc.) Hidden
Java SE Development Kit 7 Update 40 (HKLM\...\{32A3A4F4-B792-11D6-A78A-00B0D0170400}) (Version: 1.7.0.400 - Oracle)
Java(TM) 6 Update 20 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216020FF}) (Version: 6.0.200 - Sun Microsystems, Inc.)
JavaFX Scene Builder 1.1 (HKLM\...\{AB468309-88EB-4250-BFEA-45479091102B}) (Version: 1.1 - Oracle)
Junk Mail filter update (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
kuler (Version: 2.0 - Adobe Systems Incorporated) Hidden
Launch Manager V1.5.0.8 (HKLM\...\{D0846526-66DD-4DC9-A02C-98F9A2806812}) (Version: 1.5.0.8 - Wistron Corp.)
Medion Home Cinema (HKLM\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.1505 - CyberLink Corp.)
Medion Home Cinema (Version: 8.0.1505 - CyberLink Corp.) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Extended DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Access 2013 (HKLM\...\Office15.AccessR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Access 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Access MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Office Korrekturhilfen 2013 - Deutsch (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office OSM MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - English (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - Italiano (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [DEU] (HKLM\...\{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFCLOC_x86 (Version: 1.00.0000 - Adobe) Hidden
Mozilla Firefox 32.0 (x86 de) (HKLM\...\Mozilla Firefox 32.0 (x86 de)) (Version: 32.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 32.0 - Mozilla)
MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NetBeans IDE 8.0 (HKLM\...\nbi-nb-base-8.0.0.0.201403101706) (Version: 8.0 - NetBeans.org)
Notepad++ (HKLM\...\Notepad++) (Version: 6.5.4 - Notepad++ Team)
OpenOffice 4.1.0 (HKLM\...\{E19483E2-6C18-494D-A307-D4498BCFD2C7}) (Version: 4.10.9764 - Apache Software Foundation)
Oracle VM VirtualBox 4.3.12 (HKLM\...\{D90E08B8-E7BB-4D29-8249-8670D4CC24BD}) (Version: 4.3.12 - Oracle Corporation)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PDF Settings CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
PDF Settings CS5 (Version: 10.0 - Adobe Systems Incorporated) Hidden
Photoshop Camera Raw (Version: 5.0 - Adobe Systems Incorporated) Hidden
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Pixel Bender Toolkit (Version: 1.0 - Adobe Systems Incorporated) Hidden
PlayReady PC Runtime x86 (HKLM\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
PxMergeModule (Version: 1.00.0000 - Your Company Name) Hidden
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6096 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30121 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM\...\{9D3D8C60-A55F-4fed-B2B9-173F09590E16}) (Version: 1.00.0148 - REALTEK Semiconductor Corp.)
Secure Download Manager (HKLM\...\{C58626D6-7EBD-460D-8B6C-75B3C3464879}) (Version: 3.1.60 - Kivuto Solutions Inc.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM\...\{91150000-0015-0000-0000-0000000FF1CE}_Office15.AccessR_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version: - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (Version: - Microsoft) Hidden
Skype™ 6.20 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
Spotify (HKCU\...\Spotify) (Version: 0.9.13.24.g5dbb3103 - Spotify AB)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.2.25 - Safer-Networking Ltd.)
Suite Shared Configuration CS4 (Version: 1.0 - Adobe Systems Incorporated) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.19.0 - Synaptics Incorporated)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft Excel 2013 (KB2889861) 32-Bit Edition (HKLM\...\{90150000-006E-0407-0000-0000000FF1CE}_Office15.AccessR_{F47D9DA0-739D-4FEE-A2CD-16B23382F7EE}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2760344) 32-Bit Edition (HKLM\...\{91150000-0015-0000-0000-0000000FF1CE}_Office15.AccessR_{A7610F07-E844-4444-8E1D-D5BC8AD0B4C5}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2768012) 32-Bit Edition (HKLM\...\{91150000-0015-0000-0000-0000000FF1CE}_Office15.AccessR_{66421820-D3CA-450A-898C-78D7E40108E6}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2880462) 32-Bit Edition (HKLM\...\{90150000-006E-0407-0000-0000000FF1CE}_Office15.AccessR_{5D6439FF-D651-4B13-B52E-2508AB9DE19D}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2880462) 32-Bit Edition (HKLM\...\{91150000-0015-0000-0000-0000000FF1CE}_Office15.AccessR_{5D6439FF-D651-4B13-B52E-2508AB9DE19D}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2880478) 32-Bit Edition (HKLM\...\{91150000-0015-0000-0000-0000000FF1CE}_Office15.AccessR_{7C5CEE0F-6823-4BB7-A28F-76FEC14EB6AC}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2881001) 32-Bit Edition (HKLM\...\{91150000-0015-0000-0000-0000000FF1CE}_Office15.AccessR_{31849233-AD8B-42D7-9AE1-74C79C8E8C03}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2881009) 32-Bit Edition (HKLM\...\{91150000-0015-0000-0000-0000000FF1CE}_Office15.AccessR_{7A3EF4FF-A9C8-4F7E-8020-A45F7D319387}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2881039) 32-Bit Edition (HKLM\...\{91150000-0015-0000-0000-0000000FF1CE}_Office15.AccessR_{1B208923-2810-414F-82CC-AFFC1B19563F}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2881081) 32-Bit Edition (HKLM\...\{91150000-0015-0000-0000-0000000FF1CE}_Office15.AccessR_{6171BC1B-907E-44D4-930A-4AE0D9260E65}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2883036) 32-Bit Edition (HKLM\...\{91150000-0015-0000-0000-0000000FF1CE}_Office15.AccessR_{B8E73381-09B1-4895-ACD0-34385B0F526D}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2883049) 32-Bit Edition (HKLM\...\{91150000-0015-0000-0000-0000000FF1CE}_Office15.AccessR_{1C6260FD-A280-49FE-89D0-CCEC647FBD8E}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2883060) 32-Bit Edition (HKLM\...\{90150000-001F-0407-0000-0000000FF1CE}_Office15.AccessR_{0F5FFEB6-2F66-4592-8A34-CC85FF318951}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2883060) 32-Bit Edition (HKLM\...\{90150000-001F-0409-0000-0000000FF1CE}_Office15.AccessR_{DA288EB3-648C-433C-88AC-71AEAAFAACF7}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2883060) 32-Bit Edition (HKLM\...\{90150000-001F-040C-0000-0000000FF1CE}_Office15.AccessR_{51865C36-97D4-4210-A33E-50BCC8CDDF72}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2883060) 32-Bit Edition (HKLM\...\{90150000-001F-0410-0000-0000000FF1CE}_Office15.AccessR_{D533D4E6-5056-487A-8F18-7FA51AF0E283}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2889848) 32-Bit Edition (HKLM\...\{90150000-006E-0407-0000-0000000FF1CE}_Office15.AccessR_{E1285C4F-1DB7-4A7F-9DEF-22068D09EBFA}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2889848) 32-Bit Edition (HKLM\...\{91150000-0015-0000-0000-0000000FF1CE}_Office15.AccessR_{E1285C4F-1DB7-4A7F-9DEF-22068D09EBFA}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2889862) 32-Bit Edition (HKLM\...\{91150000-0015-0000-0000-0000000FF1CE}_Office15.AccessR_{96AE4BBC-69CC-4004-8B53-1F40B2461755}) (Version: - Microsoft)
Update for Microsoft Outlook 2013 (KB2880470) 32-Bit Edition (HKLM\...\{91150000-0015-0000-0000-0000000FF1CE}_Office15.AccessR_{1BCA67A6-5329-48D0-A088-C097AC7A14BD}) (Version: - Microsoft)
Update for Microsoft Visio Viewer 2013 (KB2817301) 32-Bit Edition (HKLM\...\{90150000-006E-0407-0000-0000000FF1CE}_Office15.AccessR_{25C61889-2E44-4BE1-9E96-9364BFDCF501}) (Version: - Microsoft)
Update for Microsoft Visio Viewer 2013 (KB2817301) 32-Bit Edition (HKLM\...\{91150000-0015-0000-0000-0000000FF1CE}_Office15.AccessR_{25C61889-2E44-4BE1-9E96-9364BFDCF501}) (Version: - Microsoft)
WebTablet IE Plugin (HKLM\...\Wacom WebTabletPlugin for IE) (Version: 1.1.0.5 - Wacom Technology Corp.)
WebTablet Netscape Plugin (HKLM\...\Wacom WebTabletPlugin for Netscape) (Version: 1.1.0.4 - Wacom Technology Corp.)
Windows Live Anmelde-Assistent (HKLM\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Call (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Communications Platform (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Essentials (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Movie Maker (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM\...\{586509F0-350D-48B5-B763-9CC2F8D96C4C}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live Writer (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live-Uploadtool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Encoder 9 Series (HKLM\...\Windows Media Encoder 9) (Version: - )
Windows Media Encoder 9 Series (Version: 9.00.2980 - Microsoft Corporation) Hidden
X10 Hardware(TM) (HKLM\...\X10Hardware) (Version: - )
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-1562486164-1968951811-4095644148-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1562486164-1968951811-4095644148-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1562486164-1968951811-4095644148-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1562486164-1968951811-4095644148-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1562486164-1968951811-4095644148-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1562486164-1968951811-4095644148-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1562486164-1968951811-4095644148-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1562486164-1968951811-4095644148-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1562486164-1968951811-4095644148-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
==================== Restore Points =========================
31-08-2014 23:46:17 S
31-08-2014 23:48:39 S
01-09-2014 14:34:19 S
04-09-2014 08:11:25 Windows Update
11-09-2014 09:51:00 Windows Update
11-09-2014 11:41:54 Windows Update
16-09-2014 13:16:59 Windows Update
16-09-2014 16:55:03 Windows Update
24-09-2014 18:54:30 Windows Update
27-09-2014 21:02:05 Windows Update
03-10-2014 10:33:46 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:04 - 2014-09-29 21:35 - 00450709 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
There are 1000 more lines.
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {20905C2E-6F47-492D-8C0D-08764714E371} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-14] (Microsoft Corporation)
Task: {20DA3832-4316-47E5-86AC-E94707A9011B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {29BF547B-4524-4DF1-B39A-83B703663629} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {2EC5C91B-E832-4DB7-943C-35DF46A8F97C} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {33A64FEB-B5BA-4D8A-8FAF-878CED1C5E9D} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-04-16] (COMODO)
Task: {7D3C7871-A917-4EF0-82E8-5F0A96423051} - System32\Tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask => BthUdTask.exe
Task: {88378B02-EC10-42D2-A053-A182B4FF121A} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {8B65A289-E1B0-4A75-ADFA-0AA98124222C} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {9ECF305F-3FE0-40F5-891E-1587ACF03A66} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
Task: {A2031730-5E7C-40B8-B7CB-5C919ED8318C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-10-13] (Google Inc.)
Task: {A307D68F-A6D1-4F1D-ADC6-3F387E04E453} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {A559B896-3874-444D-A129-B29B5B45C681} - System32\Tasks\AdobeAAMUpdater-1.0-User-PC-User => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2011-03-30] (Adobe Systems Incorporated)
Task: {B613A6CC-2C8D-4CF7-BE15-ADB0DDB20165} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-10-13] (Google Inc.)
Task: {D21F6024-191F-4454-BBBC-09A650DA2549} - System32\Tasks\Microsoft\Windows\Application Experience\AitAgent => aitagent.exe
Task: {DB2040EB-D54D-4B45-9745-97890399DB62} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-24] (Adobe Systems Incorporated)
Task: {EAA6774A-E0ED-497D-BDCA-AEEB04857DA3} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-04-16] (COMODO)
Task: {F7108CC3-B2EB-4DC9-B0DB-D06D578CA675} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-07-03] (AVAST Software)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2014-07-03 00:33 - 2014-07-03 00:33 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-10-03 12:27 - 2014-10-03 12:27 - 02858496 _____ () C:\Program Files\AVAST Software\Avast\defs\14100300\algo.dll
2014-02-12 00:03 - 2013-05-16 11:55 - 00113496 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-02-12 00:03 - 2013-05-16 11:55 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2012-06-18 17:24 - 2012-06-18 17:24 - 00260096 _____ () C:\Program Files\Notepad++\NppShell_05.dll
2009-01-13 11:29 - 2009-01-13 11:29 - 00197408 _____ () C:\Windows\system32\vpnapi.dll
2013-05-29 14:19 - 2013-05-29 14:19 - 02094216 _____ () C:\Program Files\Comodo\Dragon\dragon_updater.exe
2010-06-28 17:53 - 2010-02-10 12:34 - 00244904 ____N () C:\Program Files\CyberLink\Shared files\RichVideo.exe
2014-02-12 00:03 - 2012-08-23 11:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2014-02-12 00:03 - 2013-05-16 11:55 - 00161112 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-02-12 00:03 - 2012-04-03 18:06 - 00565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2009-11-02 23:20 - 2009-11-02 23:20 - 00619816 ____N () C:\Program Files\CyberLink\Power2Go\CLMediaLibrary.dll
2009-11-02 23:23 - 2009-11-02 23:23 - 00013096 ____N () C:\Program Files\CyberLink\Power2Go\CLMLSvcPS.dll
2014-07-03 00:33 - 2014-07-03 00:33 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-09-25 07:04 - 2014-09-25 07:04 - 00976080 _____ () C:\Program Files\Comodo\GeekBuddy\QtNetwork4.dll
2014-09-25 07:04 - 2014-09-25 07:04 - 02254544 _____ () C:\Program Files\Comodo\GeekBuddy\QtCore4.dll
2014-09-25 07:04 - 2014-09-25 07:04 - 08024784 _____ () C:\Program Files\Comodo\GeekBuddy\QtGui4.dll
2014-09-25 07:04 - 2014-09-25 07:04 - 00032976 _____ () C:\Program Files\Comodo\GeekBuddy\imageformats\qgif4.dll
2014-09-25 07:04 - 2014-09-25 07:04 - 01299664 _____ () C:\Program Files\Comodo\GeekBuddy\QtScript4.dll
2014-10-03 14:55 - 2014-10-03 14:55 - 00043008 _____ () c:\users\user\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpsdgr8m.dll
2013-08-23 21:01 - 2013-08-23 21:01 - 25100288 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\libcef.dll
2014-07-16 13:34 - 2014-07-16 13:34 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\d89f0252d910d617de1de783a812f840\IsdiInterop.ni.dll
2010-06-29 01:22 - 2010-03-04 05:08 - 00058880 _____ () C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BsScanner => ""="Service"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
========================= Accounts: ==========================
Administrator (S-1-5-21-1562486164-1968951811-4095644148-500 - Administrator - Disabled)
Gast (S-1-5-21-1562486164-1968951811-4095644148-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1562486164-1968951811-4095644148-1002 - Limited - Enabled)
User (S-1-5-21-1562486164-1968951811-4095644148-1000 - Administrator - Enabled) => C:\Users\User
==================== Faulty Device Manager Devices =============
Name: avast! SecureLine TAP Adapter v3
Description: avast! SecureLine TAP Adapter v3
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Windows Provider V9
Service: aswTap
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Cisco Systems VPN Adapter
Description: Cisco Systems VPN Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (10/03/2014 03:42:06 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm SDLogReport.exe, Version 2.1.18.107 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 12dc
Startzeit: 01cfdf0d4897771a
Endzeit: 34
Anwendungspfad: C:\Program Files\Spybot - Search & Destroy 2\SDLogReport.exe
Berichts-ID: 09a2f0b8-4b03-11e4-b151-00262dc12142
Error: (10/03/2014 01:32:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: cvpnd.exe, Version: 0.0.0.0, Zeitstempel: 0x496cdce6
Name des fehlerhaften Moduls: cvpnd.exe, Version: 0.0.0.0, Zeitstempel: 0x496cdce6
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00047fb3
ID des fehlerhaften Prozesses: 0x608
Startzeit der fehlerhaften Anwendung: 0xcvpnd.exe0
Pfad der fehlerhaften Anwendung: cvpnd.exe1
Pfad des fehlerhaften Moduls: cvpnd.exe2
Berichtskennung: cvpnd.exe3
Error: (10/03/2014 01:30:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: cvpnd.exe, Version: 0.0.0.0, Zeitstempel: 0x496cdce6
Name des fehlerhaften Moduls: cvpnd.exe, Version: 0.0.0.0, Zeitstempel: 0x496cdce6
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00047fb3
ID des fehlerhaften Prozesses: 0x6a4
Startzeit der fehlerhaften Anwendung: 0xcvpnd.exe0
Pfad der fehlerhaften Anwendung: cvpnd.exe1
Pfad des fehlerhaften Moduls: cvpnd.exe2
Berichtskennung: cvpnd.exe3
Error: (10/03/2014 00:44:23 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418231
Error: (09/30/2014 01:08:16 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418231
Error: (09/29/2014 08:36:02 PM) (Source: MsiInstaller) (EventID: 11719) (User: User-PC)
Description: Produkt: Adobe Acrobat 9 Pro - English, Français, Deutsch -- Fehler 1719. Windows Installer service could not be accessed. Contact your support personnel to verify that it is properly registered and enabled.
Error: (09/29/2014 08:05:45 AM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsspeicherort "F:\" nicht abgeschlossen. Fehler: "Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)"
Error: (09/29/2014 08:05:42 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418231
Error: (09/27/2014 11:05:13 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418231
Error: (09/24/2014 08:58:13 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418231
System errors:
=============
Error: (10/03/2014 02:55:00 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
Error: (10/03/2014 02:35:52 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Spybot-S&D 2 Scanner Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (10/03/2014 02:35:52 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Spybot-S&D 2 Scanner Service erreicht.
Error: (10/03/2014 01:14:31 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Spybot-S&D 2 Scanner Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (10/03/2014 01:14:31 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Spybot-S&D 2 Scanner Service erreicht.
Error: (10/03/2014 00:28:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Spybot-S&D 2 Scanner Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (10/03/2014 00:28:15 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Spybot-S&D 2 Scanner Service erreicht.
Error: (10/03/2014 00:27:44 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Spybot-S&D 2 Updating Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (10/03/2014 00:27:44 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Spybot-S&D 2 Updating Service erreicht.
Error: (10/03/2014 00:27:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Spybot-S&D 2 Scanner Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Microsoft Office Sessions:
=========================
Error: (10/03/2014 03:42:06 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: SDLogReport.exe2.1.18.10712dc01cfdf0d4897771a34C:\Program Files\Spybot - Search & Destroy 2\SDLogReport.exe09a2f0b8-4b03-11e4-b151-00262dc12142
Error: (10/03/2014 01:32:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: cvpnd.exe0.0.0.0496cdce6cvpnd.exe0.0.0.0496cdce6c000000500047fb360801cfdefd910a97cbC:\Program Files\Cisco Systems\VPN Client\cvpnd.exeC:\Program Files\Cisco Systems\VPN Client\cvpnd.exef4cd0feb-4af0-11e4-948b-00262dc12142
Error: (10/03/2014 01:30:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: cvpnd.exe0.0.0.0496cdce6cvpnd.exe0.0.0.0496cdce6c000000500047fb36a401cfdefd44f154b1C:\Program Files\Cisco Systems\VPN Client\cvpnd.exeC:\Program Files\Cisco Systems\VPN Client\cvpnd.exead95e4bf-4af0-11e4-9e17-00262dc12142
Error: (10/03/2014 00:44:23 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418231
Error: (09/30/2014 01:08:16 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418231
Error: (09/29/2014 08:36:02 PM) (Source: MsiInstaller) (EventID: 11719) (User: User-PC)
Description: Produkt: Adobe Acrobat 9 Pro - English, Français, Deutsch -- Fehler 1719. Windows Installer service could not be accessed. Contact your support personnel to verify that it is properly registered and enabled.(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (09/29/2014 08:05:45 AM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: F:\Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)
Error: (09/29/2014 08:05:42 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418231
Error: (09/27/2014 11:05:13 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418231
Error: (09/24/2014 08:58:13 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418231
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i3 CPU M 350 @ 2.27GHz
Percentage of memory in use: 42%
Total physical RAM: 2934.6 MB
Available physical RAM: 1700.17 MB
Total Pagefile: 5867.48 MB
Available Pagefile: 4072.35 MB
Total Virtual: 2047.88 MB
Available Virtual: 1897.5 MB
==================== Drives ================================
Drive c: (BOOT) (Fixed) (Total:424.66 GB) (Free:334.42 GB) NTFS
Drive d: (Recover) (Fixed) (Total:40 GB) (Free:22.04 GB) NTFS
Drive f: (USB DISK) (Removable) (Total:3.74 GB) (Free:3.74 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 884D7A8E)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=424.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=40 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 3.8 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=3.7 GB) - (Type=0B)
==================== End Of Log ============================
|
|
04.10.2014, 14:00
| #4 |
| /// the machine /// TB-Ausbilder | Polizeiseite verlangt Geld & sperrt den Browser hi, Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
20.10.2014, 22:56
| #5 |
| | Polizeiseite verlangt Geld & sperrt den Browser Hallo schrauber! Combofix hat mir das hier gegeben: Combofix Logfile: Code:
ATTFilter ComboFix 14-10-20.01 - User 20.10.2014 23:07:14.1.4 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.49.1031.18.2935.1665 [GMT 2:00]
ausgeführt von:: c:\users\User\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
FW: COMODO Firewall *Disabled* {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: COMODO Antivirus *Disabled/Outdated* {0C2D2636-923D-EE52-2A83-E643204A8275}
SP: Spybot - Search and Destroy *Disabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-09-20 bis 2014-10-20 ))))))))))))))))))))))))))))))
.
.
2014-10-20 21:36 . 2014-10-20 21:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-10-20 18:43 . 2014-09-09 01:24 8806800 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F1162A8D-95D1-4CA8-B1E5-38CB768A8D56}\mpengine.dll
2014-10-15 17:55 . 2014-09-15 00:42 2377216 ----a-w- c:\windows\system32\win32k.sys
2014-10-03 22:48 . 2014-10-03 14:36 -------- d-----w- C:\FRST
2014-10-03 10:39 . 2014-10-03 10:39 -------- d-----w- c:\program files\Common Files\COMODO
2014-09-29 15:35 . 2014-09-29 15:36 -------- d-----w- C:\Autodesk
2014-09-25 11:30 . 2014-09-25 11:30 5646032 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE15\CMigrate.exe
2014-09-25 11:30 . 2014-09-25 11:30 5353664 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE15\Csi.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-09-24 19:06 . 2013-09-25 15:32 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-09-24 19:06 . 2013-09-25 15:32 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-09-15 07:06 . 2010-06-28 23:04 231568 ------w- c:\windows\system32\MpSigStub.exe
2014-08-21 12:02 . 2014-08-21 12:03 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-07-02 22:32 578240 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"HP Deskjet 3050A J611 series (NET)"="c:\program files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe" [2012-10-17 1837672]
"Spotify Web Helper"="c:\users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2014-10-07 1514040]
"Spybot-S&D Cleaning"="c:\program files\Spybot - Search & Destroy 2\SDCleaner.exe" [2013-09-20 3666224]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-04-23 9177632]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RtHDVBg.exe" [2010-04-23 1423904]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-06-21 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-06-21 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-06-21 170008]
"HotkeyApp"="c:\program files\Launch Manager\HotkeyApp.exe" [2009-12-14 200704]
"LMgrVolOSD"="c:\program files\Launch Manager\OSD.exe" [2009-12-11 348960]
"Wbutton"="c:\program files\Launch Manager\Wbutton.exe" [2010-01-13 413696]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-12-11 1594664]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-11-02 103720]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cistray.exe" [2014-03-25 1225944]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-07-31 4085896]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2013-05-08 41056]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-30 499608]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2013-07-25 5624784]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"osu!install.exe"="c:\users\User\Downloads\osu!install.exe" [2014-07-14 69974088]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2014-07-25 256896]
"tvncontrol"="c:\program files\Common Files\COMODO\GeekBuddyRSP.exe" [2014-09-24 2327248]
.
c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-9-13 36414624]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Start GeekBuddy.lnk - c:\program files\Comodo\GeekBuddy\launcher.exe "unit_manager.exe" [2014-9-25 49360]
VPN Client.lnk - c:\windows\Installer\{F3C1DE9E-5E16-4BA9-B854-7B53A45E3579}\Icon3E5562ED7.ico -user_logon [2014-6-17 6144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2014-07-02 71944]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-10-15 3921880]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-09-20 1042272]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-09-13 171416]
R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
R3 aswTap;avast! SecureLine TAP Adapter v3;c:\windows\system32\DRIVERS\aswTap.sys [2013-10-22 38472]
R3 cmdvirth;COMODO Virtual Service Manager;c:\program files\COMODO\COMODO Internet Security\cmdvirth.exe [2014-03-25 1663192]
R3 cpuz135;cpuz135;c:\users\User\AppData\Local\Temp\cpuz135\cpuz135_x32.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [2010-05-24 193056]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2010-05-19 16240]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2014-07-02 779536]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2014-07-07 414520]
S1 CFRMD;CFRMD;c:\windows\system32\DRIVERS\CFRMD.sys [2014-06-26 35064]
S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys [2014-04-16 20072]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2014-04-16 607168]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2014-04-16 43728]
S1 HMD;COMODO livePCsupport Hardware Monitor Driver;c:\windows\system32\DRIVERS\hmd.sys [2014-06-26 15400]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2014-05-16 204064]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2014-05-16 104736]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2014-07-02 24184]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2014-07-02 67824]
S2 CLPSLauncher;COMODO LPS Launcher;c:\program files\Common Files\COMODO\launcher_service.exe [2014-09-25 70864]
S2 DragonUpdater;COMODO Dragon Update Service;c:\program files\Comodo\Dragon\dragon_updater.exe [2013-05-29 2094216]
S2 GeekBuddyRSP;GeekBuddyRSP Server;c:\program files\Common Files\COMODO\GeekBuddyRSP.exe [2014-09-24 2327248]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
S2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [2010-07-13 6076272]
S2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [2010-07-13 616816]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-12-10 2320920]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-27 132480]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-03 232960]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [2010-03-04 67624]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2010-04-01 1009184]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2014-05-16 116512]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2014-05-16 126752]
S3 WisLMSvc;WisLMSvc;c:\program files\Launch Manager\WisLMSvc.exe [2009-10-23 118560]
S3 X10Hid;X10 Hid Device;c:\windows\system32\Drivers\x10hid.sys [2009-05-13 13720]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-10-07 18:49 1096520 ----a-w- c:\program files\Google\Chrome\Application\37.0.2062.124\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-10-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-25 19:06]
.
2014-10-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-10-07 18:48]
.
2014-10-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-10-07 18:48]
.
.
------- Zusätzlicher Suchlauf -------
.
uInternet Settings,ProxyServer = localhost:21320
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: An vorhandene PDF-Datei anfügen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: In Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
TCP: DhcpNameServer = 192.168.2.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\qu2t0wvl.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/?pc=AV01
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-LMgrOSD - c:\program files\Launch Manager\OSDCtrl.exe
HKLM-Run-Adobe Acrobat Speed Launcher - g:\cs4--06.2014\Acrobat 9.0\Acrobat\Acrobat_sl.exe
HKLM-Run-Acrobat Assistant 8.0 - g:\cs4--06.2014\Acrobat 9.0\Acrobat\Acrotray.exe
Notify-SDWinLogon - SDWinLogon.dll
SafeBoot-BsScanner
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\COMODO\CIS\Installer\Sym_Cam\CIS]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\cmdAgent\Mode\Configurations]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,59,00,53,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\cmdAgent\Mode\Data]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\cmdAgent\Mode\Options]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\Software\COMODO\Cam]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\Software\COMODO\Firewall Pro]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,59,00,53,00,\
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'lsass.exe'(688)
c:\windows\system32\guard32.dll
c:\windows\system32\efssvc.dll
.
- - - - - - - > 'Explorer.exe'(7564)
c:\windows\system32\guard32.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
c:\windows\system32\taskschd.dll
.
Zeit der Fertigstellung: 2014-10-20 23:42:03
ComboFix-quarantined-files.txt 2014-10-20 21:42
.
Vor Suchlauf: 13 Verzeichnis(se), 358.403.444.736 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 357.924.331.520 Bytes frei
.
- - End Of File - - 7F83E51C51B4F9F8C021DAF70CA56575
4624822E540EC83CD0819525C65846BA [/CODE] Ich hoffe, das bringt uns weiter. Dankeschön |
|
21.10.2014, 18:39
| #6 |
| /// the machine /// TB-Ausbilder | Polizeiseite verlangt Geld & sperrt den Browser Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ --> Polizeiseite verlangt Geld & sperrt den Browser |
|
| Themen zu Polizeiseite verlangt Geld & sperrt den Browser |
| adobe, antivirus, browser gesperrt, fehlercode 0x5, fehlercode 0x81000006, fehlercode 0xc0000005, fehlercode 22, fehlercode windows, flash player, geld forderung, helper.exe, infiziert, install.exe, installation, launch, microsoft, mozilla, polizei trojaner, polizei virus, realtek, registry, registry key, services.exe, software, spotify web helper, svchost.exe, this device is disabled. (code 22), windows xp, winlogon.exe |
WARNUNG an die MITLESER: 
Linear-Darstellung
