| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Samsung Laptop hängt ständig - kann nicht mehr mit arbeitenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
08.10.2014, 06:01
| #1 |
 |  Samsung Laptop hängt ständig - kann nicht mehr mit arbeiten Hallo, bin neu und ziemlich unerfahren in dem Metier ...Habe einen rel.alten Samsung R510 Lamptop mit Windows Vista. Nun kann kann ich nicht mehr mit arbeiten... er fährt zwar hoch, aber er hängt sich bei jedem Vorgang, den ich starte auf (keine Rückmeldung) ... Ich kann ihn doch irgendwo auf einen früheren Zeitpunkt zurücksetzen? Wo finde ich das - der gesicherte Modus ist nun an. Versuche seit heute früh irgendeine Lösung, aber ich glaube ich mache es nur noch schlimmer mit dem vielen an und aus schalten ... Ich schreibe von meinem Ersatz-Netbook ... Danke Euch im voraus ... Mi vllt habe ich mir ja auch nen virus oder trojaner eingefangen...deshalb schreibe ich ja hier  ... im abgesicherten modus fährter auch EXTREM langsam hoch ...im normalen modus traue ich mich nun nicht mehr ...was kann ich tun, prüfen, bereinigen,damit er wieder läuft? das samsung-recovery-programm habe ich auch schon aufgerufen und windows "zurückgesetzt" ... ohmann... bin überfordert ... das ersatz-netbook kostet mich auch schon den letzten nerv, weils mega langsam is ... das kann ich auf keinen fall als dauerhafte lösung benutzen ... |
|
08.10.2014, 06:23
| #2 |
| /// the machine /// TB-Ausbilder    | Samsung Laptop hängt ständig - kann nicht mehr mit arbeiten hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
08.10.2014, 11:50
| #3 |
| | Samsung Laptop hängt ständig - kann nicht mehr mit arbeiten Hallo - ok Danke - habe jetzt den normalen Modus laufen...und bisher geht es wieder ... hmm...hier die Angaben:
__________________FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 06-10-2014 01
Ran by Michaela (administrator) on MAHAKALA-PC on 08-10-2014 12:44:01
Running from C:\Users\Michaela\Desktop
Loaded Profile: Michaela (Available profiles: Michaela)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(IObit) C:\Program Files\IObit\Advanced SystemCare 7\ASCService.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(IObit) C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
() C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(pdfforge GbR) C:\Program Files\PDF Architect\HelperService.exe
(pdfforge GbR) C:\Program Files\PDF Architect\ConversionService.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files\CyberLink\Shared Files\RichVideo.exe
() C:\Program Files\Video downloader\ExtensionUpdaterService.exe
() C:\Program Files\Video downloader\ExtensionUpdaterService.exe
(Check Point Software Technologies, Ltd.) C:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
(Trusted Software ApS) C:\Program Files\File Type Assistant\tsassist.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(IObit) C:\Program Files\IObit\Smart Defrag 3\SmartDefrag.exe
(SAMSUNG Electronics co., LTD.) C:\Program Files\SamSung\EBM\EasyBatteryMgr3.exe
(SAMSUNG Electronics) C:\Program Files\SamSung\Easy Display Manager\dmhkcore.exe
(IObit) C:\Program Files\IObit\Advanced SystemCare 7\Monitor.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Cyberlink Corp.) C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
() C:\Windows\twain_32\Samsung\SCX3200\Scan2Pc.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(IObit) C:\Program Files\IObit\Advanced SystemCare 7\ASCTray.exe
() C:\Program Files\IObit\Advanced SystemCare 7\RealTimeProtector.exe
(Dropbox, Inc.) C:\Users\Michaela\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe
(IObit) C:\Program Files\IObit\IObit Malware Fighter\IMF.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_12_0_0_43.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_12_0_0_43.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [6111232 2008-04-17] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1029416 2007-10-26] (Synaptics, Inc.)
HKLM\...\Run: [RemoteControl] => C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [71216 2007-03-14] (Cyberlink Corp.)
HKLM\...\Run: [LanguageShortcut] => C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [52256 2007-01-08] ()
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [974432 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [Samsung PanelMgr] => C:\Windows\Samsung\PanelMgr\SSMMgr.exe [688128 2011-07-06] ()
HKLM\...\Run: [SCX3200_Scan2Pc] => C:\Windows\Twain_32\Samsung\SCX3200\Scan2pc.exe [1990144 2011-06-21] ()
HKLM\...\Run: [3200 Scan2PC] => C:\Windows\twain_32\Samsung\SCX3200\Scan2Pc.exe [1990144 2011-06-21] ()
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM\...\Run: [IObit Malware Fighter] => C:\Program Files\IObit\IObit Malware Fighter\IMF.exe [4474832 2012-12-25] (IObit)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-942415238-3203751660-2953270710-1000\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-942415238-3203751660-2953270710-1000\...\Run: [Power2GoExpress] => NA
HKU\S-1-5-21-942415238-3203751660-2953270710-1000\...\Run: [LightScribe Control Panel] => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2289664 2008-03-17] (Hewlett-Packard Company)
HKU\S-1-5-21-942415238-3203751660-2953270710-1000\...\Run: [ccleaner] => C:\Program Files\CCleaner\CCleaner.exe [3273136 2012-12-19] (Piriform Ltd)
HKU\S-1-5-21-942415238-3203751660-2953270710-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-942415238-3203751660-2953270710-1000\...\Run: [Advanced SystemCare 7] => C:\Program Files\IObit\Advanced SystemCare 7\ASCTray.exe [2281248 2014-08-22] (IObit)
HKU\S-1-5-21-942415238-3203751660-2953270710-1000\...\MountPoints2: {0a4be967-dda9-11e1-bbf4-806e6f6e6963} - E:\AutoRun.exe
HKU\S-1-5-18\...\Run: [Advanced SystemCare 7] => C:\Program Files\IObit\Advanced SystemCare 7\ASCTray.exe [2281248 2014-08-22] (IObit)
IFEO\avgdiagex.exe: [Debugger] C:\Program Files\IObit\Advanced SystemCare 7\AutoReactivator.exe
IFEO\BonanzaDealsUpdate.exe: [Debugger] C:\Program Files\IObit\Advanced SystemCare 7\AutoReactivator.exe
IFEO\BonanzaDealsUpdateRun.exe: [Debugger] C:\Program Files\IObit\Advanced SystemCare 7\AutoReactivator.exe
IFEO\BrowserCleaner.exe: [Debugger] C:\Program Files\IObit\Advanced SystemCare 7\AutoReactivator.exe
IFEO\DiskCleaner.exe: [Debugger] C:\Program Files\IObit\Advanced SystemCare 7\AutoReactivator.exe
IFEO\DiskDoctor.exe: [Debugger] C:\Program Files\IObit\Advanced SystemCare 7\AutoReactivator.exe
IFEO\DiskExplorer.exe: [Debugger] C:\Program Files\IObit\Advanced SystemCare 7\AutoReactivator.exe
IFEO\DriveDefrag.exe: [Debugger] C:\Program Files\IObit\Advanced SystemCare 7\AutoReactivator.exe
IFEO\DuplicateFinder.exe: [Debugger] C:\Program Files\IObit\Advanced SystemCare 7\AutoReactivator.exe
IFEO\EnergyOptimizer.exe: [Debugger] C:\Program Files\IObit\Advanced SystemCare 7\AutoReactivator.exe
IFEO\IECacheWinInetLdr.exe: [Debugger] C:\Program Files\IObit\Advanced SystemCare 7\AutoReactivator.exe
IFEO\Integrator.exe: [Debugger] C:\Program Files\IObit\Advanced SystemCare 7\AutoReactivator.exe
IFEO\OneClick.exe: [Debugger] C:\Program Files\IObit\Advanced SystemCare 7\AutoReactivator.exe
IFEO\OneClickStarter.exe: [Debugger] C:\Program Files\IObit\Advanced SystemCare 7\AutoReactivator.exe
IFEO\PerformanceOptimizer.exe: [Debugger] C:\Program Files\IObit\Advanced SystemCare 7\AutoReactivator.exe
IFEO\PMLauncher.exe: [Debugger] C:\Program Files\IObit\Advanced SystemCare 7\AutoReactivator.exe
IFEO\PowerModeManager.exe: [Debugger] C:\Program Files\IObit\Advanced SystemCare 7\AutoReactivator.exe
IFEO\ProcessManager.exe: [Debugger] C:\Program Files\IObit\Advanced SystemCare 7\AutoReactivator.exe
IFEO\RegistryCleaner.exe: [Debugger] C:\Program Files\IObit\Advanced SystemCare 7\AutoReactivator.exe
IFEO\RegistryDefrag.exe: [Debugger] C:\Program Files\IObit\Advanced SystemCare 7\AutoReactivator.exe
IFEO\RegistryEditor.exe: [Debugger] C:\Program Files\IObit\Advanced SystemCare 7\AutoReactivator.exe
IFEO\RegWiz.exe: [Debugger] C:\Program Files\IObit\Advanced SystemCare 7\AutoReactivator.exe
IFEO\RepairWizard.exe: [Debugger] C:\Program Files\IObit\Advanced SystemCare 7\AutoReactivator.exe
IFEO\Report.exe: [Debugger] C:\Program Files\IObit\Advanced SystemCare 7\AutoReactivator.exe
IFEO\SettingCenter.exe: [Debugger] C:\Program Files\IObit\Advanced SystemCare 7\AutoReactivator.exe
IFEO\ShortcutCleaner.exe: [Debugger] C:\Program Files\IObit\Advanced SystemCare 7\AutoReactivator.exe
IFEO\Shredder.exe: [Debugger] C:\Program Files\IObit\Advanced SystemCare 7\AutoReactivator.exe
IFEO\SilentUpdater.exe: [Debugger] C:\Program Files\IObit\Advanced SystemCare 7\AutoReactivator.exe
IFEO\StartUpManager.exe: [Debugger] C:\Program Files\IObit\Advanced SystemCare 7\AutoReactivator.exe
IFEO\StartupOptimizer.exe: [Debugger] C:\Program Files\IObit\Advanced SystemCare 7\AutoReactivator.exe
IFEO\Styler.exe: [Debugger] C:\Program Files\IObit\Advanced SystemCare 7\AutoReactivator.exe
IFEO\SystemControl.exe: [Debugger] C:\Program Files\IObit\Advanced SystemCare 7\AutoReactivator.exe
IFEO\SystemInformation.exe: [Debugger] C:\Program Files\IObit\Advanced SystemCare 7\AutoReactivator.exe
IFEO\TUAutoReactivator32.exe: [Debugger] C:\Program Files\IObit\Advanced SystemCare 7\AutoReactivator.exe
IFEO\TUAutoUpdateCheck.exe: [Debugger] C:\Program Files\IObit\Advanced SystemCare 7\AutoReactivator.exe
IFEO\TUDefragBackend32.exe: [Debugger] C:\Program Files\IObit\Advanced SystemCare 7\AutoReactivator.exe
IFEO\TUInstallHelper.exe: [Debugger] C:\Program Files\IObit\Advanced SystemCare 7\AutoReactivator.exe
IFEO\TUMessages.exe: [Debugger] C:\Program Files\IObit\Advanced SystemCare 7\AutoReactivator.exe
IFEO\TuneUpSystemStatusCheck.exe: [Debugger] C:\Program Files\IObit\Advanced SystemCare 7\AutoReactivator.exe
IFEO\TuneUpUtilitiesApp32.exe: [Debugger] C:\Program Files\IObit\Advanced SystemCare 7\AutoReactivator.exe
IFEO\TuneUpUtilitiesService32.exe: [Debugger] C:\Program Files\IObit\Advanced SystemCare 7\AutoReactivator.exe
IFEO\TURatingSynch.exe: [Debugger] C:\Program Files\IObit\Advanced SystemCare 7\AutoReactivator.exe
IFEO\TURegOpt32.exe: [Debugger] C:\Program Files\IObit\Advanced SystemCare 7\AutoReactivator.exe
IFEO\tux64thk.exe: [Debugger] C:\Program Files\IObit\Advanced SystemCare 7\AutoReactivator.exe
IFEO\Undelete.exe: [Debugger] C:\Program Files\IObit\Advanced SystemCare 7\AutoReactivator.exe
IFEO\UpdateWizard.exe: [Debugger] C:\Program Files\IObit\Advanced SystemCare 7\AutoReactivator.exe
Startup: C:\Users\Michaela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Michaela\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Michaela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
BootExecute: autocheck autochk * SmartDefragBootTime.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=8be8c269-cb65-47bb-9f82-d5ad0cd73055&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=21/04/2013&type=hp1000
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.searchgol.com/?babsrc=HP_ss&mntrId=54C60016EAB06BA8&affID=119357&tsp=5022
HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://search.babylon.com/?affID=120518&tt=190313_wo2&babsrc=HP_ss_din2g&mntrId=54C60016EAB06BA8
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=8be8c269-cb65-47bb-9f82-d5ad0cd73055&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=21/04/2013&type=hp1000
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.giga.de/
SearchScopes: HKLM - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=8be8c269-cb65-47bb-9f82-d5ad0cd73055&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=21/04/2013&type=hp1000
SearchScopes: HKLM - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=8be8c269-cb65-47bb-9f82-d5ad0cd73055&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=21/04/2013&type=hp1000
SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=8be8c269-cb65-47bb-9f82-d5ad0cd73055&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=21/04/2013&type=hp1000
SearchScopes: HKCU - bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=8be8c269-cb65-47bb-9f82-d5ad0cd73055&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=21/04/2013&type=hp1000
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.searchgol.com/?q={searchTerms}&babsrc=SP_ss_Btisdt7&mntrId=54C60016EAB06BA8&affID=119357&tsp=5022
BHO: SaveSense -> {0f21b1e5-5afc-43c9-9c66-515046e92ec2} -> C:\Program Files\SaveSense\SaveSenseIE.dll (SaveSense)
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll (IObit)
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: Yahoo Community Smartbar (by Linkury)Engine -> {31ad400d-1b06-4e33-a59a-90c2c140cba0} -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
BHO: PDF Architect Helper -> {3A2D5EBA-F86D-4BD3-A177-019765996711} -> C:\Program Files\PDF Architect\PDFIEHelper.dll (pdfforge GbR)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Video downloader -> {77BEC163-D389-42c1-91A4-C758846296A5} -> C:\Program Files\Video downloader\Extension32.dll ()
BHO: Advanced SystemCare Browser Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: BonanzaDeals -> {fe063412-bea4-4d76-8ed3-183be6220d17} -> C:\Program Files\BonanzaDeals\BonanzaDealsIE.dll (BonanzaDeals)
Toolbar: HKLM - PDF Architect Toolbar - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files\PDF Architect\PDFIEPlugin.dll (pdfforge GbR)
Toolbar: HKLM - No Name - {82E1477C-B154-48D3-9891-33D83C26BCD3} - No File
Toolbar: HKLM - Yahoo Community Smartbar (by Linkury) - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Michaela\AppData\Roaming\Mozilla\Firefox\Profiles\62q4hg8p.default
FF SearchEngineOrder.1: Search By ZoneAlarm
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.searchgol.com/?babsrc=HP_ss&mntrId=54C60016EAB06BA8&affID=119357&tsp=5022
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @tools.bdupdater.com/BonanzaDealsLive Update;version=3 -> C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\npGoogleUpdate3.dll (BonanzaDeals)
FF Plugin: @tools.bdupdater.com/BonanzaDealsLive Update;version=9 -> C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\npGoogleUpdate3.dll (BonanzaDeals)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.updaterss.com/SaveSenseLive Update;version=3 -> C:\Program Files\SaveSenseLive\Update\1.3.23.0\npGoogleUpdate3.dll No File
FF Plugin: @tools.updaterss.com/SaveSenseLive Update;version=9 -> C:\Program Files\SaveSenseLive\Update\1.3.23.0\npGoogleUpdate3.dll No File
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\Michaela\AppData\Roaming\Mozilla\Firefox\Profiles\62q4hg8p.default\user.js
FF SearchPlugin: C:\Users\Michaela\AppData\Roaming\Mozilla\Firefox\Profiles\62q4hg8p.default\searchplugins\babylon.xml
FF SearchPlugin: C:\Users\Michaela\AppData\Roaming\Mozilla\Firefox\Profiles\62q4hg8p.default\searchplugins\BrowserProtect.xml
FF SearchPlugin: C:\Users\Michaela\AppData\Roaming\Mozilla\Firefox\Profiles\62q4hg8p.default\searchplugins\conduit-search.xml
FF SearchPlugin: C:\Users\Michaela\AppData\Roaming\Mozilla\Firefox\Profiles\62q4hg8p.default\searchplugins\Web Search.xml
FF SearchPlugin: C:\Users\Michaela\AppData\Roaming\Mozilla\Firefox\Profiles\62q4hg8p.default\searchplugins\zonealarm.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Advanced SystemCare Surfing Protection - C:\Users\Michaela\AppData\Roaming\Mozilla\Firefox\Profiles\62q4hg8p.default\Extensions\ascsurfingprotection@iobit.com [2014-10-07]
FF Extension: Delta Toolbar - C:\Users\Michaela\AppData\Roaming\Mozilla\Firefox\Profiles\62q4hg8p.default\Extensions\ffxtlbr@delta.com [2013-04-01]
FF Extension: Yontoo - C:\Users\Michaela\AppData\Roaming\Mozilla\Firefox\Profiles\62q4hg8p.default\Extensions\plugin@yontoo.com [2013-04-02]
FF Extension: Wajam - C:\Users\Michaela\AppData\Roaming\Mozilla\Firefox\Profiles\62q4hg8p.default\Extensions\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2} [2013-10-01]
FF Extension: SaveSense - C:\Users\Michaela\AppData\Roaming\Mozilla\Firefox\Profiles\62q4hg8p.default\Extensions\{8b337819-d1e8-48d3-8178-168ae8c99c36} [2014-01-19]
FF Extension: Yahoo Community Smartbar - C:\Users\Michaela\AppData\Roaming\Mozilla\Firefox\Profiles\62q4hg8p.default\Extensions\{8be8c269-cb65-47bb-9f82-d5ad0cd73055} [2013-04-21]
FF Extension: Add-on Compatibility Reporter - C:\Users\Michaela\AppData\Roaming\Mozilla\Firefox\Profiles\62q4hg8p.default\Extensions\compatibility@addons.mozilla.org.xpi [2014-01-22]
FF Extension: ImTranslator - C:\Users\Michaela\AppData\Roaming\Mozilla\Firefox\Profiles\62q4hg8p.default\Extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi [2013-08-25]
FF Extension: BonanzaDeals - C:\Users\Michaela\AppData\Roaming\Mozilla\Firefox\Profiles\62q4hg8p.default\Extensions\{f9d03c26-0575-497e-821d-f7956d23e0ca}.xpi [2013-12-19]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-08-22]
FF HKLM\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files\PDF Architect\FFPDFArchitectExt [2013-03-30]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-11-24]
FF HKLM\...\Firefox\Extensions: [{77BEC163-D389-42c1-91A4-C758846296A5}] - C:\Program Files\Video downloader\Firefox
FF Extension: V-bates - C:\Program Files\Video downloader\Firefox [2013-04-02]
FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM\...\Firefox\Extensions: [ext@WebexpEnhancedV1alpha349.net] - C:\Program Files\WebexpEnhancedV1\WebexpEnhancedV1alpha349\ff
FF Extension: Webexp Enhanced - C:\Program Files\WebexpEnhancedV1\WebexpEnhancedV1alpha349\ff [2013-12-20]
FF HKLM\...\Firefox\Extensions: [ext@WebexpEnhancedV1alpha248.net] - C:\Program Files\WebexpEnhancedV1\WebexpEnhancedV1alpha248\ff
FF Extension: Webexp Enhanced - C:\Program Files\WebexpEnhancedV1\WebexpEnhancedV1alpha248\ff [2013-12-21]
FF HKLM\...\Firefox\Extensions: [ext@VideoPlayerV3beta407.net] - C:\Program Files\VideoPlayerV3\VideoPlayerV3beta407\ff
FF Extension: Video Player - C:\Program Files\VideoPlayerV3\VideoPlayerV3beta407\ff [2014-01-10]
FF HKLM\...\Firefox\Extensions: [ext@MediaPlayerV1alpha238.net] - C:\Program Files\MediaPlayerV1\MediaPlayerV1alpha238\ff
FF Extension: Media Player - C:\Program Files\MediaPlayerV1\MediaPlayerV1alpha238\ff [2014-01-29]
FF HKLM\...\Firefox\Extensions: [ext@MediaViewerV1alpha1863.net] - C:\Program Files\MediaViewerV1\MediaViewerV1alpha1863\ff
FF Extension: Media Viewer - C:\Program Files\MediaViewerV1\MediaViewerV1alpha1863\ff [2014-02-24]
FF HKLM\...\Firefox\Extensions: [ext@MediaViewV1alpha196.net] - C:\Program Files\MediaViewV1\MediaViewV1alpha196\ff
FF Extension: Media View - C:\Program Files\MediaViewV1\MediaViewV1alpha196\ff [2014-02-28]
FF HKLM\...\Firefox\Extensions: [ext@MediaViewV1alpha8024.net] - C:\Program Files\MediaViewV1\MediaViewV1alpha8024\ff
FF Extension: Media View - C:\Program Files\MediaViewV1\MediaViewV1alpha8024\ff [2014-03-15]
Chrome:
=======
CHR HomePage: Default -> chrome://newtab
CHR RestoreOnStartup: Default -> "hxxp://search.babylon.com/?affID=120518&tt=190313_wo2&babsrc=HP_ss_din2g&mntrId=54C60016EAB06BA8", "hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=8be8c269-cb65-47bb-9f82-d5ad0cd73055&searchtype=hp&fr=linkury-tb&installDate=21/04/2013&type=hp1000", "hxxp://www.giga.de/"
CHR StartupUrls: Default -> "hxxp://search.babylon.com/?affID=120518&tt=190313_wo2&babsrc=HP_ss_din2g&mntrId=54C60016EAB06BA8", "hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=8be8c269-cb65-47bb-9f82-d5ad0cd73055&searchtype=hp&fr=linkury-tb&installDate=21/04/2013&type=hp1000"
CHR NewTab: Default -> "chrome-extension://eooncjejnppfjjklapaamhcdmjbilmde/redirect.html"
CHR DefaultSearchKeyword: Default -> conduit.search
CHR DefaultSearchProvider: Default -> Conduit Search
CHR DefaultSearchURL: Default -> hxxp://search.conduit.com/Results.aspx?ctid=CT3319434&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP3D68C17E-2E60-43D2-80A3-045603CAD5D5&q={searchTerms}&SSPV=
CHR DefaultSuggestURL: Default ->
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\33.0.1750.154\pdf.dll No File
CHR Plugin: (Advanced SystemCare 6) - C:\Users\Michaela\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkddabcabcabcabcabcabcabc\1.0.0_0\Plugin/ASCPlugin_Protect.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Picasa) - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll No File
CHR CustomProfile: C:\Users\Michaela\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Michaela\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-12-07]
CHR Extension: (Advanced SystemCare Surfing Protection) - C:\Users\Michaela\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbmegnmpleoagolcnjnejdacakedpcgd [2014-03-16]
CHR Extension: (YouTube) - C:\Users\Michaela\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-12-07]
CHR Extension: (Google-Suche) - C:\Users\Michaela\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-12-07]
CHR Extension: (Media View) - C:\Users\Michaela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlkojehkngebfliacbjemkjcicanmbok [2014-03-15]
CHR Extension: (Delta Toolbar) - C:\Users\Michaela\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde [2013-10-01]
CHR Extension: (RealDownloader) - C:\Users\Michaela\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-04-03]
CHR Extension: (BonanzaDeals) - C:\Users\Michaela\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieadcoanfjloocmfafkebdnfefmohngj [2013-10-01]
CHR Extension: (SaveSense) - C:\Users\Michaela\AppData\Local\Google\Chrome\User Data\Default\Extensions\khcceooakamlehbimaepcldnnlnkcmfk [2014-01-19]
CHR Extension: (Video downloader) - C:\Users\Michaela\AppData\Local\Google\Chrome\User Data\Default\Extensions\khldgopgjjapmbkgflpoclebjjmkmbnk [2013-04-02]
CHR Extension: (Advanced SystemCare Surfing Protection) - C:\Users\Michaela\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd [2014-03-04]
CHR Extension: (Google Wallet) - C:\Users\Michaela\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-14]
CHR Extension: (Google Mail) - C:\Users\Michaela\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-12-07]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AAV UpdateService; C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 AdvancedSystemCareService7; C:\Program Files\IObit\Advanced SystemCare 7\ASCService.exe [893216 2014-08-18] (IObit)
S2 bonanzadealslive; C:\Program Files\BonanzaDealsLive\Update\BonanzaDealsLive.exe [148976 2013-10-01] (BonanzaDeals)
S3 bonanzadealslivem; C:\Program Files\BonanzaDealsLive\Update\BonanzaDealsLive.exe [148976 2013-10-01] (BonanzaDeals)
R2 EvtEng; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [819200 2008-05-23] (Intel(R) Corporation) [File not signed]
R2 IMFservice; C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe [821592 2012-01-09] (IObit)
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2008-03-17] (Hewlett-Packard Company) [File not signed]
S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2282272 2014-08-19] (IObit)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation)
R2 PDF Architect Helper Service; C:\Program Files\PDF Architect\HelperService.exe [1324104 2013-01-09] (pdfforge GbR)
R2 PDF Architect Service; C:\Program Files\PDF Architect\ConversionService.exe [795208 2013-01-09] (pdfforge GbR)
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 RegSrvc; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [466944 2008-05-23] (Intel(R) Corporation) [File not signed]
R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [272024 2006-12-20] ()
S4 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe [1740600 2013-08-30] (TuneUp Software)
R2 V-bates Updater; C:\Program Files\Video downloader\ExtensionUpdaterService.exe [188760 2013-11-05] () [File not signed]
R2 Video downloader Updater; C:\Program Files\Video downloader\ExtensionUpdaterService.exe [188760 2013-11-05] () [File not signed]
R4 ZAPrivacyService; C:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [92176 2014-04-09] (Check Point Software Technologies, Ltd.)
S2 WajamUpdater; No ImagePath <==== ATTENTION
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 FileMonitor; C:\Program Files\IObit\IObit Malware Fighter\Drivers\wlh_x86\FileMonitor.sys [20336 2012-01-05] (IObit)
S4 IObitUnlocker; C:\Program Files\IObit\IObit Unlocker\IObitUnlocker.sys [29912 2013-09-30] (IObit)
R2 KMDFMEMIO; C:\Windows\System32\DRIVERS\kmdfmemio.sys [13312 2006-11-14] (SAMSUNG ELECTRONICS CO., LTD.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation)
R1 MpKsldb375c6f; C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0F5E7071-0332-49C7-9D9B-43313DA59855}\MpKsldb375c6f.sys [39464 2014-10-07] (Microsoft Corporation)
R1 MpKslf4ac45b3; C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0F5E7071-0332-49C7-9D9B-43313DA59855}\MpKslf4ac45b3.sys [39464 2014-10-08] (Microsoft Corporation)
R2 PfFilter; C:\Program Files\IObit\Protected Folder\pffilter.sys [34336 2013-04-03] (IObit Information Technology)
R3 RegFilter; C:\Program Files\IObit\IObit Malware Fighter\drivers\wlh_x86\regfilter.sys [30640 2012-07-05] (IObit.com)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [18624 2013-12-24] (IObit)
R2 SSPORT; C:\Windows\system32\Drivers\SSPORT.sys [5120 2009-10-28] (Samsung Electronics) [File not signed]
S3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesDriver32.sys [12320 2013-08-21] (TuneUp Software)
R3 UrlFilter; C:\Program Files\IObit\IObit Malware Fighter\drivers\wlh_x86\UrlFilter.sys [19832 2012-07-05] (IObit.com)
R3 VMC302; C:\Windows\System32\Drivers\VMC302.sys [242560 2008-04-05] (Vimicro Corporation)
U5 BTHPORT; C:\Windows\System32\Drivers\BTHPORT.sys [219648 2008-01-21] (Microsoft Corporation)
S1 ffeicctm; No ImagePath
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-08 12:44 - 2014-10-08 12:44 - 00034517 _____ () C:\Users\Michaela\Desktop\FRST.txt
2014-10-08 12:43 - 2014-10-08 12:44 - 00000000 ____D () C:\FRST
2014-10-08 12:42 - 2014-10-08 12:42 - 01101312 _____ (Farbar) C:\Users\Michaela\Desktop\FRST.exe
2014-10-08 08:02 - 2014-10-08 08:17 - 00059887 ____N () C:\Windows\WindowsUpdate.log
2014-10-08 00:29 - 2008-08-25 02:55 - 00000000 __RSH () C:\MSDOS.SYS
2014-10-08 00:29 - 2008-08-25 02:55 - 00000000 __RSH () C:\IO.SYS
2014-10-08 00:29 - 2008-04-11 04:03 - 00307200 _____ () C:\Windows\SetDisplayResolution.exe
2014-10-08 00:29 - 2008-02-22 06:59 - 00671232 _____ (Microsoft Corporation) C:\Windows\system32\mstime.dll
2014-10-08 00:29 - 2008-02-21 04:24 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rfcomm.sys
2014-10-08 00:29 - 2008-02-14 01:17 - 00080424 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\btwaudio.sys
2014-10-08 00:29 - 2008-02-12 06:36 - 00647168 _____ (Broadcom Corporation.) C:\Windows\system32\BtwNamespaceExt.dll
2014-10-08 00:29 - 2008-02-12 06:19 - 00569344 _____ (Broadcom Corporation.) C:\Windows\system32\btwprofpack.dll
2014-10-08 00:29 - 2008-02-12 06:19 - 00285224 _____ (Broadcom Corporation.) C:\Windows\BtwIEProxy.exe
2014-10-08 00:29 - 2008-02-12 06:19 - 00233472 _____ (Broadcom Corporation.) C:\Windows\system32\BtwRSupport.dll
2014-10-08 00:29 - 2008-02-12 06:19 - 00208896 _____ (Broadcom Corporation.) C:\Windows\system32\BtMmHook.dll
2014-10-08 00:29 - 2008-02-12 06:19 - 00012800 _____ (Broadcom Corporation.) C:\Windows\system32\BtwRadioCoInst.dll
2014-10-08 00:29 - 2008-02-12 06:17 - 00368640 _____ (Broadcom Corporation.) C:\Windows\system32\BtwNeLib.dll
2014-10-08 00:29 - 2008-02-12 06:16 - 00339968 _____ (Broadcom Corporation.) C:\Windows\system32\BtwApplExt.dll
2014-10-08 00:29 - 2008-02-12 05:59 - 01052672 _____ (Broadcom Corporation.) C:\Windows\system32\btins.dll
2014-10-08 00:29 - 2008-02-12 05:58 - 00393216 _____ (Broadcom Corporation.) C:\Windows\system32\btwhidcs.dll
2014-10-08 00:29 - 2008-02-12 05:57 - 01208320 _____ (Broadcom Corporation.) C:\Windows\system32\BtWizard.dll
2014-10-08 00:29 - 2008-02-12 05:56 - 00675840 _____ (Broadcom Corporation.) C:\Windows\system32\btsec.dll
2014-10-08 00:29 - 2008-02-12 05:56 - 00516096 _____ (Broadcom Corporation.) C:\Windows\system32\btcss.dll
2014-10-08 00:29 - 2008-02-12 05:54 - 00352256 _____ (Broadcom Corporation.) C:\Windows\system32\btsendto_office.dll
2014-10-08 00:29 - 2008-02-12 05:54 - 00188416 _____ (Broadcom Corporation.) C:\Windows\system32\btsendto_ie.dll
2014-10-08 00:29 - 2008-02-12 05:52 - 00229376 _____ (Broadcom Corporation.) C:\Windows\system32\btsendto_wab.dll
2014-10-08 00:29 - 2008-02-12 05:52 - 00172032 _____ (Broadcom Corporation.) C:\Windows\system32\btsendto_notes.dll
2014-10-08 00:29 - 2008-02-12 05:51 - 00548864 _____ (Broadcom Corporation.) C:\Windows\system32\btosif_wincal.dll
2014-10-08 00:29 - 2008-02-12 05:50 - 00442368 _____ (Broadcom Corporation.) C:\Windows\system32\btosif_ol.dll
2014-10-08 00:29 - 2008-02-12 05:50 - 00270336 _____ (Broadcom Corporation.) C:\Windows\system32\btosif_olx.dll
2014-10-08 00:29 - 2008-02-12 05:49 - 00335872 _____ (Broadcom Corporation.) C:\Windows\system32\btosif_notes.dll
2014-10-08 00:29 - 2008-02-12 05:48 - 00794624 _____ (Broadcom Corporation.) C:\Windows\system32\BTChooser.dll
2014-10-08 00:29 - 2008-02-12 05:48 - 00180224 _____ (Broadcom Corporation.) C:\Windows\system32\btwpimif.dll
2014-10-08 00:29 - 2008-02-12 05:47 - 00405504 _____ (Broadcom Corporation.) C:\Windows\system32\btsendto.dll
2014-10-08 00:29 - 2008-02-12 05:46 - 00233472 _____ (Broadcom Corporation.) C:\Windows\system32\btosif.dll
2014-10-08 00:29 - 2008-02-12 05:45 - 00249856 _____ (Broadcom Corporation.) C:\Windows\system32\BTXPPanel.dll
2014-10-08 00:29 - 2008-02-12 05:45 - 00180224 _____ (Broadcom Corporation.) C:\Windows\system32\BtAudioHelper.dll
2014-10-08 00:29 - 2008-02-12 05:45 - 00021504 _____ (Broadcom Corporation.) C:\Windows\system32\BtXpShell.dll
2014-10-08 00:29 - 2008-02-12 05:37 - 00233472 _____ (Broadcom Corporation.) C:\Windows\system32\bt2k_ins.dll
2014-10-08 00:29 - 2008-02-12 05:37 - 00061440 _____ (Broadcom Corporation.) C:\Windows\system32\btdev.dll
2014-10-08 00:29 - 2008-02-12 05:36 - 00184320 _____ (Broadcom Corporation.) C:\Windows\system32\BTNCopy.dll
2014-10-08 00:29 - 2008-02-12 05:33 - 00471040 _____ (Broadcom Corporation.) C:\Windows\system32\btbip.dll
2014-10-08 00:29 - 2008-02-12 05:32 - 00659456 _____ (Broadcom Corporation.) C:\Windows\system32\BtWdSdk.dll
2014-10-08 00:29 - 2008-02-12 05:31 - 00602112 _____ (Broadcom Corporation.) C:\Windows\system32\btwapi.dll
2014-10-08 00:29 - 2008-02-12 05:29 - 00602112 _____ (Broadcom Corporation.) C:\Windows\system32\wbtapi.dll
2014-10-08 00:29 - 2008-02-12 05:26 - 05271552 _____ (Broadcom Corporation.) C:\Windows\system32\btrez.dll
2014-10-08 00:29 - 2008-01-21 04:24 - 00133120 _____ (Microsoft Corporation) C:\Windows\system32\extmgr.dll
2014-10-08 00:29 - 2008-01-21 04:24 - 00078336 _____ (Microsoft Corporation) C:\Windows\system32\ieencode.dll
2014-10-08 00:29 - 2008-01-21 04:24 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\WsmProv.dll
2014-10-08 00:29 - 2008-01-21 04:24 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\corpol.dll
2014-10-08 00:29 - 2008-01-21 04:24 - 00001536 _____ (Microsoft Corporation) C:\Windows\system32\WsmCl.dll
2014-10-08 00:29 - 2008-01-21 04:23 - 02225664 _____ (Intel Corporation) C:\Windows\system32\Drivers\NETw3v32.sys
2014-10-08 00:29 - 2008-01-21 04:23 - 00599552 _____ (Microsoft Corporation) C:\Windows\system32\vsp1cln.exe
2014-10-08 00:29 - 2008-01-21 04:23 - 00219648 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthport.sys
2014-10-08 00:29 - 2008-01-21 04:23 - 00181760 _____ (Microsoft Corporation) C:\Windows\system32\fsquirt.exe
2014-10-08 00:29 - 2008-01-21 04:23 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthpan.sys
2014-10-08 00:29 - 2008-01-21 04:23 - 00088576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2014-10-08 00:29 - 2008-01-21 04:23 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\BTHUSB.SYS
2014-10-08 00:29 - 2008-01-21 04:23 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthenum.sys
2014-10-08 00:29 - 2008-01-21 04:23 - 00000003 _____ () C:\Windows\system32\Drivers\MsftWdf_Kernel_01007_Inbox_Critical.Wdf
2014-10-08 00:29 - 2007-07-24 05:02 - 00033800 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mferkdk.sys
2014-10-08 00:29 - 2007-07-24 00:40 - 00079304 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfeavfk.sys
2014-10-08 00:29 - 2007-07-21 02:08 - 00201288 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfehidk.sys
2014-10-08 00:29 - 2007-07-21 02:08 - 00040488 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfesmfk.sys
2014-10-08 00:29 - 2007-07-21 02:08 - 00035240 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfebopk.sys
2014-10-08 00:29 - 2007-07-16 00:20 - 00080936 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\btwavdt.sys
2014-10-08 00:29 - 2007-07-16 00:20 - 00016168 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\btwrchid.sys
2014-10-08 00:29 - 2007-07-13 02:21 - 00125728 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\Mpfp.sys
2014-10-08 00:29 - 2007-06-14 17:36 - 00319488 _____ (SAMSUNG Electronics CO ., LTD) C:\Windows\SMCM.exe
2014-10-08 00:29 - 2007-02-15 09:51 - 00274432 _____ () C:\Windows\system32\NDADLL.dll
2014-10-08 00:29 - 2007-02-15 08:40 - 00042496 _____ (ASKEY COMPUTER CORP.) C:\Windows\system32\RmWLAN64.exe
2014-10-08 00:29 - 2007-02-13 15:30 - 00045056 _____ (ASKEY COMPUTER CORP.) C:\Windows\system32\RmWLAN.exe
2014-10-08 00:29 - 2007-01-22 09:48 - 00581632 _____ (Wizmax Co. Ltd.) C:\Windows\system32\WMX_Proxy.dll
2014-10-08 00:29 - 2007-01-15 12:02 - 00040960 _____ () C:\Windows\system32\IhDEV.exe
2014-10-08 00:29 - 2007-01-08 15:17 - 00502816 _____ (Microsoft Corporation) C:\Windows\system32\msvcp71.dll
2014-10-08 00:29 - 2006-12-23 04:36 - 00024576 _____ () C:\Windows\system32\Drivers\Marker.exe
2014-10-08 00:29 - 2006-11-29 10:00 - 00307200 _____ () C:\Windows\system32\LDBGenWizView.dll
2014-10-08 00:29 - 2006-11-29 10:00 - 00290816 _____ (DIGITALFLOW) C:\Windows\system32\WMLyrics.ocx
2014-10-08 00:29 - 2006-11-29 10:00 - 00069632 _____ ((주) 마크애니) C:\Windows\system32\MACLICX07.dll
2014-10-08 00:29 - 2006-11-29 10:00 - 00045056 _____ () C:\Windows\system32\MAWebControl.exe
2014-10-08 00:29 - 2006-11-28 09:11 - 01161888 _____ (Agere Systems) C:\Windows\system32\Drivers\AGRSM.sys
2014-10-08 00:29 - 2006-11-24 07:14 - 00139264 _____ ( ) C:\Windows\system32\MACSSDK_wiz.dll
2014-10-08 00:29 - 2006-11-24 07:14 - 00126976 _____ ( ) C:\Windows\system32\MACSSDK.dll
2014-10-08 00:29 - 2006-11-21 04:15 - 00024576 _____ () C:\Windows\system32\IhINF.exe
2014-10-08 00:29 - 2006-11-02 11:46 - 02076672 _____ (Intel Corporation) C:\Windows\system32\igdumd32.dll
2014-10-08 00:29 - 2006-11-02 11:46 - 00208896 _____ (Intel Corporation) C:\Windows\system32\igfxdev.dll
2014-10-08 00:29 - 2006-11-02 11:46 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\LANGWRBK.DLL
2014-10-08 00:29 - 2006-11-02 11:46 - 00061440 _____ () C:\Windows\system32\igfxTMM.dll
2014-10-08 00:29 - 2006-11-02 09:30 - 00045056 _____ (Broadcom Corporation) C:\Windows\system32\Drivers\bcm4sbxp.sys
2014-10-08 00:29 - 2006-10-29 21:33 - 00095048 _____ (Microsoft Corporation) C:\Windows\system32\BCMMS32.DLL
2014-10-08 00:29 - 2006-10-26 07:40 - 00036672 _____ (Microsoft Corporation) C:\Windows\system32\FM20DEU.DLL
2014-10-08 00:29 - 2006-10-26 07:10 - 01190688 _____ (Microsoft Corporation) C:\Windows\system32\FM20.DLL
2014-10-08 00:29 - 2006-10-26 07:10 - 00033088 _____ (Microsoft Corporation) C:\Windows\system32\FM20ENU.DLL
2014-10-08 00:29 - 2006-10-26 07:08 - 00050752 _____ (Agere Systems) C:\Windows\system32\agrsmdel.exe
2014-10-08 00:29 - 2006-10-26 07:08 - 00050752 _____ (Agere Systems) C:\Windows\agrsmdel.exe
2014-10-08 00:29 - 2006-10-19 04:10 - 01380864 _____ (Intel Corporation) C:\Windows\system32\Drivers\igdkmd32.sys
2014-10-08 00:29 - 2006-10-09 04:34 - 02628096 _____ (LEAD Technologies, Inc.) C:\Windows\system32\LTRPR14nu.DLL
2014-10-08 00:29 - 2006-10-09 04:34 - 02243072 _____ (LEAD Technologies, Inc.) C:\Windows\system32\LTCLR14su.dll
2014-10-08 00:29 - 2006-10-09 04:34 - 02237952 _____ (LEAD Technologies, Inc.) C:\Windows\system32\LTCLR14s.dll
2014-10-08 00:29 - 2006-10-09 04:34 - 01292288 _____ (LEAD Technologies, Inc.) C:\Windows\system32\LTRPR14n.DLL
2014-10-08 00:29 - 2006-10-09 04:34 - 01056256 _____ (LEAD Technologies, Inc.) C:\Windows\system32\Ltr14nu.dll
2014-10-08 00:29 - 2006-10-09 04:34 - 01024000 _____ (LEAD Technologies, Inc.) C:\Windows\system32\Ltr14n.dll
2014-10-08 00:29 - 2006-10-09 04:34 - 01000448 _____ (LEAD Technologies, Inc.) C:\Windows\system32\LTRVW14nu.OCX
2014-10-08 00:29 - 2006-10-09 04:34 - 00623104 _____ (LEAD Technologies, Inc.) C:\Windows\system32\LTRVW14n.OCX
2014-10-08 00:29 - 2006-10-09 04:34 - 00437248 _____ (LEAD Technologies, Inc.) C:\Windows\system32\LFCMP14su.DLL
2014-10-08 00:29 - 2006-10-09 04:34 - 00432128 _____ (LEAD Technologies, Inc.) C:\Windows\system32\LFCMP14s.DLL
2014-10-08 00:29 - 2006-10-09 04:34 - 00395264 _____ (LEAD Technologies, Inc.) C:\Windows\system32\LTRIO14nu.DLL
2014-10-08 00:29 - 2006-10-09 04:34 - 00369664 _____ (LEAD Technologies, Inc.) C:\Windows\system32\LTRIO14n.DLL
2014-10-08 00:29 - 2006-10-09 04:34 - 00226304 _____ (LEAD Technologies, Inc.) C:\Windows\system32\LTRFD14nu.DLL
2014-10-08 00:29 - 2006-10-09 04:34 - 00199680 _____ (LEAD Technologies, Inc.) C:\Windows\system32\ltrfd14n.dll
2014-10-08 00:29 - 2006-10-09 04:34 - 00132608 _____ (LEAD Technologies, Inc.) C:\Windows\system32\LTRVR14nu.dll
2014-10-08 00:29 - 2006-10-09 04:34 - 00107520 _____ (LEAD Technologies, Inc.) C:\Windows\system32\LTRVR14n.dll
2014-10-08 00:29 - 2006-10-09 04:34 - 00080384 _____ (LEAD Technologies, Inc.) C:\Windows\system32\lfwmf14s.dll
2014-10-08 00:29 - 2006-10-09 04:34 - 00065024 _____ (LEAD Technologies, Inc.) C:\Windows\system32\lfXpm14su.dll
2014-10-08 00:29 - 2006-10-09 04:34 - 00064512 _____ (LEAD Technologies, Inc.) C:\Windows\system32\lfXpm14s.dll
2014-10-08 00:29 - 2006-10-09 04:34 - 00060416 _____ (LEAD Technologies, Inc.) C:\Windows\system32\lfXbm14su.dll
2014-10-08 00:29 - 2006-10-09 04:34 - 00059904 _____ (LEAD Technologies, Inc.) C:\Windows\system32\lfXbm14s.dll
2014-10-08 00:29 - 2006-10-09 04:34 - 00050176 _____ (LEAD Technologies, Inc.) C:\Windows\system32\lfwmf14su.dll
2014-10-08 00:29 - 2006-10-09 04:34 - 00045056 _____ (LEAD Technologies, Inc.) C:\Windows\system32\lfiff14su.dll
2014-10-08 00:29 - 2006-10-09 04:34 - 00043520 _____ (LEAD Technologies, Inc.) C:\Windows\system32\lfbmp14su.dll
2014-10-08 00:29 - 2006-10-09 04:34 - 00043520 _____ (LEAD Technologies, Inc.) C:\Windows\system32\lfbmp14s.dll
2014-10-08 00:29 - 2006-10-09 04:34 - 00040448 _____ (LEAD Technologies, Inc.) C:\Windows\system32\lfiff14s.dll
2014-10-08 00:29 - 2006-10-09 03:01 - 00241757 _____ (Samsung Electronics Co. Ltd) C:\Windows\system32\AVSVideoDNIeFilter.dll
2014-10-08 00:29 - 2006-10-09 03:01 - 00163840 _____ (Samsung Electronics) C:\Windows\system32\AVSCDDAReader.dll
2014-10-08 00:29 - 2006-10-09 03:01 - 00114688 _____ (Samsung Electronics Co. Ltd) C:\Windows\system32\AVSVideoDNIeFilterForTV.dll
2014-10-08 00:29 - 2006-10-09 03:01 - 00114688 _____ (Samsung Electronics Co. Ltd) C:\Windows\system32\AVSAudioDNSeFilter.dll
2014-10-08 00:29 - 2006-10-09 03:01 - 00094208 _____ (Samsung Electronics Co. Ltd) C:\Windows\system32\AVSVideoDownSample.dll
2014-10-08 00:29 - 2006-10-09 03:01 - 00086016 _____ (Samsung Electronics Co. Ltd) C:\Windows\system32\AVSVideoInfoConvertInfTee.dll
2014-10-08 00:29 - 2006-10-09 03:01 - 00081920 _____ (Samsung Electronics Co. Ltd.) C:\Windows\system32\AVSAudioSpectrumDMO.dll
2014-10-08 00:29 - 2006-10-09 03:01 - 00077824 _____ (Samsung Electronics Co. Ltd.) C:\Windows\system32\AVSAudioEqDMO.dll
2014-10-08 00:29 - 2006-10-09 03:01 - 00073728 _____ (Samsung Electronics Co. Ltd.) C:\Windows\system32\AVSAudioDNSeDMO.dll
2014-10-08 00:29 - 2006-10-09 03:01 - 00065536 _____ (Samsung Electronics Co. Ltd) C:\Windows\system32\AVSAudioSampRateDMO.dll
2014-10-08 00:29 - 2006-10-09 03:01 - 00065536 _____ (Samsung Electronics Co. Ltd) C:\Windows\system32\AVSAudioDRCDMO.dll
2014-10-08 00:29 - 2006-10-09 03:01 - 00061440 _____ () C:\Windows\system32\AVSAudioWideStereoDMO.dll
2014-10-08 00:29 - 2006-10-05 06:10 - 00009216 _____ (Agere Systems) C:\Windows\system32\agrsmsvc.exe
2014-10-08 00:29 - 2006-09-11 08:34 - 00013312 _____ (Agere Systems) C:\Windows\system32\agrscoin.dll
2014-10-08 00:29 - 2006-07-24 03:50 - 00125744 _____ (Microsoft Corporation) C:\Windows\system32\MSSTDFMT.DLL
2014-10-08 00:29 - 2006-07-24 03:50 - 00047920 _____ (Microsoft Corporation) C:\Windows\system32\VBAME.DLL
2014-10-08 00:29 - 2006-07-24 03:50 - 00039728 _____ (Microsoft Corporation) C:\Windows\system32\SCP32.DLL
2014-10-08 00:29 - 2006-04-14 03:07 - 02222936 _____ (Microsoft Corporation) C:\Windows\system32\sqlncli.dll
2014-10-08 00:29 - 2005-10-13 20:51 - 00066264 _____ (Microsoft Corporation) C:\Windows\system32\sqlctr90.dll
2014-10-08 00:29 - 2005-07-26 18:11 - 00055296 _____ () C:\Windows\system32\SQLServerManager.msc
2014-10-08 00:29 - 2004-10-11 21:02 - 00348160 _____ (Microsoft Corporation) C:\Windows\system32\msvcr71.dll
2014-10-08 00:29 - 2001-11-14 05:56 - 01802240 _____ () C:\Windows\system32\lcppn21.dll
2014-10-07 23:54 - 2014-10-07 23:54 - 00001068 _____ () C:\Users\Michaela\Desktop\Disk Cleaner.lnk
2014-10-07 14:44 - 2014-10-07 14:44 - 00000000 ____D () C:\Users\Michaela\AppData\Roaming\ProductData
2014-10-07 14:43 - 2014-10-07 14:43 - 00001021 _____ () C:\Users\Public\Desktop\IObit Uninstaller.lnk
2014-09-25 04:01 - 2014-09-25 04:02 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-09-25 03:01 - 2014-09-09 08:24 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-18 10:55 - 2014-09-18 10:55 - 00001880 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-09-18 10:55 - 2014-09-18 10:55 - 00000000 ___RD () C:\Program Files\Skype
2014-09-18 10:55 - 2014-09-18 10:55 - 00000000 ____D () C:\Users\Michaela\AppData\Local\Skype
2014-09-18 10:55 - 2014-09-18 10:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-09-18 10:55 - 2014-09-18 10:55 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-09-18 10:39 - 2014-10-07 23:22 - 00000000 ____D () C:\ProgramData\Freemake
2014-09-18 10:39 - 2014-09-18 10:49 - 00000000 ____D () C:\Users\Michaela\AppData\Roaming\RHEng
2014-09-18 10:39 - 2014-09-18 10:45 - 00000000 ____D () C:\Program Files\CheckPoint
2014-09-18 10:39 - 2014-09-18 10:40 - 00000000 ____D () C:\Users\Michaela\Documents\Freemake
2014-09-18 10:39 - 2014-09-18 10:39 - 00000000 ____D () C:\ProgramData\CheckPoint
2014-09-18 10:38 - 2014-10-07 23:22 - 00000000 ____D () C:\Program Files\Freemake
2014-09-18 10:36 - 2014-09-18 10:36 - 01261672 _____ (Ellora Assets Corporation ) C:\Users\Michaela\FreemakeAudioConverterSetup.exe
2014-09-12 03:17 - 2014-08-15 16:51 - 12363264 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-12 03:17 - 2014-08-15 16:42 - 09739776 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-12 03:17 - 2014-08-15 16:42 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-12 03:17 - 2014-08-15 16:37 - 01137664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-12 03:17 - 2014-08-15 16:37 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-12 03:17 - 2014-08-15 16:36 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-12 03:17 - 2014-08-15 16:35 - 01802240 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-12 03:17 - 2014-08-15 16:35 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-09-12 03:17 - 2014-08-15 16:35 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-12 03:17 - 2014-08-15 16:35 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-12 03:17 - 2014-08-15 16:35 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-12 03:17 - 2014-08-15 16:35 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-09-12 03:17 - 2014-08-15 16:35 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-12 03:17 - 2014-08-15 16:35 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-12 03:17 - 2014-08-15 16:35 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-12 03:17 - 2014-08-15 16:35 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-09-12 03:17 - 2014-08-15 16:34 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-12 03:17 - 2014-08-15 16:34 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-12 03:17 - 2014-08-15 16:34 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-12 03:17 - 2014-08-15 16:34 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-09-12 03:17 - 2014-08-15 16:34 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-08 12:40 - 2006-11-02 14:47 - 00003712 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-08 12:40 - 2006-11-02 14:47 - 00003712 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-08 12:27 - 2014-01-19 15:38 - 00000304 _____ () C:\Windows\Tasks\SaveSense.job
2014-10-08 12:27 - 2012-12-07 01:20 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-08 12:25 - 2013-10-01 22:20 - 00000918 _____ () C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineUA.job
2014-10-08 08:27 - 2012-12-07 01:20 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-08 08:16 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\rescache
2014-10-08 08:14 - 2012-08-03 23:38 - 00028124 _____ () C:\ProgramData\nvModes.dat
2014-10-08 08:14 - 2012-08-03 23:38 - 00028124 _____ () C:\ProgramData\nvModes.001
2014-10-08 08:08 - 2008-01-21 09:16 - 01566504 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-08 08:06 - 2012-12-01 00:02 - 00000000 ___RD () C:\Users\Michaela\Dropbox
2014-10-08 08:05 - 2012-11-30 23:59 - 00000000 ____D () C:\Users\Michaela\AppData\Roaming\Dropbox
2014-10-08 08:05 - 2012-11-16 19:50 - 00000392 _____ () C:\Windows\Tasks\Final Media Player Update Checker.job
2014-10-08 08:04 - 2012-08-03 22:44 - 00000000 ____D () C:\Users\Michaela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite
2014-10-08 08:02 - 2013-12-01 00:54 - 00000000 ____D () C:\ProgramData\ProductData
2014-10-08 08:02 - 2013-10-01 22:20 - 00000914 _____ () C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineCore.job
2014-10-08 08:01 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-08 07:55 - 2012-08-03 22:33 - 00001356 _____ () C:\Users\Michaela\AppData\Local\d3d9caps.dat
2014-10-08 07:27 - 2013-08-29 07:36 - 00000395 ____H () C:\Users\Michaela\Documents\.picasa.ini
2014-10-08 06:43 - 2013-02-14 01:18 - 39239680 _____ () C:\Windows\system32\config\SOFTWARE.iobit
2014-10-08 06:43 - 2013-02-14 01:18 - 00237568 _____ () C:\Windows\system32\config\DEFAULT.iobit
2014-10-08 06:43 - 2013-02-14 01:18 - 00057344 _____ () C:\Windows\system32\config\SAM.iobit
2014-10-08 06:43 - 2013-02-14 01:18 - 00028672 _____ () C:\Windows\system32\config\SECURITY.iobit
2014-10-08 06:43 - 2012-11-28 16:50 - 42201088 _____ () C:\Windows\system32\config\COMPONENTS.iobit
2014-10-08 06:43 - 2012-08-03 22:33 - 00000000 ____D () C:\Users\Michaela
2014-10-07 23:14 - 2013-01-03 23:17 - 00000000 ____D () C:\Users\Michaela\Desktop\München-2012
2014-10-07 23:11 - 2012-08-03 22:44 - 00000000 ____D () C:\Program Files\SamSung
2014-10-07 23:11 - 2012-08-03 22:37 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-10-07 14:50 - 2006-11-02 14:47 - 00258328 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-07 14:43 - 2013-12-01 00:54 - 00001986 _____ () C:\Users\Public\Desktop\Advanced SystemCare 7.lnk
2014-10-07 14:42 - 2013-12-01 00:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 7
2014-10-07 13:27 - 2014-01-19 19:42 - 00000205 _____ () C:\Users\Michaela\AppData\Roaming\WB.CFG
2014-10-07 13:20 - 2014-03-17 22:25 - 00000439 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-10-07 08:03 - 2014-02-11 09:11 - 00000000 ____D () C:\Windows\Minidump
2014-10-07 00:18 - 2012-11-28 16:38 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-10-06 23:46 - 2012-11-16 19:50 - 00000000 ____D () C:\Program Files\File Type Assistant
2014-09-25 16:12 - 2014-02-24 13:14 - 42201088 _____ () C:\Windows\system32\config\COMPONENTS.iodefrag.bak
2014-09-25 16:12 - 2014-02-24 13:14 - 39239680 _____ () C:\Windows\system32\config\SOFTWARE.iodefrag.bak
2014-09-25 16:12 - 2014-02-24 13:14 - 00237568 _____ () C:\Windows\system32\config\DEFAULT.iodefrag.bak
2014-09-25 16:12 - 2014-02-24 13:14 - 00057344 _____ () C:\Windows\system32\config\SAM.iodefrag.bak
2014-09-25 16:12 - 2014-02-24 13:14 - 00028672 _____ () C:\Windows\system32\config\SECURITY.iodefrag.bak
2014-09-25 03:26 - 2012-12-07 01:21 - 00001963 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-25 03:02 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\de-DE
2014-09-22 08:41 - 2012-08-15 21:18 - 00231568 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-20 01:17 - 2006-11-02 15:01 - 00032602 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-09-18 11:21 - 2013-02-15 00:32 - 00000000 ____D () C:\Users\Michaela\AppData\Roaming\Skype
2014-09-18 11:02 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-09-18 10:55 - 2013-02-15 00:31 - 00000000 ____D () C:\ProgramData\Skype
2014-09-18 10:54 - 2012-11-28 16:45 - 00000000 ____D () C:\ProgramData\IObit
2014-09-18 10:39 - 2013-04-21 09:55 - 00000000 ____D () C:\Users\Michaela\AppData\Roaming\OpenCandy
2014-09-18 10:26 - 2012-12-01 00:02 - 00000928 _____ () C:\Users\Michaela\Desktop\Dropbox.lnk
2014-09-18 10:26 - 2012-11-30 23:59 - 00000000 ____D () C:\Users\Michaela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-09-17 00:54 - 2012-11-29 17:49 - 00002425 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-09-12 03:16 - 2013-08-15 02:16 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-12 03:08 - 2006-11-02 12:24 - 98758480 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-09-12 03:07 - 2012-11-26 21:44 - 00002155 _____ () C:\Windows\epplauncher.mif
2014-09-12 03:07 - 2012-11-26 21:43 - 00001826 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-09-12 03:07 - 2012-11-26 21:43 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-09-11 07:39 - 2013-01-03 20:28 - 00012800 _____ () C:\Users\Michaela\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
Files to move or delete:
====================
C:\Users\Michaela\FreemakeAudioConverterSetup.exe
Some content of TEMP:
====================
C:\Users\Michaela\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpnshhat.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-10-08 08:22
==================== End Of Log ============================
--- --- --- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 06-10-2014 01
Ran by Michaela at 2014-10-08 12:45:02
Running from C:\Users\Michaela\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ZoneAlarm Free Firewall Firewall (Disabled) {E6380B7E-D4B2-19F1-083E-56486607704B}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
AAVUpdateManager (HKLM\...\{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}) (Version: 18.00.0000 - Wolters Kluwer Deutschland GmbH)
Adobe Digital Editions 3.0 (HKLM\...\Adobe Digital Editions 3.0) (Version: 3.0.1 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.7.700.224 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.43 - Adobe Systems Incorporated)
Adobe Reader X (10.1.12) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)
Advanced SystemCare 7 (HKLM\...\Advanced SystemCare 7_is1) (Version: 7.4.0 - IObit)
Bonanza Deals (remove only) (HKLM\...\Bonanza Deals) (Version: 5.0.1.0 - Bonanza Deals) <==== ATTENTION
CCleaner (HKLM\...\CCleaner) (Version: 3.26 - Piriform)
CyberLink DVD Suite (HKLM\...\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 5.0.2403 - CyberLink Corp.)
CyberLink Power2Go (HKLM\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.0.3825 - CyberLink Corp.)
Delta Chrome Toolbar (HKLM\...\Delta Chrome Toolbar) (Version: - Visual Tools) <==== ATTENTION
Dropbox (HKCU\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)
Easy Battery Manager (HKLM\...\{6F730513-8688-4C3C-90A3-6B9792CE2EF3}) (Version: 3.2.1.7 - )
Easy Display Manager (HKLM\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 2.0.0.0 - Samsung)
File Type Assistant (HKLM\...\Trusted Software Assistant_is1) (Version: 2012.11.9.0 - ) <==== ATTENTION
Final Media Player 2012 (HKLM\...\FinalMediaPlayer_is1) (Version: 2012.10.9.0 - Bitberry Software) <==== ATTENTION
Free YouTube to MP3 Converter version 3.12.20.1230 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.20.1230 - DVDVideoSoft Ltd.)
Google Chrome (HKLM\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
Intel PROSet Wireless (Version: - ) Hidden
Intel(R) PROSet/Wireless WiFi-Software (HKLM\...\{BA5F3E0E-8F3E-47BD-88E4-AD3EB5225F51}) (Version: 12.00.2000 - Intel(R) Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
IObit Malware Fighter (HKLM\...\IObit Malware Fighter_is1) (Version: 1.0 - IObit)
IObit Uninstaller (HKLM\...\IObitUninstall) (Version: 3.3.9.2622 - IObit)
IObit Unlocker (HKLM\...\IObit Unlocker_is1) (Version: 1.1 - IObit)
Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (Version: 2.1.67.1 - Oracle, Inc.) Hidden
LabelPrint (HKLM\...\{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: .2406 - CyberLink Corp.)
LightScribe System Software 1.12.37.1 (HKLM\...\{004C5DA2-2051-4D25-94BA-51CF810C91EB}) (Version: 1.12.37.1 - LightScribe)
Marvell Miniport Driver (HKLM\...\Marvell Miniport Driver) (Version: 11.45.4.3 - Marvell)
Media Player (HKLM\...\MediaPlayerV1alpha238) (Version: 1.1 - Media Player) <==== ATTENTION
Media View (HKLM\...\MediaViewV1alpha196) (Version: 1.1 - Media View) <==== ATTENTION
Media View (HKLM\...\MediaViewV1alpha8024) (Version: 1.1 - Media View) <==== ATTENTION
Media Viewer (HKLM\...\MediaViewerV1alpha1863) (Version: 1.1 - Media Viewer) <==== ATTENTION
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.6.0305.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 32.0.3 (x86 de) (HKLM\...\Mozilla Firefox 32.0.3 (x86 de)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: - )
OpenOffice.org 3.4.1 (HKLM\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
PDF Architect (HKLM\...\{80A07844-CA64-4DE4-AB61-D37DDBE8074F}) (Version: 1.0.52.8917 - pdfforge)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.6.2 - pdfforge)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PlayCamera (HKLM\...\{804F1285-8CBF-408D-8CDC-D4D40003B2E4}) (Version: 1.0.1.7 - )
PowerDirector (HKLM\...\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 5.0.3927 - CyberLink Corp.)
PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 7.0.3118.0 - CyberLink Corp.)
PowerProducer (HKLM\...\{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 085120(3.7)_Vista_SSPC - CyberLink Corp.)
Protected Folder (HKLM\...\Protected Folder_is1) (Version: - IObit)
RealDownloader (Version: 1.3.3 - RealNetworks, Inc.) Hidden
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5605 - Realtek Semiconductor Corp.)
Samsung Recovery Solution III (HKLM\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 3.0.0.5 - Samsung)
Samsung Scan Assistant (HKLM\...\Samsung Scan Assistant) (Version: 1.04.22.00 - Samsung Electronics Co., Ltd.)
Samsung SCX-3200 Series (HKLM\...\Samsung SCX-3200 Series) (Version: - Samsung Electronics Co., Ltd.)
SaveSense (HKCU\...\SaveSense) (Version: - ) <==== ATTENTION
SaveSense (remove only) (HKLM\...\SaveSense) (Version: 5.3.0.6 - SaveSense) <==== ATTENTION
Skype™ 6.18 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
Smart Defrag 3 (HKLM\...\Smart Defrag 3_is1) (Version: 3.0 - IObit)
Steuer-Spar-Erklärung 2011 (HKLM\...\{9F5FD796-86F0-4360-85F8-D54C0F5411EB}) (Version: 16.01 - Akademische Arbeitsgemeinschaft Verlag)
Steuer-Spar-Erklärung 2012 (HKLM\...\{CCD2BAD2-0919-40CB-80CC-E9538B0E4C2E}) (Version: 17.01 - Wolters Kluwer Deutschland GmbH)
Steuer-Spar-Erklärung 2013 (HKLM\...\{AEB61F7A-4BBA-4292-A096-7893E09034A4}) (Version: 18.02 - Wolters Kluwer Deutschland GmbH)
SteuerSparErklärung 2014 (HKLM\...\{A463EB06-22A6-47F5-9593-E52B291EF13E}) (Version: 19.07.73 - Akademische Arbeitsgemeinschaft)
Surfing Protection (HKLM\...\IObit Surfing Protection_is1) (Version: 1.0 - IObit)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 10.1.2.0 - Synaptics)
TuneUp Utilities 2014 (de-DE) (Version: 14.0.1000.89 - TuneUp Software) Hidden
TuneUp Utilities 2014 (HKLM\...\TuneUp Utilities 2014) (Version: 14.0.1000.89 - TuneUp Software)
TuneUp Utilities 2014 (Version: 14.0.1000.89 - TuneUp Software) Hidden
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
V-bates 2.0.0.437 (HKLM\...\{77BEC163-D389-42c1-91A4-C758846296A5}_is1) (Version: 2.0.0.437 - Southstarco) <==== ATTENTION
Video Player (HKLM\...\Video Player) (Version: 1.1 - Video Player) <==== ATTENTION
Vimicro UVC Camera (HKLM\...\{71A51B09-E7D3-11DB-A386-005056C00008}) (Version: 1.00.0000 - Vimicro Corporation)
Webexp Enhanced (HKLM\...\Webexp Enhanced) (Version: 1.1 - Webexp Enhanced) <==== ATTENTION
Yahoo Community Smartbar Engine (HKCU\...\{dd463689-d583-4c53-8b24-4920cf11ebc5}) (Version: 1.6.1.924 - Linkury Inc.) <==== ATTENTION
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-942415238-3203751660-2953270710-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Michaela\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-942415238-3203751660-2953270710-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Michaela\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-942415238-3203751660-2953270710-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Michaela\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-942415238-3203751660-2953270710-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Michaela\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-942415238-3203751660-2953270710-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Michaela\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-942415238-3203751660-2953270710-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Michaela\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-942415238-3203751660-2953270710-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Michaela\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-942415238-3203751660-2953270710-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Michaela\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-942415238-3203751660-2953270710-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Michaela\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
==================== Restore Points =========================
24-09-2014 15:16:58 Geplanter Prüfpunkt
25-09-2014 01:00:26 Windows Update
25-09-2014 23:18:57 Geplanter Prüfpunkt
28-09-2014 21:29:05 Windows Update
01-10-2014 01:04:12 Geplanter Prüfpunkt
02-10-2014 04:18:22 Windows Update
06-10-2014 01:43:57 Windows Update
08-10-2014 06:09:13 IObit Uninstaller restore point
08-10-2014 06:14:20 IObit Uninstaller restore point
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2006-11-02 12:23 - 2006-09-18 23:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {0E7FA047-DD46-4BD7-90B7-0A55EF649DDD} - \AdobeFlashPlayerUpdate No Task File <==== ATTENTION
Task: {1419758E-0C5C-47B5-9DBB-485F0FEED91F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-12-07] (Google Inc.)
Task: {16CD6145-91AC-4D69-A4FC-067B5E25D6CC} - \AdobeFlashPlayerUpdate 2 No Task File <==== ATTENTION
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {1F185668-F306-4910-B89C-C55CDC9BBF8E} - System32\Tasks\SaveSenseLiveUpdateTaskMachineCore => C:\Program Files\SaveSenseLive\Update\SaveSenseLive.exe <==== ATTENTION
Task: {20227D2E-EDF0-42E1-8E25-60CA0034BE5D} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-942415238-3203751660-2953270710-1000 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {20914ED5-FE76-43B5-A638-8AB1C5A642BB} - System32\Tasks\BonanzaDealsLiveUpdateTaskMachineCore => C:\Program Files\BonanzaDealsLive\Update\BonanzaDealsLive.exe [2013-10-01] (BonanzaDeals) <==== ATTENTION
Task: {2254F349-684B-4CB4-975C-09A9FBA0B7EA} - \Adobe Flash Player Updater No Task File <==== ATTENTION
Task: {269C44DB-DAE1-43B7-989E-2E9807E6307B} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {298B112B-F510-4A83-90FD-840CF6F7CCCB} - System32\Tasks\SmartDefrag3_Update => C:\Program Files\IObit\Smart Defrag 3\AutoUpdate.exe [2014-02-13] (IObit)
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {38CBF656-23F4-42AD-A68A-A0D1785AA2AA} - System32\Tasks\ProgramUpdateCheck => C:\Program Files\File Type Assistant\TSAssist.exe [2012-11-09] (Trusted Software ApS) <==== ATTENTION
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {555CAE72-5DB4-4088-B7BD-358F2DC313DC} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-942415238-3203751660-2953270710-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {730BDECA-8032-41F6-A100-F1CFFF8269FC} - System32\Tasks\Final Media Player Update Checker => C:\Program Files\FinalMediaPlayer\FMPCheckForUpdates.exe [2012-09-02] (Bitberry Software)
Task: {8C419D96-F47F-41AD-8B97-8C6B9FDFC100} - System32\Tasks\EasyBatteryManager => C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe [2008-04-17] (SAMSUNG Electronics co., LTD.)
Task: {9466EBF1-0480-4086-B1AD-E44F13113A59} - System32\Tasks\EasyDisplayMgr => C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe [2008-05-22] (SAMSUNG Electronics)
Task: {97DCD50B-16FB-4B2A-851D-502335CF2C97} - System32\Tasks\EasySpeedUpManager => C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
Task: {A9160F96-9EF7-4A9C-AB8E-A74B84ACDEB0} - System32\Tasks\BonanzaDealsLiveUpdateTaskMachineUA => C:\Program Files\BonanzaDealsLive\Update\BonanzaDealsLive.exe [2013-10-01] (BonanzaDeals) <==== ATTENTION
Task: {B8BB35FF-D32F-4DE6-8E09-D111ACCFCFDE} - System32\Tasks\SaveSense => C:\Users\Michaela\AppData\Roaming\SAVESE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {B8F2DB4E-336E-4EAD-8351-F9F42F3F3F31} - System32\Tasks\SaveSenseLiveUpdateTaskMachineUA => C:\Program Files\SaveSenseLive\Update\SaveSenseLive.exe <==== ATTENTION
Task: {BC62C42E-0BF5-4080-A441-0010A11D9C3B} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-942415238-3203751660-2953270710-1000 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {C880D7BE-E260-4047-A80E-C3EB260BAE9A} - System32\Tasks\ProgramRefresh-ATFST => C:\Program Files\File Type Assistant\tsasetup.exe [2012-11-09] ( ) <==== ATTENTION
Task: {C8D7022C-7D2C-4BAE-96DD-6FC329F8AA09} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-12-19] (Piriform Ltd)
Task: {D91B60F8-7D77-426F-80A9-EA5FE19DA68F} - System32\Tasks\Uninstaller_SkipUac_Administrator => C:\Program Files\IObit\IObit Uninstaller\IObitUninstaler.exe [2014-08-22] (IObit)
Task: {DA3D0881-F888-4F8D-99F6-2F36BF8161E2} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-942415238-3203751660-2953270710-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {DEC965E7-B4F6-4D86-8AD9-91B3C35B4EEA} - System32\Tasks\BonanzaDealsUpdate => C:\Program <==== ATTENTION
Task: {E17C6C8C-BB79-4BE8-9BB3-FC166C0D7245} - System32\Tasks\ASC7_SkipUac_Michaela => C:\Program Files\IObit\Advanced SystemCare 7\ASC.exe [2014-08-22] (IObit)
Task: {E4D161FD-65C2-42F0-9902-FC470772F5FE} - System32\Tasks\ASC7_PerformanceMonitor => C:\Program Files\IObit\Advanced SystemCare 7\Monitor.exe [2014-08-20] (IObit)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: {EF2CF96B-520A-44D9-84BC-DDED7E093B03} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-12-07] (Google Inc.)
Task: {F2CCA185-ED4F-47B8-B6A7-17F22F2519C4} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-942415238-3203751660-2953270710-1000 => C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe [2013-08-14] (RealNetworks, Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineCore.job => C:\Program Files\BonanzaDealsLive\Update\BonanzaDealsLive.exe <==== ATTENTION
Task: C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineUA.job => C:\Program Files\BonanzaDealsLive\Update\BonanzaDealsLive.exe <==== ATTENTION
Task: C:\Windows\Tasks\Final Media Player Update Checker.job => C:\Program Files\FinalMediaPlayer\FMPCheckForUpdates.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\SaveSense.job => C:\Users\Michaela\AppData\Roaming\SAVESE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
==================== Loaded Modules (whitelisted) =============
2013-12-01 00:54 - 2013-10-25 12:08 - 00517408 _____ () C:\Program Files\IObit\Advanced SystemCare 7\sqlite3.dll
2008-05-23 13:46 - 2008-05-23 13:46 - 00200704 _____ () C:\Program Files\Intel\WiFi\bin\IWMSPROV.DLL
2012-11-29 17:23 - 2011-04-14 04:40 - 00024064 _____ () C:\Windows\System32\ssb3ml3.dll
2008-10-24 17:35 - 2008-10-24 17:35 - 00128296 _____ () C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
2013-08-14 16:19 - 2013-08-14 16:19 - 00039056 _____ () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
2012-08-03 22:44 - 2006-12-20 07:23 - 00272024 ____N () C:\Program Files\CyberLink\Shared Files\RichVideo.exe
2013-04-02 21:01 - 2013-11-05 12:48 - 00188760 _____ () C:\Program Files\Video downloader\ExtensionUpdaterService.exe
2014-01-27 16:43 - 2014-01-27 16:43 - 00065936 _____ () C:\Program Files\CheckPoint\ZoneAlarm\Community.CsharpSqlite.SQLiteClient.dll
2012-11-16 19:50 - 2011-10-23 20:28 - 00199168 _____ () C:\Program Files\File Type Assistant\itdownload.dll
2014-02-16 12:06 - 2012-09-05 19:55 - 00892288 _____ () C:\Program Files\IObit\Smart Defrag 3\webres.dll
2012-08-03 22:49 - 2006-08-12 12:48 - 00049152 _____ () C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll
2013-12-01 00:54 - 2013-01-15 18:48 - 00348992 _____ () C:\Program Files\IObit\Advanced SystemCare 7\madExcept_.bpl
2013-12-01 00:54 - 2013-01-15 18:48 - 00183616 _____ () C:\Program Files\IObit\Advanced SystemCare 7\madBasic_.bpl
2013-12-01 00:54 - 2013-01-15 18:48 - 00051008 _____ () C:\Program Files\IObit\Advanced SystemCare 7\madDisAsm_.bpl
2013-12-01 00:54 - 2013-01-15 18:47 - 00893248 _____ () C:\Program Files\IObit\Advanced SystemCare 7\webres.dll
2012-11-29 17:27 - 2011-06-21 03:18 - 01990144 _____ () C:\Windows\twain_32\Samsung\SCX3200\Scan2Pc.exe
2012-11-29 17:27 - 2009-11-19 14:10 - 01384520 _____ () C:\Windows\twain_32\Samsung\SCX3200\ssole.dll
2007-07-12 13:55 - 2007-07-12 13:55 - 01581056 _____ () C:\Program Files\Common Files\LightScribe\QtCore4.dll
2007-08-14 13:59 - 2007-08-14 13:59 - 06365184 _____ () C:\Program Files\Common Files\LightScribe\QtGui4.dll
2007-07-12 13:55 - 2007-07-12 13:55 - 00131072 _____ () C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
2013-12-01 00:54 - 2014-02-13 16:44 - 01214240 _____ () C:\Program Files\IObit\Advanced SystemCare 7\RealTimeProtector.exe
2014-10-08 08:05 - 2014-10-08 08:05 - 00043008 _____ () c:\users\michaela\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpnshhat.dll
2013-08-23 21:01 - 2013-08-23 21:01 - 25100288 _____ () C:\Users\Michaela\AppData\Roaming\Dropbox\bin\libcef.dll
2013-03-25 16:38 - 2012-07-05 14:54 - 01218432 _____ () C:\Program Files\IObit\IObit Malware Fighter\Scan.dll
2013-03-25 16:38 - 2010-11-26 13:18 - 00175616 _____ () C:\Program Files\IObit\IObit Malware Fighter\unrar.dll
2013-03-25 16:38 - 2011-06-23 14:41 - 00138752 _____ () C:\Program Files\IObit\IObit Malware Fighter\zlibwapi.dll
2012-08-10 17:51 - 2012-08-10 17:51 - 00985088 _____ () C:\Program Files\OpenOffice.org 3\program\libxml2.dll
2014-09-25 04:01 - 2014-09-25 04:01 - 03715184 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-02-09 01:20 - 2014-02-09 01:20 - 16287624 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_43.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice => ""="Service"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
========================= Accounts: ==========================
Administrator (S-1-5-21-942415238-3203751660-2953270710-500 - Administrator - Disabled)
Gast (S-1-5-21-942415238-3203751660-2953270710-501 - Limited - Disabled)
Michaela (S-1-5-21-942415238-3203751660-2953270710-1000 - Administrator - Enabled) => C:\Users\Michaela
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (10/08/2014 08:14:20 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {0a84cc0a-bf78-49de-9a97-35ed558b181c}
Error: (10/08/2014 08:11:58 AM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: MAHAKALA-PC)
Description: 0C:\Program Files\CheckPoint\Install\Install.exeCheck Point Install Utility0111755520
Error: (10/08/2014 08:09:03 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {0a84cc0a-bf78-49de-9a97-35ed558b181c}
Error: (10/08/2014 08:05:46 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (10/08/2014 08:05:46 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (10/08/2014 08:04:40 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (10/08/2014 08:04:40 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (10/08/2014 08:03:19 AM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Die Anwendung kann nicht initialisiert werden.
Kontext: Windows Anwendung
Details:
Der Registrierungswert kann nicht gelesen werden, da die Konfiguration ungültig ist. Erstellen Sie die Inhaltsindexkonfiguration erneut, indem Sie den Inhaltsindex entfernen. (0x80040d03)
Error: (10/08/2014 08:03:19 AM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Das Gatherer-Objekt kann nicht initialisiert werden.
Kontext: Windows Anwendung, SystemIndex Katalog
Details:
Der Registrierungswert kann nicht gelesen werden, da die Konfiguration ungültig ist. Erstellen Sie die Inhaltsindexkonfiguration erneut, indem Sie den Inhaltsindex entfernen. (0x80040d03)
Error: (10/08/2014 08:03:19 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Plug-In in <Search.TripoliIndexer> kann nicht initialisiert werden.
Kontext: Windows Anwendung, SystemIndex Katalog
Details:
Element nicht gefunden. (0x80070490)
System errors:
=============
Error: (10/08/2014 08:49:44 AM) (Source: Microsoft Antimalware) (EventID: 3002) (User: )
Description: Vom Echtzeitschutz-Feature von %%860 wurde ein Fehler festgestellt
Feature: %%834
Fehlercode: 0x80004005
Fehlerbeschreibung: Unbekannter Fehler
Grund: %%838
Error: (10/08/2014 08:17:06 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: 0x80070643Definitionsupdate für Microsoft Security Essentials – KB2310138 (Definition 1.185.2582.0){62A809B0-31C9-4EBF-AB55-DDFD686198C6}201
Error: (10/08/2014 08:16:48 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.
Neue Signaturversion:
Vorherige Signaturversion: 1.185.2402.0
Aktualisierungsquelle: %NT-AUTORITÄT59
Aktualisierungsphase: 4.6.0305.00
Quellpfad: 4.6.0305.01
Signaturtyp: %NT-AUTORITÄT602
Aktualisierungstyp: %NT-AUTORITÄT604
Benutzer: NT-AUTORITÄT\SYSTEM
Aktuelle Modulversion: %NT-AUTORITÄT605
Vorherige Modulversion: %NT-AUTORITÄT606
Fehlercode: %NT-AUTORITÄT607
Fehlerbeschreibung: %NT-AUTORITÄT608
Error: (10/08/2014 08:07:49 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: KtmRm für Distributed Transaction Coordinator
Error: (10/08/2014 08:03:20 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Windows Search1300001Neustart des Diensts
Error: (10/08/2014 08:03:20 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Windows Search2147749155 (0x80040D23)
Error: (10/08/2014 08:02:09 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: WajamUpdater%%3
Error: (10/08/2014 08:02:09 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058
Error: (10/08/2014 06:42:53 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.
Neue Signaturversion:
Vorherige Signaturversion: 1.185.2402.0
Aktualisierungsquelle: %NT-AUTORITÄT59
Aktualisierungsphase: 4.6.0305.00
Quellpfad: 4.6.0305.01
Signaturtyp: %NT-AUTORITÄT602
Aktualisierungstyp: %NT-AUTORITÄT604
Benutzer: NT-AUTORITÄT\SYSTEM
Aktuelle Modulversion: %NT-AUTORITÄT605
Vorherige Modulversion: %NT-AUTORITÄT606
Fehlercode: %NT-AUTORITÄT607
Fehlerbeschreibung: %NT-AUTORITÄT608
Error: (10/08/2014 06:42:53 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084wuauserv{E60687F7-01A1-40AA-86AC-DB1CBF673334}
Microsoft Office Sessions:
=========================
Error: (10/08/2014 08:14:20 AM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {0a84cc0a-bf78-49de-9a97-35ed558b181c}
Error: (10/08/2014 08:11:58 AM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: MAHAKALA-PC)
Description: 0C:\Program Files\CheckPoint\Install\Install.exeCheck Point Install Utility0111755520
Error: (10/08/2014 08:09:03 AM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {0a84cc0a-bf78-49de-9a97-35ed558b181c}
Error: (10/08/2014 08:05:46 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe
Error: (10/08/2014 08:05:46 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe
Error: (10/08/2014 08:04:40 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe
Error: (10/08/2014 08:04:40 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe
Error: (10/08/2014 08:03:19 AM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Kontext: Windows Anwendung
Details:
Der Registrierungswert kann nicht gelesen werden, da die Konfiguration ungültig ist. Erstellen Sie die Inhaltsindexkonfiguration erneut, indem Sie den Inhaltsindex entfernen. (0x80040d03)
Error: (10/08/2014 08:03:19 AM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog
Details:
Der Registrierungswert kann nicht gelesen werden, da die Konfiguration ungültig ist. Erstellen Sie die Inhaltsindexkonfiguration erneut, indem Sie den Inhaltsindex entfernen. (0x80040d03)
Error: (10/08/2014 08:03:19 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog
Details:
Element nicht gefunden. (0x80070490)
Search.TripoliIndexer
CodeIntegrity Errors:
===================================
Date: 2014-10-07 23:35:00.871
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-10-07 23:35:00.715
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-10-07 23:35:00.543
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-10-07 23:35:00.387
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-10-07 23:35:00.169
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18063_none_b2e033a8669434a1\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-10-07 23:34:59.997
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18063_none_b2e033a8669434a1\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-10-07 23:34:59.826
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18063_none_b2e033a8669434a1\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-10-07 23:34:59.654
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18063_none_b2e033a8669434a1\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-10-07 23:34:59.404
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18311_none_b3144862666d6db3\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-10-07 23:34:59.233
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18311_none_b3144862666d6db3\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Processor: Intel(R) Core(TM)2 Duo CPU P8400 @ 2.26GHz
Percentage of memory in use: 60%
Total physical RAM: 3065.88 MB
Available physical RAM: 1220.66 MB
Total Pagefile: 6330.89 MB
Available Pagefile: 4613.81 MB
Total Virtual: 2047.88 MB
Available Virtual: 1908.03 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:140.62 GB) (Free:48.98 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:147.46 GB) (Free:81.78 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: B6394A61)
Partition 1: (Not Active) - (Size=10 GB) - (Type=27)
Partition 2: (Active) - (Size=140.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=147.5 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
08.10.2014, 17:23
| #4 |
| /// the machine /// TB-Ausbilder | Samsung Laptop hängt ständig - kann nicht mehr mit arbeiten Lade Dir bitte von hier  Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
Ebenso alles von IOBIT deinstallieren!! Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
09.10.2014, 14:18
| #5 |
| | Samsung Laptop hängt ständig - kann nicht mehr mit arbeiten Hallo ... ok ... Rechner läuft aber gerade wieder wie wenn nix gewesen wäre? ... womit schau ich dann Filme oder hör ich Music, wenn ich die Media Player runter machen soll ? Muss ich alles später in Ruhe oder morgen machen - Danke erstmal ... Mi Soooo ich habe alles brav gemacht und hoffe nix vergessen... hier die Auswertung: Code:
ATTFilter ComboFix 14-10-04.01 - Michaela 09.10.2014 14:35:05.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3066.1775 [GMT 2:00]
ausgeführt von:: c:\users\Michaela\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: Microsoft Security Essentials *Disabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\MediaPlayerV1
c:\program files\MediaViewerV1
c:\program files\MediaViewV1
c:\program files\MediaViewV1\MediaViewV1alpha8024\ff\chrome.manifest
c:\program files\MediaViewV1\MediaViewV1alpha8024\ff\chrome\content\ffMediaViewV1alpha8024.js
c:\program files\MediaViewV1\MediaViewV1alpha8024\ff\chrome\content\icons\default\MediaViewV1alpha8024_32.png
c:\program files\MediaViewV1\MediaViewV1alpha8024\ff\chrome\content\icons\Thumbs.db
c:\program files\MediaViewV1\MediaViewV1alpha8024\ff\chrome\content\overlay.xul
c:\program files\MediaViewV1\MediaViewV1alpha8024\ff\install.rdf
c:\program files\MediaViewV1\MediaViewV1alpha8024\uninstall.exe
c:\program files\SaveSense
c:\program files\SaveSense\icon.ico
c:\program files\SaveSense\SaveSense.crx
c:\program files\SaveSense\SaveSense.xpi
c:\program files\SaveSense\SaveSenseIE.dll
c:\program files\SaveSense\SaveSenseIE64.dll
c:\program files\SaveSense\SaveSenseUpdateVer.exe
c:\program files\SaveSense\uninst.exe
c:\program files\WebexpEnhancedV1
c:\program files\WebexpEnhancedV1\WebexpEnhancedV1alpha349\ff\chrome.manifest
c:\program files\WebexpEnhancedV1\WebexpEnhancedV1alpha349\ff\chrome\content\ffWebexpEnhancedV1alpha349.js
c:\program files\WebexpEnhancedV1\WebexpEnhancedV1alpha349\ff\chrome\content\icons\default\WebexpEnhancedV1alpha349_32.png
c:\program files\WebexpEnhancedV1\WebexpEnhancedV1alpha349\ff\chrome\content\icons\Thumbs.db
c:\program files\WebexpEnhancedV1\WebexpEnhancedV1alpha349\ff\chrome\content\overlay.xul
c:\program files\WebexpEnhancedV1\WebexpEnhancedV1alpha349\ff\install.rdf
c:\program files\WebexpEnhancedV1\WebexpEnhancedV1alpha349\uninstall.exe
c:\programdata\Roaming
c:\programdata\Roaming\Intel\Wireless\Settings\Settings.ini
c:\programdata\SaveSenseLive
c:\programdata\SaveSenseLive\Update\Log\SaveSenseLive.log
c:\users\Michaela\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data
c:\users\Michaela\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eooncjejnppfjjklapaamhcdmjbilmde_0.localstorage
c:\users\Michaela\Desktop\Setup.exe
c:\users\Michaela\FreemakeAudioConverterSetup.exe
c:\windows\system32\drivers\etc\hosts.ics
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-09-09 bis 2014-10-09 ))))))))))))))))))))))))))))))
.
.
2014-10-09 09:11 . 2014-10-09 09:11 -------- d-----w- c:\program files\VS Revo Group
2014-10-08 15:20 . 2014-09-09 01:24 8806800 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6E3F07CC-D891-4605-BDC6-BD842DFB836A}\mpengine.dll
2014-10-08 10:43 . 2014-10-08 10:45 -------- d-----w- C:\FRST
2014-10-07 22:31 . 2014-10-07 22:31 -------- d-----w- c:\windows\system32\wbem\en-US
2014-10-07 12:44 . 2014-10-07 12:44 -------- d-----w- c:\users\Michaela\AppData\Roaming\ProductData
2014-10-06 01:45 . 2014-09-09 01:24 8806800 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-10-02 04:28 . 2014-09-16 22:09 908840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{23F2021B-704C-4610-8699-AB8A5950E9CD}\gapaengine.dll
2014-09-25 01:01 . 2014-09-09 06:24 2048 ----a-w- c:\windows\system32\tzres.dll
2014-09-18 08:55 . 2014-09-18 08:55 -------- d-----w- c:\users\Michaela\AppData\Local\Skype
2014-09-18 08:55 . 2014-09-18 08:55 -------- d-----w- c:\program files\Common Files\Skype
2014-09-18 08:55 . 2014-09-18 08:55 -------- d-----r- c:\program files\Skype
2014-09-18 08:39 . 2014-09-18 08:39 -------- d-----w- c:\programdata\CheckPoint
2014-09-18 08:39 . 2014-10-07 21:22 -------- d-----w- c:\programdata\Freemake
2014-09-18 08:39 . 2014-09-18 08:49 -------- d-----w- c:\users\Michaela\AppData\Roaming\RHEng
2014-09-18 08:38 . 2014-10-07 21:22 -------- d-----w- c:\program files\Freemake
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-09-22 06:41 . 2012-08-15 19:18 231568 ------w- c:\windows\system32\MpSigStub.exe
2014-09-16 22:09 . 2012-11-28 13:09 908840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-08-29 12:45 . 2014-08-29 12:45 297984 ----a-w- c:\windows\system32\gdi32.dll
2014-08-29 12:45 . 2014-08-29 12:45 2054656 ----a-w- c:\windows\system32\win32k.sys
2014-07-25 10:55 . 2014-08-14 21:33 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-07-25 00:35 . 2014-07-25 00:35 875688 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
2014-07-17 16:05 . 2014-07-17 16:05 231800 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2014-07-17 16:05 . 2012-08-30 21:03 95920 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2014-04-13 08:16 . 2014-04-13 08:15 4791720 ----a-w- c:\program files\ccsetup412pro.exe
2008-11-12 11:30 . 2012-08-15 18:58 15083520 ----a-r- c:\program files\spybotsd160.exe
2008-11-12 11:23 . 2012-08-15 18:59 25170424 ----a-r- c:\program files\antivir_workstation_winu_de_h.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Michaela\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Michaela\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Michaela\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" [X]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-03-17 2289664]
"ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2012-12-19 3273136]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Advanced SystemCare 7"="c:\program files\IObit\Advanced SystemCare 7\ASCTray.exe" [2014-08-22 2281248]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-06-09 13543968]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-06-09 92704]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-17 6111232]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-10-26 1029416]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 71216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 52256]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-08-22 974432]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2011-07-06 688128]
"SCX3200_Scan2Pc"="c:\windows\Twain_32\Samsung\SCX3200\Scan2pc.exe" [2011-06-21 1990144]
"3200 Scan2PC"="c:\windows\twain_32\Samsung\SCX3200\Scan2Pc.exe" [2011-06-21 1990144]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-08-21 959176]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2014-07-25 256896]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 7"="c:\program files\IObit\Advanced SystemCare 7\ASCTray.exe" [2014-08-22 2281248]
.
c:\users\Michaela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Michaela\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-9-13 36414624]
OpenOffice.org 3.4.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SmartDefragBootTime.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
S2 AAV UpdateService;AAV UpdateService;c:\program files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [2008-10-24 128296]
S2 AdvancedSystemCareService7;Advanced SystemCare Service 7;c:\program files\IObit\Advanced SystemCare 7\ASCService.exe [2014-08-18 893216]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-03-17 15:56 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-09-25 01:01 1096520 ----a-w- c:\program files\Google\Chrome\Application\37.0.2062.124\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-10-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-12-06 23:20]
.
2014-10-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-12-06 23:20]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.searchgol.com/?babsrc=HP_ss&mntrId=54C60016EAB06BA8&affID=119357&tsp=5022
uSearchAssistant = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=8be8c269-cb65-47bb-9f82-d5ad0cd73055&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=21/04/2013&type=hp1000
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
Trusted Zone: youtube.de\www
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Michaela\AppData\Roaming\Mozilla\Firefox\Profiles\62q4hg8p.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.searchgol.com/?babsrc=HP_ss&mntrId=54C60016EAB06BA8&affID=119357&tsp=5022
FF - ExtSQL: 2014-10-07 16:43; ascsurfingprotection@iobit.com; c:\users\Michaela\AppData\Roaming\Mozilla\Firefox\Profiles\62q4hg8p.default\extensions\ascsurfingprotection@iobit.com
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: content.notify.ontimer - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.switch.threshold - 750000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
FF - user.js: extentions.y2layers.installId - 5d81b1de-e89f-4212-a7b1-af744b244d83
FF - user.js: extentions.y2layers.defaultEnableAppsList - DropDownDeals,buzzdock,YontooNewOffers
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - 54c648ef0000000000000016eab06ba8
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15979
FF - user.js: extensions.delta.vrsn - 1.8.24.6
FF - user.js: extensions.delta.vrsni - 1.8.24.6
FF - user.js: extensions.delta.vrsnTs - 1.8.24.622:21
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - de
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta_i.babTrack - affID=119357&tsp=5022
FF - user.js: extensions.delta_i.babExt -
FF - user.js: extensions.delta_i.srcExt - ss
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
FF - user.js: extensions.zonealarm.hpOld0 - hxxp://www.searchgol.com/?babsrc=HP_ss&mntrId=54C60016EAB06BA8&affID=119357&tsp=5022
FF - user.js: extensions.zonealarm.tlbrSrchUrl - hxxp://search.zonealarm.com/search?src=tb&tbid=HFA5&Lan={dfltLng}&gu=9fb53328e5764df1b93831757b67cba0&tu=11Jiy00Fz1D13P0&sku=&tstsId=&ver=&&q=
FF - user.js: extensions.zonealarm.id - 54c648ef0000000000000016eab06ba8
FF - user.js: extensions.zonealarm.appId - {C56C48A0-DA4E-46F6-9859-1553DC865F84}
FF - user.js: extensions.zonealarm.instlDay - 16331
FF - user.js: extensions.zonealarm.vrsn - 1.8.29.17
FF - user.js: extensions.zonealarm.vrsni - 1.8.29.17
FF - user.js: extensions.zonealarm.vrsnTs - 1.8.29.1710:40
FF - user.js: extensions.zonealarm.prtnrId - checkpoint
FF - user.js: extensions.zonealarm.prdct - zonealarm
FF - user.js: extensions.zonealarm.aflt - 5066
FF - user.js: extensions.zonealarm.smplGrp - NewUSR
FF - user.js: extensions.zonealarm.tlbrId - HFA5
FF - user.js: extensions.zonealarm.instlRef - ZLN124849526498360-5066
FF - user.js: extensions.zonealarm.dfltLng - DE
FF - user.js: extensions.zonealarm.excTlbr - false
FF - user.js: extensions.zonealarm.ffxUnstlRst - false
FF - user.js: extensions.zonealarm.admin - false
FF - user.js: extensions.zonealarm.autoRvrt - false
FF - user.js: extensions.zonealarm.rvrt - false
FF - user.js: extensions.zonealarm.hmpg - true
FF - user.js: extensions.zonealarm.hmpgUrl - hxxp://search.zonealarm.com/?src=hp&tbid=HFA5&Lan=DE&gu=9fb53328e5764df1b93831757b67cba0&tu=11Jiy00Fz1D13P0&sku=&tstsId=&ver=&
FF - user.js: extensions.zonealarm.dfltSrch - true
FF - user.js: extensions.zonealarm.srchPrvdr - Search By ZoneAlarm
FF - user.js: extensions.zonealarm.kw_url - hxxp://search.zonealarm.com/search?src=sp&tbid=HFA5&Lan=DE&gu=9fb53328e5764df1b93831757b67cba0&tu=11Jiy00Fz1D13P0&sku=&tstsId=&ver=&&q=
FF - user.js: extensions.zonealarm.dnsErr - true
FF - user.js: extensions.zonealarm.newTab - true
FF - user.js: extensions.zonealarm.newTabUrl - hxxp://search.zonealarm.com/?src=nt&tbid=HFA5&Lan=DE&gu=9fb53328e5764df1b93831757b67cba0&tu=11Jiy00Fz1D13P0&sku=&tstsId=&ver=&
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2014-10-09 15:07
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\WLANExt.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\IObit\LiveUpdate\LiveUpdate.exe
c:\program files\PDF Architect\HelperService.exe
c:\program files\PDF Architect\ConversionService.exe
c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\IObit\Advanced SystemCare 7\Monitor.exe
c:\windows\system32\conime.exe
c:\windows\System32\rundll32.exe
c:\windows\RtHDVCpl.exe
c:\users\Michaela\AppData\Roaming\Dropbox\bin\Dropbox.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\Windows Media Player\wmpnscfg.exe
c:\windows\ehome\ehmsas.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-10-09 15:10:18 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2014-10-09 13:10
.
Vor Suchlauf: 9 Verzeichnis(se), 53.562.437.632 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 52.440.342.528 Bytes frei
.
- - End Of File - - E043C7EA9F474217E810B946819912A0
61A349592C4728853F4A90FF78F7628E
|
|
09.10.2014, 23:54
| #6 |
| /// the machine /// TB-Ausbilder | Samsung Laptop hängt ständig - kann nicht mehr mit arbeiten Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ --> Samsung Laptop hängt ständig - kann nicht mehr mit arbeiten |
|
10.10.2014, 13:05
| #7 |
| | Samsung Laptop hängt ständig - kann nicht mehr mit arbeitenCode:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Update, 10.10.2014 08:46:26, SYSTEM, MAHAKALA-PC, Manual, Rootkit Database, 2014.2.20.1, 2014.10.8.1, Update, 10.10.2014 08:46:50, SYSTEM, MAHAKALA-PC, Manual, Malware Database, 2014.3.4.9, 2014.10.10.3, (end) Code:
ATTFilter # AdwCleaner v3.311 - Bericht erstellt am 10/10/2014 um 09:07:48
# Aktualisiert 30/09/2014 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzername : Michaela - MAHAKALA-PC
# Gestartet von : C:\Users\Michaela\Programme\AdwCleaner_3.311.exe
# Option : Löschen
***** [ Dienste ] *****
[#] Dienst Gelöscht : Video downloader Updater
[#] Dienst Gelöscht : WajamUpdater
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\BitGuard
Ordner Gelöscht : C:\ProgramData\BonanzaDealsLive
Ordner Gelöscht : C:\Program Files\BonanzaDealsLive
Ordner Gelöscht : C:\Program Files\VideoPlayerV3
Ordner Gelöscht : C:\Windows\system32\SearchProtect
Ordner Gelöscht : C:\Users\Michaela\AppData\Local\BonanzaDealsLive
Ordner Gelöscht : C:\Users\Michaela\AppData\Local\SaveSenseLive
Ordner Gelöscht : C:\Users\Michaela\AppData\Local\SearchProtect
Ordner Gelöscht : C:\Users\Michaela\AppData\Local\Wajam
Ordner Gelöscht : C:\Users\Michaela\AppData\LocalLow\Delta
Ordner Gelöscht : C:\Users\Michaela\AppData\Roaming\BabSolution
Ordner Gelöscht : C:\Users\Michaela\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Michaela\AppData\Roaming\OpenCandy
Ordner Gelöscht : C:\Users\Michaela\AppData\Roaming\pdfforge
Ordner Gelöscht : C:\Users\Michaela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard
Ordner Gelöscht : C:\Users\Michaela\AppData\Roaming\Mozilla\Firefox\Profiles\62q4hg8p.default\Extensions\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}
Ordner Gelöscht : C:\Users\Michaela\AppData\Roaming\Mozilla\Firefox\Profiles\62q4hg8p.default\Extensions\ffxtlbr@delta.com
Ordner Gelöscht : C:\Users\Michaela\AppData\Roaming\Mozilla\Firefox\Profiles\62q4hg8p.default\Extensions\plugin@yontoo.com
Ordner Gelöscht : C:\Users\Michaela\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Ordner Gelöscht : C:\Users\Michaela\AppData\Local\Google\Chrome\User Data\Default\Extensions\khcceooakamlehbimaepcldnnlnkcmfk
Datei Gelöscht : C:\Users\Michaela\AppData\Roaming\Mozilla\Firefox\Profiles\62q4hg8p.default\Extensions\{f9d03c26-0575-497e-821d-f7956d23e0ca}.xpi
Datei Gelöscht : C:\Users\Michaela\AppData\Roaming\Mozilla\Firefox\Profiles\62q4hg8p.default\searchplugins\zonealarm.xml
Datei Gelöscht : C:\Users\Michaela\AppData\Roaming\Mozilla\Firefox\Profiles\62q4hg8p.default\user.js
***** [ Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\*\shell\filescout
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.bandobjectattribute
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.dockingpanel
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbarbandobject
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.smartbardisplaystate
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.smartbarmenuform
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHost.Tool
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1
Schlüssel Gelöscht : HKCU\Software\5e28ddfb034b917
Schlüssel Gelöscht : HKLM\SOFTWARE\5e28ddfb034b917
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{06DEB529-DE09-43EC-B6E2-451AAB0FF000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{997E3BFB-F821-411C-8B96-D61D415EC8FA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1070C156-160B-47A0-B7D9-1860396BAB57}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{27CE191D-733B-4450-AFCD-096D105288C3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{39A29266-D3E4-462D-AB05-F93B1053F6CF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{44FC7A33-2E5C-48DC-B6F5-B81E8005D122}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{73192D81-6D24-4C40-BF7B-2507C6FA0B1A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{88C606E7-BA26-41CB-8CC3-D1E313E34E75}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{93D3100A-BBB6-456C-96FC-82CAC5F383AC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{987D9269-F8A1-408F-BF62-4397D2F5363E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{997E3BFB-F821-411C-8B96-D61D415EC8FA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{998745A3-2AE4-488D-8092-B98FB20A00C2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{9E0546FF-D44F-4FE4-A324-995FCACB8D33}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A18D16ED-27B2-4B83-B70C-15E73F099546}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{BEE7E029-5037-4DAD-A2DB-82E397AB1A44}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C1424421-D274-491E-9D47-11C8D8CB5F9A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CDDAB3A4-E64D-4AE0-9E1D-F3132F5F913F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E0722BEB-FDA1-4AA1-A2A8-15A74A5B3F70}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E66A759D-367F-433E-85C6-ED7F040BCC32}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F4B8D46C-4EEE-401B-8607-DC03025F34B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{03771AEF-400D-4A13-B712-25878EC4A3F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{06DEB529-DE09-43EC-B6E2-451AAB0FF000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{E00DE9B9-B128-4C39-B732-B5D85013FA48}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A18D16ED-27B2-4B83-B70C-15E73F099546}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{BEE7E029-5037-4DAD-A2DB-82E397AB1A44}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{27CE191D-733B-4450-AFCD-096D105288C3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A18D16ED-27B2-4B83-B70C-15E73F099546}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BEE7E029-5037-4DAD-A2DB-82E397AB1A44}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{25A3A431-30BB-47C8-AD6A-E1063801134F}]
Schlüssel Gelöscht : HKLM\SOFTWARE\BetterSurf
Schlüssel Gelöscht : HKLM\SOFTWARE\Freeze.com
Schlüssel Gelöscht : HKLM\SOFTWARE\SearchProtect
Schlüssel Gelöscht : HKLM\SOFTWARE\Video downloader
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SaveSense
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
***** [ Browser ] *****
-\\ Internet Explorer v9.0.8112.16575
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
-\\ Mozilla Firefox v32.0.3 (x86 de)
[ Datei : C:\Users\Michaela\AppData\Roaming\Mozilla\Firefox\Profiles\62q4hg8p.default\prefs.js ]
Zeile gelöscht : user_pref("avg.install.userHPSettings", "hxxp://www.delta-search.com/?affID=120518&tt=190313_wo2&babsrc=HP_ss&mntrId=54C60016EAB06BA8");
Zeile gelöscht : user_pref("avg.install.userSPSettings", "Delta Search");
Zeile gelöscht : user_pref("browser.startup.homepage", "hxxp://www.searchgol.com/?babsrc=HP_ss&mntrId=54C60016EAB06BA8&affID=119357&tsp=5022");
Zeile gelöscht : user_pref("browser.uiCustomization.state", "{\"placements\":{\"PanelUI-contents\":[\"edit-controls\",\"zoom-controls\",\"new-window-button\",\"privatebrowsing-button\",\"save-page-button\",\"print-but[...]
Zeile gelöscht : user_pref("extensions.delta.admin", false);
Zeile gelöscht : user_pref("extensions.delta.aflt", "babsst");
Zeile gelöscht : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Zeile gelöscht : user_pref("extensions.delta.autoRvrt", "false");
Zeile gelöscht : user_pref("extensions.delta.dfltLng", "de");
Zeile gelöscht : user_pref("extensions.delta.excTlbr", false);
Zeile gelöscht : user_pref("extensions.delta.ffxUnstlRst", true);
Zeile gelöscht : user_pref("extensions.delta.id", "54c648ef0000000000000016eab06ba8");
Zeile gelöscht : user_pref("extensions.delta.instlDay", "15979");
Zeile gelöscht : user_pref("extensions.delta.instlRef", "sst");
Zeile gelöscht : user_pref("extensions.delta.newTab", false);
Zeile gelöscht : user_pref("extensions.delta.prdct", "delta");
Zeile gelöscht : user_pref("extensions.delta.prtnrId", "delta");
Zeile gelöscht : user_pref("extensions.delta.rvrt", "false");
Zeile gelöscht : user_pref("extensions.delta.smplGrp", "none");
Zeile gelöscht : user_pref("extensions.delta.tlbrId", "base");
Zeile gelöscht : user_pref("extensions.delta.tlbrSrchUrl", "");
Zeile gelöscht : user_pref("extensions.delta.vrsn", "1.8.24.6");
Zeile gelöscht : user_pref("extensions.delta.vrsnTs", "1.8.24.622:21:11");
Zeile gelöscht : user_pref("extensions.delta.vrsni", "1.8.24.6");
Zeile gelöscht : user_pref("extensions.delta_i.babExt", "");
Zeile gelöscht : user_pref("extensions.delta_i.babTrack", "affID=119357&tsp=5022");
Zeile gelöscht : user_pref("extensions.delta_i.srcExt", "ss");
Zeile gelöscht : user_pref("extensions.helperbar.Country", "Germany");
Zeile gelöscht : user_pref("extensions.helperbar.DockingPositionDown", true);
Zeile gelöscht : user_pref("extensions.helperbar.LastHiddenTime", 23466808);
Zeile gelöscht : user_pref("extensions.helperbar.SmartbarDisabled", false);
Zeile gelöscht : user_pref("extensions.helperbar.SmartbarStateMinimaized", true);
Zeile gelöscht : user_pref("extensions.helperbar.UserID", "8be8c269-cb65-47bb-9f82-d5ad0cd73055");
Zeile gelöscht : user_pref("extensions.helperbar.Visibility", true);
Zeile gelöscht : user_pref("extensions.zonealarm.dspFFXOld", "Delta Search");
Zeile gelöscht : user_pref("extensions.zonealarm.hpFFXOld", "hxxp://www.searchgol.com/?babsrc=HP_ss&mntrId=54C60016EAB06BA8&affID=119357&tsp=5022");
Zeile gelöscht : user_pref("extensions.zonealarm.hpOld0", "hxxp://www.searchgol.com/?babsrc=HP_ss&mntrId=54C60016EAB06BA8&affID=119357&tsp=5022");
Zeile gelöscht : user_pref("extensions.zonealarm.lastB", "hxxp://www.searchgol.com/?babsrc=HP_ss&mntrId=54C60016EAB06BA8&affID=119357&tsp=5022");
Zeile gelöscht : user_pref("extentions.y2layers.defaultEnableAppsList", "DropDownDeals,buzzdock,YontooNewOffers");
Zeile gelöscht : user_pref("extentions.y2layers.installId", "5d81b1de-e89f-4212-a7b1-af744b244d83");
-\\ Google Chrome v37.0.2062.124
[ Datei : C:\Users\Michaela\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Gelöscht [Startup_urls] : hxxp://search.babylon.com/?affID=120518&tt=190313_wo2&babsrc=HP_ss_din2g&mntrId=54C60016EAB06BA8
Gelöscht [Startup_urls] : hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=8be8c269-cb65-47bb-9f82-d5ad0cd73055&searchtype=hp&fr=linkury-tb&installDate=21/04/2013&type=hp1000
Gelöscht [Extension] : eooncjejnppfjjklapaamhcdmjbilmde
Gelöscht [Extension] : khcceooakamlehbimaepcldnnlnkcmfk
*************************
AdwCleaner[R0].txt - [13883 octets] - [10/10/2014 09:05:12]
AdwCleaner[S0].txt - [13571 octets] - [10/10/2014 09:07:48]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [13632 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.2 (10.09.2014:1)
OS: Windows Vista (TM) Home Premium x86
Ran by Michaela on 10.10.2014 at 9:32:43,89
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-942415238-3203751660-2953270710-1000\Software\Microsoft\Internet Explorer\Main\\Start Page
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}
~~~ Files
~~~ Folders
~~~ FireFox
Successfully deleted the following from C:\Users\Michaela\AppData\Roaming\mozilla\firefox\profiles\62q4hg8p.default\prefs.js
user_pref("browser.startup.homepage", "hxxp://www.searchgol.com/?babsrc=HP_ss&mntrId=54C60016EAB06BA8&affID=119357&tsp=5022");
user_pref("browser.uiCustomization.state", "{\"placements\":{\"PanelUI-contents\":[\"edit-controls\",\"zoom-controls\",\"new-window-button\",\"privatebrowsing-button\",\"save-
user_pref("extensions.helperbar.SmartbarDisabled", false);
user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
user_pref("extensions.zonealarm.hmpgUrl", "hxxp://search.zonealarm.com/?src=hp&tbid=HFA5&Lan=DE&gu=9fb53328e5764df1b93831757b67cba0&tu=11Jiy00Fz1D13P0&sku=&tstsId=&ver=&");
user_pref("extensions.zonealarm.kw_url", "hxxp://search.zonealarm.com/search?src=sp&tbid=HFA5&Lan=DE&gu=9fb53328e5764df1b93831757b67cba0&tu=11Jiy00Fz1D13P0&sku=&tstsId=&ver=&&
user_pref("extensions.zonealarm.newTabUrl", "hxxp://search.zonealarm.com/?src=nt&tbid=HFA5&Lan=DE&gu=9fb53328e5764df1b93831757b67cba0&tu=11Jiy00Fz1D13P0&sku=&tstsId=&ver=&");
user_pref("extensions.zonealarm.tlbrSrchUrl", "hxxp://search.zonealarm.com/search?src=tb&tbid=HFA5&Lan={dfltLng}&gu=9fb53328e5764df1b93831757b67cba0&tu=11Jiy00Fz1D13P0&sku=&ts
Emptied folder: C:\Users\Michaela\AppData\Roaming\mozilla\firefox\profiles\62q4hg8p.default\minidumps [98 files]
~~~ Chrome
Successfully deleted: [Folder] C:\Users\Michaela\appdata\local\Google\Chrome\User Data\Default\Extensions\khcceooakamlehbimaepcldnnlnkcmfk
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 10.10.2014 at 9:34:48,85
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
genauso wie ich vermute dass das programm "advanced system care" auch von IObit ist ...zumindest bietet es Zusatzprogramme zum downloaden an ...auch das Advanced deinstallieren? Ich habe jetzt die beiden Programme noch mit dem Uninstaller deinstalliert ... muss ich die anderen Vorgänge nun auch wiederholen und hier posten??? ob nun noch was von IOBIT ist, hoffe ich nicht ... kann ich das noch irgendwie "schnell" rausfinden, ohne jedes Programm anzuklicken ? |
|
11.10.2014, 11:22
| #8 |
| /// the machine /// TB-Ausbilder | Samsung Laptop hängt ständig - kann nicht mehr mit arbeiten Die beiden Dinger einfach deinstallieren. ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
12.10.2014, 09:13
| #9 |
| | Samsung Laptop hängt ständig - kann nicht mehr mit arbeiten Jetzt melden sich ständig andere Programme für ne Aktualisierung - z.B. Tune up Utilities 2014 ... was ist das denn ? Ist das sicher? ... Eset dauert ziemlich lange - musste ich abbrechen, weil ich mich nicht traute, das Programm nun alleine laufen zu lassen ohne virenscan oder firewall :/ ... Zwischenergebnis : ... werde es später nochmals durchlaufen lassen .... Code:
ATTFilter C:\Program Files\ccsetup412pro.exe Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung
C:\Program Files\CCleaner\ccsetup412.exe Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung
C:\Program Files\IObit\Advanced SystemCare 6\ASCPatch.exe Variante von Win32/Toolbar.Widgi.B evtl. unerwünschte Anwendung
C:\Program Files\IObit\Smart Defrag 2\smart-defrag-3-free.exe Win32/Toolbar.Widgi.E evtl. unerwünschte Anwendung
C:\Qoobox\Quarantine\C\Program Files\MediaViewV1\MediaViewV1alpha8024\uninstall.exe.vir Variante von Win32/Amonetize.X evtl. unerwünschte Anwendung
C:\Qoobox\Quarantine\C\Program Files\SaveSense\SaveSenseUpdateVer.exe.vir Variante von Win32/DealPly.M evtl. unerwünschte Anwendung
C:\Qoobox\Quarantine\C\Program Files\WebexpEnhancedV1\WebexpEnhancedV1alpha349\uninstall.exe.vir Variante von Win32/Amonetize.X evtl. unerwünschte Anwendung
C:\Qoobox\Quarantine\C\Users\Michaela\FreemakeAudioConverterSetup.exe.vir Variante von Win32/OpenCandy.A potenziell unsichere Anwendung
C:\Users\Michaela\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\66eb9996-32928e22 Java/Exploit.Agent.PGG Trojaner
C:\Users\Michaela\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\36eaab5a-2104dca3 Mehrere Bedrohungen
C:\Users\Michaela\AppData\Roaming\Mozilla\Firefox\Profiles\62q4hg8p.default\extensions\{8be8c269-cb65-47bb-9f82-d5ad0cd73055}\components\SmartbarFireFoxRemotePlugin_16.dll Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung
C:\Users\Michaela\AppData\Roaming\Mozilla\Firefox\Profiles\62q4hg8p.default\extensions\{8be8c269-cb65-47bb-9f82-d5ad0cd73055}\components\SmartbarFireFoxRemotePlugin_17.dll Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung
C:\Users\Michaela\AppData\Roaming\Mozilla\Firefox\Profiles\62q4hg8p.default\extensions\{8be8c269-cb65-47bb-9f82-d5ad0cd73055}\components\SmartbarFireFoxRemotePlugin_18.dll Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung
C:\Users\Michaela\AppData\Roaming\Mozilla\Firefox\Profiles\62q4hg8p.default\extensions\{8be8c269-cb65-47bb-9f82-d5ad0cd73055}\components\SmartbarFireFoxRemotePlugin_19.dll Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung
C:\Users\Michaela\AppData\Roaming\Mozilla\Firefox\Profiles\62q4hg8p.default\extensions\{8be8c269-cb65-47bb-9f82-d5ad0cd73055}\components\SmartbarFireFoxRemotePlugin_20.dll Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung
C:\Users\Michaela\AppData\Roaming\RHEng\BA1B729040494497957CE105CFEE5775\zafwSetupWeb_131_211_000.exe Win32/Toolbar.Conduit evtl. unerwünschte Anwendung
C:\Users\Michaela\Downloads\AdobeReaderSetup.exe Variante von Win32/SoftwareInstaller.A evtl. unerwünschte Anwendung
C:\Users\Michaela\Downloads\asc-setup_6pro.exe Variante von Win32/Toolbar.Widgi.B evtl. unerwünschte Anwendung
C:\Users\Michaela\Downloads\avc504-free(1).exe Win32/OpenCandy potenziell unsichere Anwendung
C:\Users\Michaela\Downloads\avc504-free.exe Win32/OpenCandy potenziell unsichere Anwendung
C:\Users\Michaela\Downloads\cbsidlm-cbsi118-IObit_Malware_Fighter-BP-10967594(1).exe Variante von Win32/CNETInstaller.B evtl. unerwünschte Anwendung
C:\Users\Michaela\Downloads\cbsidlm-cbsi118-IObit_Malware_Fighter-BP-10967594.exe Variante von Win32/CNETInstaller.B evtl. unerwünschte Anwendung
C:\Users\Michaela\Downloads\ccsetup325.exe Win32/Bundled.Toolbar.Google.E potenziell unsichere Anwendung
C:\Users\Michaela\Downloads\ccsetup326.exe Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung
C:\Users\Michaela\Downloads\ccsetup405.exe Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung
C:\Users\Michaela\Downloads\ccsetup410pro.exe Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung
C:\Users\Michaela\Downloads\defragsetup.exe Variante von Win32/Toolbar.Widgi.B evtl. unerwünschte Anwendung
C:\Users\Michaela\Downloads\FreeYouTubeToMP3Converter-3.12.20.1230.exe Win32/OpenCandy potenziell unsichere Anwendung
C:\Users\Michaela\Downloads\PDFCreator-1_6_2_2_setup.exe Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung
C:\Users\Michaela\Programme\Samsung-Kies-lnstall.exe Win32/WinloadSDA.E evtl. unerwünschte Anwendung
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9GKU0YSK\update[1] Variante von Win64/Toolbar.Perion.A evtl. unerwünschte Anwendung
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9GKU0YSK\update[2] Variante von Win64/Toolbar.Perion.A evtl. unerwünschte Anwendung
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9GKU0YSK\update[4] Variante von Win64/Toolbar.Perion.A evtl. unerwünschte Anwendung
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B53H2DC6\update[1] Variante von Win64/Toolbar.Perion.A evtl. unerwünschte Anwendung
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B53H2DC6\update[2] Variante von Win64/Toolbar.Perion.A evtl. unerwünschte Anwendung
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B53H2DC6\wajam_update[1].004 Variante von Win32/Wajam.D evtl. unerwünschte Anwendung
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B53H2DC6\wajam_update[1].007 Variante von Win32/Wajam.D evtl. unerwünschte Anwendung
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T0MB27EI\ApnIC[1].0 Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T0MB27EI\update[1] Variante von Win64/Toolbar.Perion.A evtl. unerwünschte Anwendung
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T0MB27EI\update[2] Variante von Win64/Toolbar.Perion.A evtl. unerwünschte Anwendung
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T0MB27EI\wajam_update[1].005 Variante von Win32/Wajam.D evtl. unerwünschte Anwendung
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T0MB27EI\wajam_update[1].006 Variante von Win32/Wajam.D evtl. unerwünschte Anwendung
|
|
12.10.2014, 23:00
| #10 |
| /// the machine /// TB-Ausbilder | Samsung Laptop hängt ständig - kann nicht mehr mit arbeiten Dann warte ich mal auf die restlichen Logs
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
16.10.2014, 06:13
| #11 |
| | Samsung Laptop hängt ständig - kann nicht mehr mit arbeiten ... das kann dauern bis ich so viel zeit habe, bis das Programm durchläuft und ich danach reagieren kann... das lief schon ne stunde und war erst bei 30 % ... :/ ... oder er ist dann 8 stunden ohne vierenscan und firewall im netz... ?!? ausserdem habe ich keine ahnung was dieses TuneUp Utilities ist... nervt ständig und will dass ich die vollversion kaufe ...kommt mir auch wie ein unsicheres Programm vor... woher kommt das denn? is neu... Geändert von MiWi-1 (16.10.2014 um 06:22 Uhr) |
|
16.10.2014, 18:33
| #12 |
| /// the machine /// TB-Ausbilder | Samsung Laptop hängt ständig - kann nicht mehr mit arbeiten Das kannste einfach deinstallieren. Firewall kann anbleiben während ESET.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
19.10.2014, 20:36
| #13 |
| | Samsung Laptop hängt ständig - kann nicht mehr mit arbeiten so... endlich... !!! :-) ... das ist nun der aktuellste scan ... ich hatte davor schon einen gemacht, weiss nicht ob komplett - wurde ein neustart gemacht ... Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=0ab10dbc328a78438d0d0846db764019
# engine=20670
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-10-19 10:22:23
# local_time=2014-10-19 12:22:23 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 2394914 85004165 0 0
# scanned=171872
# found=38
# cleaned=0
# scan_time=5828
sh=FA399A74E1D037E836E0E386AF8FE62C1E14D0D9 ft=1 fh=c6b5d98ab23f6683 vn="Win32/FileTypeAssistant.A evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\File Type Assistant\ftacfg.exe"
sh=DA54389EA063F8D7A26E3CB39AA09032E4DBD213 ft=1 fh=1513796eda21ce86 vn="Variante von Win32/FileTypeAssistant.A evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\File Type Assistant\TSASetup.exe"
sh=E4B53197028C27F573FCC33643DE8BC78225A1FD ft=1 fh=80f3fc0f71a40278 vn="Variante von Win32/FileTypeAssistant.A evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\File Type Assistant\tsassist.exe"
sh=116FECDB8347AC7BF41A68E4D4B88B1DCBC057A5 ft=1 fh=5ae66c48013adbc2 vn="Variante von Win32/Toolbar.Widgi.B evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\IObit\Advanced SystemCare 6\ASCPatch.exe"
sh=26B127840CEAB90DEE0D263E889DB892A4973A4C ft=1 fh=b8a296f727e4fb79 vn="Win32/Toolbar.Widgi.E evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\IObit\Smart Defrag 2\smart-defrag-3-free.exe"
sh=B7D648DC5CFC56166351800319CF292F4541A005 ft=1 fh=07891d98c310b3e7 vn="Variante von Win32/Amonetize.X evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\MediaViewV1\MediaViewV1alpha8024\uninstall.exe.vir"
sh=AAEA2D2C15813161F9E114E6E1708CE545D5C8CA ft=1 fh=0022d452663e533e vn="Variante von Win32/DealPly.M evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\SaveSense\SaveSenseUpdateVer.exe.vir"
sh=3345820D566B825A15E1C5F1C24FFFDDBB1B18B5 ft=1 fh=64ab978d04f9851e vn="Variante von Win32/Amonetize.X evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\WebexpEnhancedV1\WebexpEnhancedV1alpha349\uninstall.exe.vir"
sh=DC69F69E0FE7B153118C9F4D4E59318027CF29C1 ft=1 fh=e9313ee6409597e8 vn="Variante von Win32/FileTypeAssistant.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Michaela\AppData\Local\temp\is1957915176\45DFF6BD_stp.EXE"
sh=CF12266186E2C175C998F1AFCCDE0F653A0CB5B6 ft=0 fh=0000000000000000 vn="Java/Exploit.Agent.PGG Trojaner" ac=I fn="C:\Users\Michaela\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\66eb9996-32928e22"
sh=6DB3F93E7837C8DC2F6CFC997FC755722B08B2D0 ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\Michaela\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\36eaab5a-2104dca3"
sh=48C826EF00938F035C91C9F6B3E167CB21D96633 ft=1 fh=59fac0a23423ab50 vn="Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Michaela\AppData\Roaming\Mozilla\Firefox\Profiles\62q4hg8p.default\extensions\{8be8c269-cb65-47bb-9f82-d5ad0cd73055}\components\SmartbarFireFoxRemotePlugin_16.dll"
sh=45F4ABE93E1FB333545719948B418FB1207A5085 ft=1 fh=3a58b09db4698b9d vn="Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Michaela\AppData\Roaming\Mozilla\Firefox\Profiles\62q4hg8p.default\extensions\{8be8c269-cb65-47bb-9f82-d5ad0cd73055}\components\SmartbarFireFoxRemotePlugin_17.dll"
sh=FED76CBD8D5660DEC60B3F16547372DEE7F87FA6 ft=1 fh=9705b06916654cd4 vn="Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Michaela\AppData\Roaming\Mozilla\Firefox\Profiles\62q4hg8p.default\extensions\{8be8c269-cb65-47bb-9f82-d5ad0cd73055}\components\SmartbarFireFoxRemotePlugin_18.dll"
sh=C8F23EFE19C6A36D8921AE5C96F95808EBEFBE05 ft=1 fh=8064b8d931435e04 vn="Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Michaela\AppData\Roaming\Mozilla\Firefox\Profiles\62q4hg8p.default\extensions\{8be8c269-cb65-47bb-9f82-d5ad0cd73055}\components\SmartbarFireFoxRemotePlugin_19.dll"
sh=C7E054C7BA58AE2D703DB29C52346A3ED84FEF57 ft=1 fh=53532950b9749a4f vn="Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Michaela\AppData\Roaming\Mozilla\Firefox\Profiles\62q4hg8p.default\extensions\{8be8c269-cb65-47bb-9f82-d5ad0cd73055}\components\SmartbarFireFoxRemotePlugin_20.dll"
sh=98FCF260C8C676E33DA77173AB222BA6B0142116 ft=1 fh=e0b1efaf129489ac vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Michaela\AppData\Roaming\RHEng\BA1B729040494497957CE105CFEE5775\zafwSetupWeb_131_211_000.exe"
sh=027E6118DFFDB1060D1B2434BAC8603D4A476D67 ft=1 fh=bc997c791e848cb0 vn="Variante von Win32/SoftwareInstaller.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Michaela\Downloads\AdobeReaderSetup.exe"
sh=8535ED1AB74D7B9547C7D47E75B9159076527253 ft=1 fh=25a511c14236d929 vn="Variante von Win32/Toolbar.Widgi.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Michaela\Downloads\asc-setup_6pro.exe"
sh=4753D89650A73BB5FF94B8C61716DE2A5ECD8796 ft=1 fh=4888d5a0cb663a72 vn="Variante von Win32/CNETInstaller.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Michaela\Downloads\cbsidlm-cbsi118-IObit_Malware_Fighter-BP-10967594(1).exe"
sh=4753D89650A73BB5FF94B8C61716DE2A5ECD8796 ft=1 fh=4888d5a0cb663a72 vn="Variante von Win32/CNETInstaller.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Michaela\Downloads\cbsidlm-cbsi118-IObit_Malware_Fighter-BP-10967594.exe"
sh=DDA7A4231C56CDFC44B5273AF921188842818DF8 ft=1 fh=870e9cfa7219e619 vn="Variante von Win32/Toolbar.Widgi.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Michaela\Downloads\defragsetup.exe"
sh=DC69F69E0FE7B153118C9F4D4E59318027CF29C1 ft=1 fh=e9313ee6409597e8 vn="Variante von Win32/FileTypeAssistant.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Michaela\Downloads\FinalMediaPlayer2014U1Setup.exe"
sh=BCF43267B4416C6DDEFAAD5AE0A63E3F682C5BB0 ft=1 fh=905be375e5c80006 vn="Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Michaela\Downloads\PDFCreator-1_6_2_2_setup.exe"
sh=465433C37D42CC986DB0E1B60A9A482925950033 ft=1 fh=4f6ad7b3ad9b536c vn="Variante von Win32/InstallCore.QH evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Michaela\Programme\FinalMediaPlayerSetup.exe"
sh=0A5CB0F0E3F062A8AED9ACEC1C6FB8A27F8F1AB1 ft=1 fh=6f10425ebd4afc01 vn="Win32/WinloadSDA.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Michaela\Programme\Samsung-Kies-lnstall.exe"
sh=27D1992D866CEB83F291410BBDF09DF322BB7FA1 ft=1 fh=cbfcb8046bee414d vn="Variante von Win64/Toolbar.Perion.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9GKU0YSK\update[1]"
sh=3FD275E199DA4023E178393A1289AA92CF177A57 ft=1 fh=cfaf5f74f2400e93 vn="Variante von Win64/Toolbar.Perion.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9GKU0YSK\update[2]"
sh=EFDFF2B40B2C81225CD376E780B6A548D781D710 ft=1 fh=9d13fd8a297cd7ce vn="Variante von Win64/Toolbar.Perion.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9GKU0YSK\update[4]"
sh=C15B3B387C5E814ADA95E72EA2D30870651DCC99 ft=1 fh=9892757c2bb97d6a vn="Variante von Win64/Toolbar.Perion.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B53H2DC6\update[1]"
sh=8E5745F17950676F7FC78DD79C40D40898F3F9D0 ft=1 fh=68b19152bf70392c vn="Variante von Win64/Toolbar.Perion.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B53H2DC6\update[2]"
sh=047213D3F6891869703569078B5A2F127F299EBE ft=1 fh=9c2d364d476a9e9d vn="Variante von Win32/Wajam.D evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B53H2DC6\wajam_update[1].004"
sh=E1E55409ACA6CB28FAE7E00574E84F20AF171910 ft=1 fh=f7422f18f16fdeb5 vn="Variante von Win32/Wajam.D evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B53H2DC6\wajam_update[1].007"
sh=479AA062CE31CD6209BB00C6FD3100EE5B60F995 ft=1 fh=0d760ca871216e69 vn="Variante von Win64/Toolbar.Perion.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T0MB27EI\update[1]"
sh=3FD275E199DA4023E178393A1289AA92CF177A57 ft=1 fh=cfaf5f74f2400e93 vn="Variante von Win64/Toolbar.Perion.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T0MB27EI\update[2]"
sh=75A377CBC3D3354BF0DD7B5F1D26BFFF73744B92 ft=1 fh=8248de016d1d2bbb vn="Variante von Win32/Wajam.D evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T0MB27EI\wajam_update[1].005"
sh=75A377CBC3D3354BF0DD7B5F1D26BFFF73744B92 ft=1 fh=8248de016d1d2bbb vn="Variante von Win32/Wajam.D evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T0MB27EI\wajam_update[1].006"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="Variante von Win32/FileTypeAssistant.A evtl. unerwünschte Anwendung" ac=I fn="${Memory}"
Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=0ab10dbc328a78438d0d0846db764019
# engine=20553
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-10-12 08:06:28
# local_time=2014-10-12 10:06:28 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 1781959 84391210 0 0
# scanned=115515
# found=42
# cleaned=0
# scan_time=3470
sh=2D8FEA4D1AB3BD646B392A70556F5BDBEFFFD1DA ft=1 fh=b3b6e68fe10e8e02 vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung" ac=I fn="C:\Program Files\ccsetup412pro.exe"
sh=C133DB147FA578119F34B675D45B477E110761B2 ft=1 fh=9272027fde077ca7 vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung" ac=I fn="C:\Program Files\CCleaner\ccsetup412.exe"
sh=116FECDB8347AC7BF41A68E4D4B88B1DCBC057A5 ft=1 fh=5ae66c48013adbc2 vn="Variante von Win32/Toolbar.Widgi.B evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\IObit\Advanced SystemCare 6\ASCPatch.exe"
sh=26B127840CEAB90DEE0D263E889DB892A4973A4C ft=1 fh=b8a296f727e4fb79 vn="Win32/Toolbar.Widgi.E evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\IObit\Smart Defrag 2\smart-defrag-3-free.exe"
sh=B7D648DC5CFC56166351800319CF292F4541A005 ft=1 fh=07891d98c310b3e7 vn="Variante von Win32/Amonetize.X evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\MediaViewV1\MediaViewV1alpha8024\uninstall.exe.vir"
sh=AAEA2D2C15813161F9E114E6E1708CE545D5C8CA ft=1 fh=0022d452663e533e vn="Variante von Win32/DealPly.M evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\SaveSense\SaveSenseUpdateVer.exe.vir"
sh=3345820D566B825A15E1C5F1C24FFFDDBB1B18B5 ft=1 fh=64ab978d04f9851e vn="Variante von Win32/Amonetize.X evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\WebexpEnhancedV1\WebexpEnhancedV1alpha349\uninstall.exe.vir"
sh=A61A3ACD5C15381517B76092098513B25ECBF551 ft=1 fh=b9a0a070f08c228f vn="Variante von Win32/OpenCandy.A potenziell unsichere Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Michaela\FreemakeAudioConverterSetup.exe.vir"
sh=CF12266186E2C175C998F1AFCCDE0F653A0CB5B6 ft=0 fh=0000000000000000 vn="Java/Exploit.Agent.PGG Trojaner" ac=I fn="C:\Users\Michaela\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\66eb9996-32928e22"
sh=6DB3F93E7837C8DC2F6CFC997FC755722B08B2D0 ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\Michaela\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\36eaab5a-2104dca3"
sh=48C826EF00938F035C91C9F6B3E167CB21D96633 ft=1 fh=59fac0a23423ab50 vn="Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Michaela\AppData\Roaming\Mozilla\Firefox\Profiles\62q4hg8p.default\extensions\{8be8c269-cb65-47bb-9f82-d5ad0cd73055}\components\SmartbarFireFoxRemotePlugin_16.dll"
sh=45F4ABE93E1FB333545719948B418FB1207A5085 ft=1 fh=3a58b09db4698b9d vn="Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Michaela\AppData\Roaming\Mozilla\Firefox\Profiles\62q4hg8p.default\extensions\{8be8c269-cb65-47bb-9f82-d5ad0cd73055}\components\SmartbarFireFoxRemotePlugin_17.dll"
sh=FED76CBD8D5660DEC60B3F16547372DEE7F87FA6 ft=1 fh=9705b06916654cd4 vn="Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Michaela\AppData\Roaming\Mozilla\Firefox\Profiles\62q4hg8p.default\extensions\{8be8c269-cb65-47bb-9f82-d5ad0cd73055}\components\SmartbarFireFoxRemotePlugin_18.dll"
sh=C8F23EFE19C6A36D8921AE5C96F95808EBEFBE05 ft=1 fh=8064b8d931435e04 vn="Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Michaela\AppData\Roaming\Mozilla\Firefox\Profiles\62q4hg8p.default\extensions\{8be8c269-cb65-47bb-9f82-d5ad0cd73055}\components\SmartbarFireFoxRemotePlugin_19.dll"
sh=C7E054C7BA58AE2D703DB29C52346A3ED84FEF57 ft=1 fh=53532950b9749a4f vn="Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Michaela\AppData\Roaming\Mozilla\Firefox\Profiles\62q4hg8p.default\extensions\{8be8c269-cb65-47bb-9f82-d5ad0cd73055}\components\SmartbarFireFoxRemotePlugin_20.dll"
sh=98FCF260C8C676E33DA77173AB222BA6B0142116 ft=1 fh=e0b1efaf129489ac vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Michaela\AppData\Roaming\RHEng\BA1B729040494497957CE105CFEE5775\zafwSetupWeb_131_211_000.exe"
sh=027E6118DFFDB1060D1B2434BAC8603D4A476D67 ft=1 fh=bc997c791e848cb0 vn="Variante von Win32/SoftwareInstaller.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Michaela\Downloads\AdobeReaderSetup.exe"
sh=8535ED1AB74D7B9547C7D47E75B9159076527253 ft=1 fh=25a511c14236d929 vn="Variante von Win32/Toolbar.Widgi.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Michaela\Downloads\asc-setup_6pro.exe"
sh=8A6709AECCC17192725A8AF35421911DB26CEDB0 ft=1 fh=a909aa4eeedd8c6b vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="C:\Users\Michaela\Downloads\avc504-free(1).exe"
sh=8A6709AECCC17192725A8AF35421911DB26CEDB0 ft=1 fh=a909aa4eeedd8c6b vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="C:\Users\Michaela\Downloads\avc504-free.exe"
sh=4753D89650A73BB5FF94B8C61716DE2A5ECD8796 ft=1 fh=4888d5a0cb663a72 vn="Variante von Win32/CNETInstaller.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Michaela\Downloads\cbsidlm-cbsi118-IObit_Malware_Fighter-BP-10967594(1).exe"
sh=4753D89650A73BB5FF94B8C61716DE2A5ECD8796 ft=1 fh=4888d5a0cb663a72 vn="Variante von Win32/CNETInstaller.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Michaela\Downloads\cbsidlm-cbsi118-IObit_Malware_Fighter-BP-10967594.exe"
sh=2807F64B749DF114F021593F2F4D60195A51F987 ft=1 fh=a40243e1e458f2f1 vn="Win32/Bundled.Toolbar.Google.E potenziell unsichere Anwendung" ac=I fn="C:\Users\Michaela\Downloads\ccsetup325.exe"
sh=25CF9B7BB46B581ED8DE03DDC56E1574087CACAA ft=1 fh=10c5a1651be6049d vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung" ac=I fn="C:\Users\Michaela\Downloads\ccsetup326.exe"
sh=59C75B45AC46FAC8C4018205544938C46B1BA631 ft=1 fh=ab462a0af6e69b03 vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung" ac=I fn="C:\Users\Michaela\Downloads\ccsetup405.exe"
sh=C8B96034415ABE6FDBA82FF60E8157E97DED8CC6 ft=1 fh=afea4f88be0404c6 vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung" ac=I fn="C:\Users\Michaela\Downloads\ccsetup410pro.exe"
sh=DDA7A4231C56CDFC44B5273AF921188842818DF8 ft=1 fh=870e9cfa7219e619 vn="Variante von Win32/Toolbar.Widgi.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Michaela\Downloads\defragsetup.exe"
sh=9CDD87BC95DEA954665CB7F22579E04FC360077A ft=1 fh=9319ecaed0a22c9b vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="C:\Users\Michaela\Downloads\FreeYouTubeToMP3Converter-3.12.20.1230.exe"
sh=BCF43267B4416C6DDEFAAD5AE0A63E3F682C5BB0 ft=1 fh=905be375e5c80006 vn="Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Michaela\Downloads\PDFCreator-1_6_2_2_setup.exe"
sh=0A5CB0F0E3F062A8AED9ACEC1C6FB8A27F8F1AB1 ft=1 fh=6f10425ebd4afc01 vn="Win32/WinloadSDA.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Michaela\Programme\Samsung-Kies-lnstall.exe"
sh=27D1992D866CEB83F291410BBDF09DF322BB7FA1 ft=1 fh=cbfcb8046bee414d vn="Variante von Win64/Toolbar.Perion.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9GKU0YSK\update[1]"
sh=3FD275E199DA4023E178393A1289AA92CF177A57 ft=1 fh=cfaf5f74f2400e93 vn="Variante von Win64/Toolbar.Perion.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9GKU0YSK\update[2]"
sh=EFDFF2B40B2C81225CD376E780B6A548D781D710 ft=1 fh=9d13fd8a297cd7ce vn="Variante von Win64/Toolbar.Perion.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9GKU0YSK\update[4]"
sh=C15B3B387C5E814ADA95E72EA2D30870651DCC99 ft=1 fh=9892757c2bb97d6a vn="Variante von Win64/Toolbar.Perion.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B53H2DC6\update[1]"
sh=8E5745F17950676F7FC78DD79C40D40898F3F9D0 ft=1 fh=68b19152bf70392c vn="Variante von Win64/Toolbar.Perion.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B53H2DC6\update[2]"
sh=047213D3F6891869703569078B5A2F127F299EBE ft=1 fh=9c2d364d476a9e9d vn="Variante von Win32/Wajam.D evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B53H2DC6\wajam_update[1].004"
sh=E1E55409ACA6CB28FAE7E00574E84F20AF171910 ft=1 fh=f7422f18f16fdeb5 vn="Variante von Win32/Wajam.D evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B53H2DC6\wajam_update[1].007"
sh=71435DDB11E00D0243380C4902324853FE4ECE8F ft=1 fh=12b0cd2dde452d65 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T0MB27EI\ApnIC[1].0"
sh=479AA062CE31CD6209BB00C6FD3100EE5B60F995 ft=1 fh=0d760ca871216e69 vn="Variante von Win64/Toolbar.Perion.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T0MB27EI\update[1]"
sh=3FD275E199DA4023E178393A1289AA92CF177A57 ft=1 fh=cfaf5f74f2400e93 vn="Variante von Win64/Toolbar.Perion.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T0MB27EI\update[2]"
sh=75A377CBC3D3354BF0DD7B5F1D26BFFF73744B92 ft=1 fh=8248de016d1d2bbb vn="Variante von Win32/Wajam.D evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T0MB27EI\wajam_update[1].005"
sh=75A377CBC3D3354BF0DD7B5F1D26BFFF73744B92 ft=1 fh=8248de016d1d2bbb vn="Variante von Win32/Wajam.D evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T0MB27EI\wajam_update[1].006"
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=0ab10dbc328a78438d0d0846db764019
# engine=20631
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-10-16 08:58:07
# local_time=2014-10-16 10:58:07 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 2173858 84783109 0 0
# scanned=342237
# found=56
# cleaned=0
# scan_time=10253
sh=116FECDB8347AC7BF41A68E4D4B88B1DCBC057A5 ft=1 fh=5ae66c48013adbc2 vn="Variante von Win32/Toolbar.Widgi.B evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\IObit\Advanced SystemCare 6\ASCPatch.exe"
sh=26B127840CEAB90DEE0D263E889DB892A4973A4C ft=1 fh=b8a296f727e4fb79 vn="Win32/Toolbar.Widgi.E evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\IObit\Smart Defrag 2\smart-defrag-3-free.exe"
sh=B7D648DC5CFC56166351800319CF292F4541A005 ft=1 fh=07891d98c310b3e7 vn="Variante von Win32/Amonetize.X evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\MediaViewV1\MediaViewV1alpha8024\uninstall.exe.vir"
sh=AAEA2D2C15813161F9E114E6E1708CE545D5C8CA ft=1 fh=0022d452663e533e vn="Variante von Win32/DealPly.M evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\SaveSense\SaveSenseUpdateVer.exe.vir"
sh=3345820D566B825A15E1C5F1C24FFFDDBB1B18B5 ft=1 fh=64ab978d04f9851e vn="Variante von Win32/Amonetize.X evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\WebexpEnhancedV1\WebexpEnhancedV1alpha349\uninstall.exe.vir"
sh=CF12266186E2C175C998F1AFCCDE0F653A0CB5B6 ft=0 fh=0000000000000000 vn="Java/Exploit.Agent.PGG Trojaner" ac=I fn="C:\Users\Michaela\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\66eb9996-32928e22"
sh=6DB3F93E7837C8DC2F6CFC997FC755722B08B2D0 ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\Michaela\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\36eaab5a-2104dca3"
sh=48C826EF00938F035C91C9F6B3E167CB21D96633 ft=1 fh=59fac0a23423ab50 vn="Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Michaela\AppData\Roaming\Mozilla\Firefox\Profiles\62q4hg8p.default\extensions\{8be8c269-cb65-47bb-9f82-d5ad0cd73055}\components\SmartbarFireFoxRemotePlugin_16.dll"
sh=45F4ABE93E1FB333545719948B418FB1207A5085 ft=1 fh=3a58b09db4698b9d vn="Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Michaela\AppData\Roaming\Mozilla\Firefox\Profiles\62q4hg8p.default\extensions\{8be8c269-cb65-47bb-9f82-d5ad0cd73055}\components\SmartbarFireFoxRemotePlugin_17.dll"
sh=FED76CBD8D5660DEC60B3F16547372DEE7F87FA6 ft=1 fh=9705b06916654cd4 vn="Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Michaela\AppData\Roaming\Mozilla\Firefox\Profiles\62q4hg8p.default\extensions\{8be8c269-cb65-47bb-9f82-d5ad0cd73055}\components\SmartbarFireFoxRemotePlugin_18.dll"
sh=C8F23EFE19C6A36D8921AE5C96F95808EBEFBE05 ft=1 fh=8064b8d931435e04 vn="Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Michaela\AppData\Roaming\Mozilla\Firefox\Profiles\62q4hg8p.default\extensions\{8be8c269-cb65-47bb-9f82-d5ad0cd73055}\components\SmartbarFireFoxRemotePlugin_19.dll"
sh=C7E054C7BA58AE2D703DB29C52346A3ED84FEF57 ft=1 fh=53532950b9749a4f vn="Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Michaela\AppData\Roaming\Mozilla\Firefox\Profiles\62q4hg8p.default\extensions\{8be8c269-cb65-47bb-9f82-d5ad0cd73055}\components\SmartbarFireFoxRemotePlugin_20.dll"
sh=98FCF260C8C676E33DA77173AB222BA6B0142116 ft=1 fh=e0b1efaf129489ac vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Michaela\AppData\Roaming\RHEng\BA1B729040494497957CE105CFEE5775\zafwSetupWeb_131_211_000.exe"
sh=027E6118DFFDB1060D1B2434BAC8603D4A476D67 ft=1 fh=bc997c791e848cb0 vn="Variante von Win32/SoftwareInstaller.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Michaela\Downloads\AdobeReaderSetup.exe"
sh=8535ED1AB74D7B9547C7D47E75B9159076527253 ft=1 fh=25a511c14236d929 vn="Variante von Win32/Toolbar.Widgi.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Michaela\Downloads\asc-setup_6pro.exe"
sh=4753D89650A73BB5FF94B8C61716DE2A5ECD8796 ft=1 fh=4888d5a0cb663a72 vn="Variante von Win32/CNETInstaller.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Michaela\Downloads\cbsidlm-cbsi118-IObit_Malware_Fighter-BP-10967594(1).exe"
sh=4753D89650A73BB5FF94B8C61716DE2A5ECD8796 ft=1 fh=4888d5a0cb663a72 vn="Variante von Win32/CNETInstaller.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Michaela\Downloads\cbsidlm-cbsi118-IObit_Malware_Fighter-BP-10967594.exe"
sh=DDA7A4231C56CDFC44B5273AF921188842818DF8 ft=1 fh=870e9cfa7219e619 vn="Variante von Win32/Toolbar.Widgi.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Michaela\Downloads\defragsetup.exe"
sh=BCF43267B4416C6DDEFAAD5AE0A63E3F682C5BB0 ft=1 fh=905be375e5c80006 vn="Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Michaela\Downloads\PDFCreator-1_6_2_2_setup.exe"
sh=0A5CB0F0E3F062A8AED9ACEC1C6FB8A27F8F1AB1 ft=1 fh=6f10425ebd4afc01 vn="Win32/WinloadSDA.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Michaela\Programme\Samsung-Kies-lnstall.exe"
sh=27D1992D866CEB83F291410BBDF09DF322BB7FA1 ft=1 fh=cbfcb8046bee414d vn="Variante von Win64/Toolbar.Perion.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9GKU0YSK\update[1]"
sh=3FD275E199DA4023E178393A1289AA92CF177A57 ft=1 fh=cfaf5f74f2400e93 vn="Variante von Win64/Toolbar.Perion.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9GKU0YSK\update[2]"
sh=EFDFF2B40B2C81225CD376E780B6A548D781D710 ft=1 fh=9d13fd8a297cd7ce vn="Variante von Win64/Toolbar.Perion.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9GKU0YSK\update[4]"
sh=C15B3B387C5E814ADA95E72EA2D30870651DCC99 ft=1 fh=9892757c2bb97d6a vn="Variante von Win64/Toolbar.Perion.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B53H2DC6\update[1]"
sh=8E5745F17950676F7FC78DD79C40D40898F3F9D0 ft=1 fh=68b19152bf70392c vn="Variante von Win64/Toolbar.Perion.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B53H2DC6\update[2]"
sh=047213D3F6891869703569078B5A2F127F299EBE ft=1 fh=9c2d364d476a9e9d vn="Variante von Win32/Wajam.D evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B53H2DC6\wajam_update[1].004"
sh=E1E55409ACA6CB28FAE7E00574E84F20AF171910 ft=1 fh=f7422f18f16fdeb5 vn="Variante von Win32/Wajam.D evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B53H2DC6\wajam_update[1].007"
sh=479AA062CE31CD6209BB00C6FD3100EE5B60F995 ft=1 fh=0d760ca871216e69 vn="Variante von Win64/Toolbar.Perion.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T0MB27EI\update[1]"
sh=3FD275E199DA4023E178393A1289AA92CF177A57 ft=1 fh=cfaf5f74f2400e93 vn="Variante von Win64/Toolbar.Perion.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T0MB27EI\update[2]"
sh=75A377CBC3D3354BF0DD7B5F1D26BFFF73744B92 ft=1 fh=8248de016d1d2bbb vn="Variante von Win32/Wajam.D evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T0MB27EI\wajam_update[1].005"
sh=75A377CBC3D3354BF0DD7B5F1D26BFFF73744B92 ft=1 fh=8248de016d1d2bbb vn="Variante von Win32/Wajam.D evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T0MB27EI\wajam_update[1].006"
sh=412C3BD0E41CD1FA20C7CCE5086CE84B54DBD9B8 ft=0 fh=0000000000000000 vn="JS/Agent.NNS Trojaner" ac=I fn="H:\Daten-Samsung\MICHI-PC\Backup Set 2011-10-23 190002\Backup Files 2012-02-19 224319\Backup files 1.zip"
sh=01C3F5178AD297065807F262C6F9A963083AFAE2 ft=0 fh=0000000000000000 vn="Java/TrojanDownloader.Agent.NAM Trojaner" ac=I fn="H:\Galaxy\Michaela\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\1108a961-260e5b19"
sh=C2571730AFAB285335CBF6A35387DE5962F2819A ft=1 fh=398a74cd366f257e vn="Win32/Toolbar.Conduit.A evtl. unerwünschte Anwendung" ac=I fn="H:\Galaxy\Michaela\Downloads\FreeYouTubeToMp3Converter.exe"
sh=C2571730AFAB285335CBF6A35387DE5962F2819A ft=1 fh=398a74cd366f257e vn="Win32/Toolbar.Conduit.A evtl. unerwünschte Anwendung" ac=I fn="H:\Galaxy\Michaela\Downloads\FreeYouTubeToMp3Converter69.exe"
sh=6EEA45F0AC75053D955E44A1735997B263EDF882 ft=1 fh=be934e040f354c5e vn="Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung" ac=I fn="H:\Program Files\Conduit\Community Alerts\Alert.dll"
sh=E5C5C36DDD3DC414086EB9EC20DCEF13C06DDD94 ft=1 fh=f4eb487f30a3126f vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="H:\Program Files\DVDVideoSoft\tbDVDV.dll"
sh=027E6118DFFDB1060D1B2434BAC8603D4A476D67 ft=1 fh=bc997c791e848cb0 vn="Variante von Win32/SoftwareInstaller.A evtl. unerwünschte Anwendung" ac=I fn="H:\SamsungRecovery\SamsungData\DataBackup#(2014-10-07.140048)\C Drive\Users\Michaela\Downloads\AdobeReaderSetup.exe"
sh=8535ED1AB74D7B9547C7D47E75B9159076527253 ft=1 fh=25a511c14236d929 vn="Variante von Win32/Toolbar.Widgi.B evtl. unerwünschte Anwendung" ac=I fn="H:\SamsungRecovery\SamsungData\DataBackup#(2014-10-07.140048)\C Drive\Users\Michaela\Downloads\asc-setup_6pro.exe"
sh=4753D89650A73BB5FF94B8C61716DE2A5ECD8796 ft=1 fh=4888d5a0cb663a72 vn="Variante von Win32/CNETInstaller.B evtl. unerwünschte Anwendung" ac=I fn="H:\SamsungRecovery\SamsungData\DataBackup#(2014-10-07.140048)\C Drive\Users\Michaela\Downloads\cbsidlm-cbsi118-IObit_Malware_Fighter-BP-10967594(1).exe"
sh=4753D89650A73BB5FF94B8C61716DE2A5ECD8796 ft=1 fh=4888d5a0cb663a72 vn="Variante von Win32/CNETInstaller.B evtl. unerwünschte Anwendung" ac=I fn="H:\SamsungRecovery\SamsungData\DataBackup#(2014-10-07.140048)\C Drive\Users\Michaela\Downloads\cbsidlm-cbsi118-IObit_Malware_Fighter-BP-10967594.exe"
sh=36DEFFD94C48B5F8B9CBE791D1294F1711496D59 ft=1 fh=c71c0011500261b3 vn="Variante von Win32/InstallCore.BY evtl. unerwünschte Anwendung" ac=I fn="H:\SamsungRecovery\SamsungData\DataBackup#(2014-10-07.140048)\C Drive\Users\Michaela\Downloads\CCleanerSetup-14343207-pmfsb(1).exe"
sh=36DEFFD94C48B5F8B9CBE791D1294F1711496D59 ft=1 fh=c71c0011500261b3 vn="Variante von Win32/InstallCore.BY evtl. unerwünschte Anwendung" ac=I fn="H:\SamsungRecovery\SamsungData\DataBackup#(2014-10-07.140048)\C Drive\Users\Michaela\Downloads\CCleanerSetup-14343207-pmfsb.exe"
sh=DDA7A4231C56CDFC44B5273AF921188842818DF8 ft=1 fh=870e9cfa7219e619 vn="Variante von Win32/Toolbar.Widgi.B evtl. unerwünschte Anwendung" ac=I fn="H:\SamsungRecovery\SamsungData\DataBackup#(2014-10-07.140048)\C Drive\Users\Michaela\Downloads\defragsetup.exe"
sh=D772E5AD45CC1532CC6F75E6D0B4BC8FE701A538 ft=1 fh=c707addcff93c910 vn="Variante von Win32/InstallIQ.A evtl. unerwünschte Anwendung" ac=I fn="H:\SamsungRecovery\SamsungData\DataBackup#(2014-10-07.140048)\C Drive\Users\Michaela\Downloads\FinalMediaPlayer2012Setup.exe"
sh=B23C0191C00DA009B9FDEFABE3D2B38BAE5E065C ft=1 fh=4c188b3188380c52 vn="Variante von Win32/Amonetize.AA evtl. unerwünschte Anwendung" ac=I fn="H:\SamsungRecovery\SamsungData\DataBackup#(2014-10-07.140048)\C Drive\Users\Michaela\Downloads\FlashPlayer__4003_i213658496_il14.exe"
sh=67112FF10778696366E20309A551BAC45D40F26A ft=1 fh=d5d993d7cb04e4ef vn="Win32/iLivid.A evtl. unerwünschte Anwendung" ac=I fn="H:\SamsungRecovery\SamsungData\DataBackup#(2014-10-07.140048)\C Drive\Users\Michaela\Downloads\iLividSetup-r343-n-bf.exe"
sh=04D60957EE1C200CF9A0B43E8E37E970EDF6F26C ft=1 fh=70ef98a7849931ab vn="Variante von Win32/InstallCore.CH evtl. unerwünschte Anwendung" ac=I fn="H:\SamsungRecovery\SamsungData\DataBackup#(2014-10-07.140048)\C Drive\Users\Michaela\Downloads\OpenOfficeImpressSetup-10585463-pmfsb(1).exe"
sh=04D60957EE1C200CF9A0B43E8E37E970EDF6F26C ft=1 fh=70ef98a7849931ab vn="Variante von Win32/InstallCore.CH evtl. unerwünschte Anwendung" ac=I fn="H:\SamsungRecovery\SamsungData\DataBackup#(2014-10-07.140048)\C Drive\Users\Michaela\Downloads\OpenOfficeImpressSetup-10585463-pmfsb.exe"
sh=BCF43267B4416C6DDEFAAD5AE0A63E3F682C5BB0 ft=1 fh=905be375e5c80006 vn="Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung" ac=I fn="H:\SamsungRecovery\SamsungData\DataBackup#(2014-10-07.140048)\C Drive\Users\Michaela\Downloads\PDFCreator-1_6_2_2_setup.exe"
sh=149BE3748F03B9BA59FB57DB0F3755D4CA967133 ft=1 fh=f5544e886ce6488b vn="Variante von Win32/InstallCore.BY evtl. unerwünschte Anwendung" ac=I fn="H:\SamsungRecovery\SamsungData\DataBackup#(2014-10-07.140048)\C Drive\Users\Michaela\Downloads\RealPlayerSetup-11253381-pmfsb.exe"
sh=C8D889D883A7F41355A65C888F55B0772F440F7F ft=1 fh=c71c00113064b46d vn="Win32/Injected.I Trojaner" ac=I fn="H:\SamsungRecovery\SamsungData\DataBackup#(2014-10-07.140048)\C Drive\Users\Michaela\Downloads\SkypeSetup-16427221-pmfsb.exe"
sh=7C1C0EB85400A486B4134F72D66A85500EE8B3B5 ft=1 fh=ceb0ef1ff44b32db vn="Variante von Win32/SoftonicDownloader.F evtl. unerwünschte Anwendung" ac=I fn="H:\SamsungRecovery\SamsungData\DataBackup#(2014-10-07.140048)\C Drive\Users\Michaela\Downloads\SoftonicDownloader_fuer_free-youtube-download.exe"
sh=01C3F5178AD297065807F262C6F9A963083AFAE2 ft=0 fh=0000000000000000 vn="Java/TrojanDownloader.Agent.NAM Trojaner" ac=I fn="H:\Users\Michaela\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\1108a961-260e5b19"
sh=C2571730AFAB285335CBF6A35387DE5962F2819A ft=1 fh=398a74cd366f257e vn="Win32/Toolbar.Conduit.A evtl. unerwünschte Anwendung" ac=I fn="H:\Users\Michaela\Downloads\FreeYouTubeToMp3Converter.exe"
sh=C2571730AFAB285335CBF6A35387DE5962F2819A ft=1 fh=398a74cd366f257e vn="Win32/Toolbar.Conduit.A evtl. unerwünschte Anwendung" ac=I fn="H:\Users\Michaela\Downloads\FreeYouTubeToMp3Converter69.exe"
Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=0ab10dbc328a78438d0d0846db764019
# engine=20553
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-10-12 08:06:28
# local_time=2014-10-12 10:06:28 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 1781959 84391210 0 0
# scanned=115515
# found=42
# cleaned=0
# scan_time=3470
sh=2D8FEA4D1AB3BD646B392A70556F5BDBEFFFD1DA ft=1 fh=b3b6e68fe10e8e02 vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung" ac=I fn="C:\Program Files\ccsetup412pro.exe"
sh=C133DB147FA578119F34B675D45B477E110761B2 ft=1 fh=9272027fde077ca7 vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung" ac=I fn="C:\Program Files\CCleaner\ccsetup412.exe"
sh=116FECDB8347AC7BF41A68E4D4B88B1DCBC057A5 ft=1 fh=5ae66c48013adbc2 vn="Variante von Win32/Toolbar.Widgi.B evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\IObit\Advanced SystemCare 6\ASCPatch.exe"
sh=26B127840CEAB90DEE0D263E889DB892A4973A4C ft=1 fh=b8a296f727e4fb79 vn="Win32/Toolbar.Widgi.E evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\IObit\Smart Defrag 2\smart-defrag-3-free.exe"
sh=B7D648DC5CFC56166351800319CF292F4541A005 ft=1 fh=07891d98c310b3e7 vn="Variante von Win32/Amonetize.X evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\MediaViewV1\MediaViewV1alpha8024\uninstall.exe.vir"
sh=AAEA2D2C15813161F9E114E6E1708CE545D5C8CA ft=1 fh=0022d452663e533e vn="Variante von Win32/DealPly.M evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\SaveSense\SaveSenseUpdateVer.exe.vir"
sh=3345820D566B825A15E1C5F1C24FFFDDBB1B18B5 ft=1 fh=64ab978d04f9851e vn="Variante von Win32/Amonetize.X evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\WebexpEnhancedV1\WebexpEnhancedV1alpha349\uninstall.exe.vir"
sh=A61A3ACD5C15381517B76092098513B25ECBF551 ft=1 fh=b9a0a070f08c228f vn="Variante von Win32/OpenCandy.A potenziell unsichere Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Michaela\FreemakeAudioConverterSetup.exe.vir"
sh=CF12266186E2C175C998F1AFCCDE0F653A0CB5B6 ft=0 fh=0000000000000000 vn="Java/Exploit.Agent.PGG Trojaner" ac=I fn="C:\Users\Michaela\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\66eb9996-32928e22"
sh=6DB3F93E7837C8DC2F6CFC997FC755722B08B2D0 ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\Michaela\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\36eaab5a-2104dca3"
sh=48C826EF00938F035C91C9F6B3E167CB21D96633 ft=1 fh=59fac0a23423ab50 vn="Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Michaela\AppData\Roaming\Mozilla\Firefox\Profiles\62q4hg8p.default\extensions\{8be8c269-cb65-47bb-9f82-d5ad0cd73055}\components\SmartbarFireFoxRemotePlugin_16.dll"
sh=45F4ABE93E1FB333545719948B418FB1207A5085 ft=1 fh=3a58b09db4698b9d vn="Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Michaela\AppData\Roaming\Mozilla\Firefox\Profiles\62q4hg8p.default\extensions\{8be8c269-cb65-47bb-9f82-d5ad0cd73055}\components\SmartbarFireFoxRemotePlugin_17.dll"
sh=FED76CBD8D5660DEC60B3F16547372DEE7F87FA6 ft=1 fh=9705b06916654cd4 vn="Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Michaela\AppData\Roaming\Mozilla\Firefox\Profiles\62q4hg8p.default\extensions\{8be8c269-cb65-47bb-9f82-d5ad0cd73055}\components\SmartbarFireFoxRemotePlugin_18.dll"
sh=C8F23EFE19C6A36D8921AE5C96F95808EBEFBE05 ft=1 fh=8064b8d931435e04 vn="Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Michaela\AppData\Roaming\Mozilla\Firefox\Profiles\62q4hg8p.default\extensions\{8be8c269-cb65-47bb-9f82-d5ad0cd73055}\components\SmartbarFireFoxRemotePlugin_19.dll"
sh=C7E054C7BA58AE2D703DB29C52346A3ED84FEF57 ft=1 fh=53532950b9749a4f vn="Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Michaela\AppData\Roaming\Mozilla\Firefox\Profiles\62q4hg8p.default\extensions\{8be8c269-cb65-47bb-9f82-d5ad0cd73055}\components\SmartbarFireFoxRemotePlugin_20.dll"
sh=98FCF260C8C676E33DA77173AB222BA6B0142116 ft=1 fh=e0b1efaf129489ac vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Michaela\AppData\Roaming\RHEng\BA1B729040494497957CE105CFEE5775\zafwSetupWeb_131_211_000.exe"
sh=027E6118DFFDB1060D1B2434BAC8603D4A476D67 ft=1 fh=bc997c791e848cb0 vn="Variante von Win32/SoftwareInstaller.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Michaela\Downloads\AdobeReaderSetup.exe"
sh=8535ED1AB74D7B9547C7D47E75B9159076527253 ft=1 fh=25a511c14236d929 vn="Variante von Win32/Toolbar.Widgi.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Michaela\Downloads\asc-setup_6pro.exe"
sh=8A6709AECCC17192725A8AF35421911DB26CEDB0 ft=1 fh=a909aa4eeedd8c6b vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="C:\Users\Michaela\Downloads\avc504-free(1).exe"
sh=8A6709AECCC17192725A8AF35421911DB26CEDB0 ft=1 fh=a909aa4eeedd8c6b vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="C:\Users\Michaela\Downloads\avc504-free.exe"
sh=4753D89650A73BB5FF94B8C61716DE2A5ECD8796 ft=1 fh=4888d5a0cb663a72 vn="Variante von Win32/CNETInstaller.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Michaela\Downloads\cbsidlm-cbsi118-IObit_Malware_Fighter-BP-10967594(1).exe"
sh=4753D89650A73BB5FF94B8C61716DE2A5ECD8796 ft=1 fh=4888d5a0cb663a72 vn="Variante von Win32/CNETInstaller.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Michaela\Downloads\cbsidlm-cbsi118-IObit_Malware_Fighter-BP-10967594.exe"
sh=2807F64B749DF114F021593F2F4D60195A51F987 ft=1 fh=a40243e1e458f2f1 vn="Win32/Bundled.Toolbar.Google.E potenziell unsichere Anwendung" ac=I fn="C:\Users\Michaela\Downloads\ccsetup325.exe"
sh=25CF9B7BB46B581ED8DE03DDC56E1574087CACAA ft=1 fh=10c5a1651be6049d vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung" ac=I fn="C:\Users\Michaela\Downloads\ccsetup326.exe"
sh=59C75B45AC46FAC8C4018205544938C46B1BA631 ft=1 fh=ab462a0af6e69b03 vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung" ac=I fn="C:\Users\Michaela\Downloads\ccsetup405.exe"
sh=C8B96034415ABE6FDBA82FF60E8157E97DED8CC6 ft=1 fh=afea4f88be0404c6 vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung" ac=I fn="C:\Users\Michaela\Downloads\ccsetup410pro.exe"
sh=DDA7A4231C56CDFC44B5273AF921188842818DF8 ft=1 fh=870e9cfa7219e619 vn="Variante von Win32/Toolbar.Widgi.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Michaela\Downloads\defragsetup.exe"
sh=9CDD87BC95DEA954665CB7F22579E04FC360077A ft=1 fh=9319ecaed0a22c9b vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="C:\Users\Michaela\Downloads\FreeYouTubeToMP3Converter-3.12.20.1230.exe"
sh=BCF43267B4416C6DDEFAAD5AE0A63E3F682C5BB0 ft=1 fh=905be375e5c80006 vn="Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Michaela\Downloads\PDFCreator-1_6_2_2_setup.exe"
sh=0A5CB0F0E3F062A8AED9ACEC1C6FB8A27F8F1AB1 ft=1 fh=6f10425ebd4afc01 vn="Win32/WinloadSDA.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Michaela\Programme\Samsung-Kies-lnstall.exe"
sh=27D1992D866CEB83F291410BBDF09DF322BB7FA1 ft=1 fh=cbfcb8046bee414d vn="Variante von Win64/Toolbar.Perion.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9GKU0YSK\update[1]"
sh=3FD275E199DA4023E178393A1289AA92CF177A57 ft=1 fh=cfaf5f74f2400e93 vn="Variante von Win64/Toolbar.Perion.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9GKU0YSK\update[2]"
sh=EFDFF2B40B2C81225CD376E780B6A548D781D710 ft=1 fh=9d13fd8a297cd7ce vn="Variante von Win64/Toolbar.Perion.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9GKU0YSK\update[4]"
sh=C15B3B387C5E814ADA95E72EA2D30870651DCC99 ft=1 fh=9892757c2bb97d6a vn="Variante von Win64/Toolbar.Perion.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B53H2DC6\update[1]"
sh=8E5745F17950676F7FC78DD79C40D40898F3F9D0 ft=1 fh=68b19152bf70392c vn="Variante von Win64/Toolbar.Perion.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B53H2DC6\update[2]"
sh=047213D3F6891869703569078B5A2F127F299EBE ft=1 fh=9c2d364d476a9e9d vn="Variante von Win32/Wajam.D evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B53H2DC6\wajam_update[1].004"
sh=E1E55409ACA6CB28FAE7E00574E84F20AF171910 ft=1 fh=f7422f18f16fdeb5 vn="Variante von Win32/Wajam.D evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B53H2DC6\wajam_update[1].007"
sh=71435DDB11E00D0243380C4902324853FE4ECE8F ft=1 fh=12b0cd2dde452d65 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T0MB27EI\ApnIC[1].0"
sh=479AA062CE31CD6209BB00C6FD3100EE5B60F995 ft=1 fh=0d760ca871216e69 vn="Variante von Win64/Toolbar.Perion.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T0MB27EI\update[1]"
sh=3FD275E199DA4023E178393A1289AA92CF177A57 ft=1 fh=cfaf5f74f2400e93 vn="Variante von Win64/Toolbar.Perion.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T0MB27EI\update[2]"
sh=75A377CBC3D3354BF0DD7B5F1D26BFFF73744B92 ft=1 fh=8248de016d1d2bbb vn="Variante von Win32/Wajam.D evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T0MB27EI\wajam_update[1].005"
sh=75A377CBC3D3354BF0DD7B5F1D26BFFF73744B92 ft=1 fh=8248de016d1d2bbb vn="Variante von Win32/Wajam.D evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T0MB27EI\wajam_update[1].006"
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=0ab10dbc328a78438d0d0846db764019
# engine=20631
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-10-16 08:58:07
# local_time=2014-10-16 10:58:07 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 2173858 84783109 0 0
# scanned=342237
# found=56
# cleaned=0
# scan_time=10253
sh=116FECDB8347AC7BF41A68E4D4B88B1DCBC057A5 ft=1 fh=5ae66c48013adbc2 vn="Variante von Win32/Toolbar.Widgi.B evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\IObit\Advanced SystemCare 6\ASCPatch.exe"
sh=26B127840CEAB90DEE0D263E889DB892A4973A4C ft=1 fh=b8a296f727e4fb79 vn="Win32/Toolbar.Widgi.E evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\IObit\Smart Defrag 2\smart-defrag-3-free.exe"
sh=B7D648DC5CFC56166351800319CF292F4541A005 ft=1 fh=07891d98c310b3e7 vn="Variante von Win32/Amonetize.X evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\MediaViewV1\MediaViewV1alpha8024\uninstall.exe.vir"
sh=AAEA2D2C15813161F9E114E6E1708CE545D5C8CA ft=1 fh=0022d452663e533e vn="Variante von Win32/DealPly.M evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\SaveSense\SaveSenseUpdateVer.exe.vir"
sh=3345820D566B825A15E1C5F1C24FFFDDBB1B18B5 ft=1 fh=64ab978d04f9851e vn="Variante von Win32/Amonetize.X evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\WebexpEnhancedV1\WebexpEnhancedV1alpha349\uninstall.exe.vir"
sh=CF12266186E2C175C998F1AFCCDE0F653A0CB5B6 ft=0 fh=0000000000000000 vn="Java/Exploit.Agent.PGG Trojaner" ac=I fn="C:\Users\Michaela\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\66eb9996-32928e22"
sh=6DB3F93E7837C8DC2F6CFC997FC755722B08B2D0 ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\Michaela\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\36eaab5a-2104dca3"
sh=48C826EF00938F035C91C9F6B3E167CB21D96633 ft=1 fh=59fac0a23423ab50 vn="Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Michaela\AppData\Roaming\Mozilla\Firefox\Profiles\62q4hg8p.default\extensions\{8be8c269-cb65-47bb-9f82-d5ad0cd73055}\components\SmartbarFireFoxRemotePlugin_16.dll"
sh=45F4ABE93E1FB333545719948B418FB1207A5085 ft=1 fh=3a58b09db4698b9d vn="Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Michaela\AppData\Roaming\Mozilla\Firefox\Profiles\62q4hg8p.default\extensions\{8be8c269-cb65-47bb-9f82-d5ad0cd73055}\components\SmartbarFireFoxRemotePlugin_17.dll"
sh=FED76CBD8D5660DEC60B3F16547372DEE7F87FA6 ft=1 fh=9705b06916654cd4 vn="Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Michaela\AppData\Roaming\Mozilla\Firefox\Profiles\62q4hg8p.default\extensions\{8be8c269-cb65-47bb-9f82-d5ad0cd73055}\components\SmartbarFireFoxRemotePlugin_18.dll"
sh=C8F23EFE19C6A36D8921AE5C96F95808EBEFBE05 ft=1 fh=8064b8d931435e04 vn="Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Michaela\AppData\Roaming\Mozilla\Firefox\Profiles\62q4hg8p.default\extensions\{8be8c269-cb65-47bb-9f82-d5ad0cd73055}\components\SmartbarFireFoxRemotePlugin_19.dll"
sh=C7E054C7BA58AE2D703DB29C52346A3ED84FEF57 ft=1 fh=53532950b9749a4f vn="Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Michaela\AppData\Roaming\Mozilla\Firefox\Profiles\62q4hg8p.default\extensions\{8be8c269-cb65-47bb-9f82-d5ad0cd73055}\components\SmartbarFireFoxRemotePlugin_20.dll"
sh=98FCF260C8C676E33DA77173AB222BA6B0142116 ft=1 fh=e0b1efaf129489ac vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Michaela\AppData\Roaming\RHEng\BA1B729040494497957CE105CFEE5775\zafwSetupWeb_131_211_000.exe"
sh=027E6118DFFDB1060D1B2434BAC8603D4A476D67 ft=1 fh=bc997c791e848cb0 vn="Variante von Win32/SoftwareInstaller.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Michaela\Downloads\AdobeReaderSetup.exe"
sh=8535ED1AB74D7B9547C7D47E75B9159076527253 ft=1 fh=25a511c14236d929 vn="Variante von Win32/Toolbar.Widgi.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Michaela\Downloads\asc-setup_6pro.exe"
sh=4753D89650A73BB5FF94B8C61716DE2A5ECD8796 ft=1 fh=4888d5a0cb663a72 vn="Variante von Win32/CNETInstaller.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Michaela\Downloads\cbsidlm-cbsi118-IObit_Malware_Fighter-BP-10967594(1).exe"
sh=4753D89650A73BB5FF94B8C61716DE2A5ECD8796 ft=1 fh=4888d5a0cb663a72 vn="Variante von Win32/CNETInstaller.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Michaela\Downloads\cbsidlm-cbsi118-IObit_Malware_Fighter-BP-10967594.exe"
sh=DDA7A4231C56CDFC44B5273AF921188842818DF8 ft=1 fh=870e9cfa7219e619 vn="Variante von Win32/Toolbar.Widgi.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Michaela\Downloads\defragsetup.exe"
sh=BCF43267B4416C6DDEFAAD5AE0A63E3F682C5BB0 ft=1 fh=905be375e5c80006 vn="Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Michaela\Downloads\PDFCreator-1_6_2_2_setup.exe"
sh=0A5CB0F0E3F062A8AED9ACEC1C6FB8A27F8F1AB1 ft=1 fh=6f10425ebd4afc01 vn="Win32/WinloadSDA.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Michaela\Programme\Samsung-Kies-lnstall.exe"
sh=27D1992D866CEB83F291410BBDF09DF322BB7FA1 ft=1 fh=cbfcb8046bee414d vn="Variante von Win64/Toolbar.Perion.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9GKU0YSK\update[1]"
sh=3FD275E199DA4023E178393A1289AA92CF177A57 ft=1 fh=cfaf5f74f2400e93 vn="Variante von Win64/Toolbar.Perion.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9GKU0YSK\update[2]"
sh=EFDFF2B40B2C81225CD376E780B6A548D781D710 ft=1 fh=9d13fd8a297cd7ce vn="Variante von Win64/Toolbar.Perion.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9GKU0YSK\update[4]"
sh=C15B3B387C5E814ADA95E72EA2D30870651DCC99 ft=1 fh=9892757c2bb97d6a vn="Variante von Win64/Toolbar.Perion.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B53H2DC6\update[1]"
sh=8E5745F17950676F7FC78DD79C40D40898F3F9D0 ft=1 fh=68b19152bf70392c vn="Variante von Win64/Toolbar.Perion.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B53H2DC6\update[2]"
sh=047213D3F6891869703569078B5A2F127F299EBE ft=1 fh=9c2d364d476a9e9d vn="Variante von Win32/Wajam.D evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B53H2DC6\wajam_update[1].004"
sh=E1E55409ACA6CB28FAE7E00574E84F20AF171910 ft=1 fh=f7422f18f16fdeb5 vn="Variante von Win32/Wajam.D evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B53H2DC6\wajam_update[1].007"
sh=479AA062CE31CD6209BB00C6FD3100EE5B60F995 ft=1 fh=0d760ca871216e69 vn="Variante von Win64/Toolbar.Perion.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T0MB27EI\update[1]"
sh=3FD275E199DA4023E178393A1289AA92CF177A57 ft=1 fh=cfaf5f74f2400e93 vn="Variante von Win64/Toolbar.Perion.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T0MB27EI\update[2]"
sh=75A377CBC3D3354BF0DD7B5F1D26BFFF73744B92 ft=1 fh=8248de016d1d2bbb vn="Variante von Win32/Wajam.D evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T0MB27EI\wajam_update[1].005"
sh=75A377CBC3D3354BF0DD7B5F1D26BFFF73744B92 ft=1 fh=8248de016d1d2bbb vn="Variante von Win32/Wajam.D evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T0MB27EI\wajam_update[1].006"
sh=412C3BD0E41CD1FA20C7CCE5086CE84B54DBD9B8 ft=0 fh=0000000000000000 vn="JS/Agent.NNS Trojaner" ac=I fn="H:\Daten-Samsung\MICHI-PC\Backup Set 2011-10-23 190002\Backup Files 2012-02-19 224319\Backup files 1.zip"
sh=01C3F5178AD297065807F262C6F9A963083AFAE2 ft=0 fh=0000000000000000 vn="Java/TrojanDownloader.Agent.NAM Trojaner" ac=I fn="H:\Galaxy\Michaela\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\1108a961-260e5b19"
sh=C2571730AFAB285335CBF6A35387DE5962F2819A ft=1 fh=398a74cd366f257e vn="Win32/Toolbar.Conduit.A evtl. unerwünschte Anwendung" ac=I fn="H:\Galaxy\Michaela\Downloads\FreeYouTubeToMp3Converter.exe"
sh=C2571730AFAB285335CBF6A35387DE5962F2819A ft=1 fh=398a74cd366f257e vn="Win32/Toolbar.Conduit.A evtl. unerwünschte Anwendung" ac=I fn="H:\Galaxy\Michaela\Downloads\FreeYouTubeToMp3Converter69.exe"
sh=6EEA45F0AC75053D955E44A1735997B263EDF882 ft=1 fh=be934e040f354c5e vn="Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung" ac=I fn="H:\Program Files\Conduit\Community Alerts\Alert.dll"
sh=E5C5C36DDD3DC414086EB9EC20DCEF13C06DDD94 ft=1 fh=f4eb487f30a3126f vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="H:\Program Files\DVDVideoSoft\tbDVDV.dll"
sh=027E6118DFFDB1060D1B2434BAC8603D4A476D67 ft=1 fh=bc997c791e848cb0 vn="Variante von Win32/SoftwareInstaller.A evtl. unerwünschte Anwendung" ac=I fn="H:\SamsungRecovery\SamsungData\DataBackup#(2014-10-07.140048)\C Drive\Users\Michaela\Downloads\AdobeReaderSetup.exe"
sh=8535ED1AB74D7B9547C7D47E75B9159076527253 ft=1 fh=25a511c14236d929 vn="Variante von Win32/Toolbar.Widgi.B evtl. unerwünschte Anwendung" ac=I fn="H:\SamsungRecovery\SamsungData\DataBackup#(2014-10-07.140048)\C Drive\Users\Michaela\Downloads\asc-setup_6pro.exe"
sh=4753D89650A73BB5FF94B8C61716DE2A5ECD8796 ft=1 fh=4888d5a0cb663a72 vn="Variante von Win32/CNETInstaller.B evtl. unerwünschte Anwendung" ac=I fn="H:\SamsungRecovery\SamsungData\DataBackup#(2014-10-07.140048)\C Drive\Users\Michaela\Downloads\cbsidlm-cbsi118-IObit_Malware_Fighter-BP-10967594(1).exe"
sh=4753D89650A73BB5FF94B8C61716DE2A5ECD8796 ft=1 fh=4888d5a0cb663a72 vn="Variante von Win32/CNETInstaller.B evtl. unerwünschte Anwendung" ac=I fn="H:\SamsungRecovery\SamsungData\DataBackup#(2014-10-07.140048)\C Drive\Users\Michaela\Downloads\cbsidlm-cbsi118-IObit_Malware_Fighter-BP-10967594.exe"
sh=36DEFFD94C48B5F8B9CBE791D1294F1711496D59 ft=1 fh=c71c0011500261b3 vn="Variante von Win32/InstallCore.BY evtl. unerwünschte Anwendung" ac=I fn="H:\SamsungRecovery\SamsungData\DataBackup#(2014-10-07.140048)\C Drive\Users\Michaela\Downloads\CCleanerSetup-14343207-pmfsb(1).exe"
sh=36DEFFD94C48B5F8B9CBE791D1294F1711496D59 ft=1 fh=c71c0011500261b3 vn="Variante von Win32/InstallCore.BY evtl. unerwünschte Anwendung" ac=I fn="H:\SamsungRecovery\SamsungData\DataBackup#(2014-10-07.140048)\C Drive\Users\Michaela\Downloads\CCleanerSetup-14343207-pmfsb.exe"
sh=DDA7A4231C56CDFC44B5273AF921188842818DF8 ft=1 fh=870e9cfa7219e619 vn="Variante von Win32/Toolbar.Widgi.B evtl. unerwünschte Anwendung" ac=I fn="H:\SamsungRecovery\SamsungData\DataBackup#(2014-10-07.140048)\C Drive\Users\Michaela\Downloads\defragsetup.exe"
sh=D772E5AD45CC1532CC6F75E6D0B4BC8FE701A538 ft=1 fh=c707addcff93c910 vn="Variante von Win32/InstallIQ.A evtl. unerwünschte Anwendung" ac=I fn="H:\SamsungRecovery\SamsungData\DataBackup#(2014-10-07.140048)\C Drive\Users\Michaela\Downloads\FinalMediaPlayer2012Setup.exe"
sh=B23C0191C00DA009B9FDEFABE3D2B38BAE5E065C ft=1 fh=4c188b3188380c52 vn="Variante von Win32/Amonetize.AA evtl. unerwünschte Anwendung" ac=I fn="H:\SamsungRecovery\SamsungData\DataBackup#(2014-10-07.140048)\C Drive\Users\Michaela\Downloads\FlashPlayer__4003_i213658496_il14.exe"
sh=67112FF10778696366E20309A551BAC45D40F26A ft=1 fh=d5d993d7cb04e4ef vn="Win32/iLivid.A evtl. unerwünschte Anwendung" ac=I fn="H:\SamsungRecovery\SamsungData\DataBackup#(2014-10-07.140048)\C Drive\Users\Michaela\Downloads\iLividSetup-r343-n-bf.exe"
sh=04D60957EE1C200CF9A0B43E8E37E970EDF6F26C ft=1 fh=70ef98a7849931ab vn="Variante von Win32/InstallCore.CH evtl. unerwünschte Anwendung" ac=I fn="H:\SamsungRecovery\SamsungData\DataBackup#(2014-10-07.140048)\C Drive\Users\Michaela\Downloads\OpenOfficeImpressSetup-10585463-pmfsb(1).exe"
sh=04D60957EE1C200CF9A0B43E8E37E970EDF6F26C ft=1 fh=70ef98a7849931ab vn="Variante von Win32/InstallCore.CH evtl. unerwünschte Anwendung" ac=I fn="H:\SamsungRecovery\SamsungData\DataBackup#(2014-10-07.140048)\C Drive\Users\Michaela\Downloads\OpenOfficeImpressSetup-10585463-pmfsb.exe"
sh=BCF43267B4416C6DDEFAAD5AE0A63E3F682C5BB0 ft=1 fh=905be375e5c80006 vn="Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung" ac=I fn="H:\SamsungRecovery\SamsungData\DataBackup#(2014-10-07.140048)\C Drive\Users\Michaela\Downloads\PDFCreator-1_6_2_2_setup.exe"
sh=149BE3748F03B9BA59FB57DB0F3755D4CA967133 ft=1 fh=f5544e886ce6488b vn="Variante von Win32/InstallCore.BY evtl. unerwünschte Anwendung" ac=I fn="H:\SamsungRecovery\SamsungData\DataBackup#(2014-10-07.140048)\C Drive\Users\Michaela\Downloads\RealPlayerSetup-11253381-pmfsb.exe"
sh=C8D889D883A7F41355A65C888F55B0772F440F7F ft=1 fh=c71c00113064b46d vn="Win32/Injected.I Trojaner" ac=I fn="H:\SamsungRecovery\SamsungData\DataBackup#(2014-10-07.140048)\C Drive\Users\Michaela\Downloads\SkypeSetup-16427221-pmfsb.exe"
sh=7C1C0EB85400A486B4134F72D66A85500EE8B3B5 ft=1 fh=ceb0ef1ff44b32db vn="Variante von Win32/SoftonicDownloader.F evtl. unerwünschte Anwendung" ac=I fn="H:\SamsungRecovery\SamsungData\DataBackup#(2014-10-07.140048)\C Drive\Users\Michaela\Downloads\SoftonicDownloader_fuer_free-youtube-download.exe"
sh=01C3F5178AD297065807F262C6F9A963083AFAE2 ft=0 fh=0000000000000000 vn="Java/TrojanDownloader.Agent.NAM Trojaner" ac=I fn="H:\Users\Michaela\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\1108a961-260e5b19"
sh=C2571730AFAB285335CBF6A35387DE5962F2819A ft=1 fh=398a74cd366f257e vn="Win32/Toolbar.Conduit.A evtl. unerwünschte Anwendung" ac=I fn="H:\Users\Michaela\Downloads\FreeYouTubeToMp3Converter.exe"
sh=C2571730AFAB285335CBF6A35387DE5962F2819A ft=1 fh=398a74cd366f257e vn="Win32/Toolbar.Conduit.A evtl. unerwünschte Anwendung" ac=I fn="H:\Users\Michaela\Downloads\FreeYouTubeToMp3Converter69.exe"
Code:
ATTFilter Results of screen317's Security Check version 0.99.87
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
TuneUp Utilities 2014 (de-DE)
CCleaner
Java 7 Update 67
Adobe Flash Player 12.0.0.43 Flash Player out of Date!
Adobe Reader 10.1.12 Adobe Reader out of Date!
Mozilla Firefox (32.0.3)
Google Chrome 37.0.2062.124
Google Chrome 38.0.2125.104
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-10-2014
Ran by Michaela (administrator) on MAHAKALA-PC on 19-10-2014 20:03:58
Running from C:\Users\Michaela\Desktop
Loaded Profile: Michaela (Available profiles: Michaela)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(pdfforge GbR) C:\Program Files\PDF Architect\HelperService.exe
(pdfforge GbR) C:\Program Files\PDF Architect\ConversionService.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files\CyberLink\Shared Files\RichVideo.exe
(SAMSUNG Electronics co., LTD.) C:\Program Files\SamSung\EBM\EasyBatteryMgr3.exe
(SAMSUNG Electronics) C:\Program Files\SamSung\Easy Display Manager\dmhkcore.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Cyberlink Corp.) C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
() C:\Windows\Samsung\PanelMgr\SSMMgr.exe
() C:\Windows\twain_32\Samsung\SCX3200\Scan2Pc.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
(Dropbox, Inc.) C:\Users\Michaela\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_12_0_0_43.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_12_0_0_43.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesApp32.exe
(Trusted Software ApS) C:\Program Files\File Type Assistant\tsassist.exe
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [6111232 2008-04-17] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1029416 2007-10-26] (Synaptics, Inc.)
HKLM\...\Run: [RemoteControl] => C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [71216 2007-03-14] (Cyberlink Corp.)
HKLM\...\Run: [LanguageShortcut] => C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [52256 2007-01-08] ()
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [974432 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [Samsung PanelMgr] => C:\Windows\Samsung\PanelMgr\SSMMgr.exe [688128 2011-07-06] ()
HKLM\...\Run: [SCX3200_Scan2Pc] => C:\Windows\Twain_32\Samsung\SCX3200\Scan2pc.exe [1990144 2011-06-21] ()
HKLM\...\Run: [3200 Scan2PC] => C:\Windows\twain_32\Samsung\SCX3200\Scan2Pc.exe [1990144 2011-06-21] ()
HKLM\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [21650016 2014-07-24] (Skype Technologies S.A.)
HKU\S-1-5-21-942415238-3203751660-2953270710-1000\...\Run: [LightScribe Control Panel] => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2289664 2008-03-17] (Hewlett-Packard Company)
HKU\S-1-5-21-942415238-3203751660-2953270710-1000\...\Run: [ccleaner] => C:\Program Files\CCleaner\CCleaner.exe [3273136 2012-12-19] (Piriform Ltd)
HKU\S-1-5-21-942415238-3203751660-2953270710-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-942415238-3203751660-2953270710-1000\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\system32\Macromed\Flash\FlashUtil32_12_0_0_43_Plugin.exe [840072 2014-02-09] (Adobe Systems Incorporated)
HKU\S-1-5-18\...\Run: [Advanced SystemCare 7] => "C:\Program Files\IObit\Advanced SystemCare 7\ASCTray.exe" /Auto
Startup: C:\Users\Michaela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Michaela\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Michaela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL =
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: PDF Architect Helper -> {3A2D5EBA-F86D-4BD3-A177-019765996711} -> C:\Program Files\PDF Architect\PDFIEHelper.dll (pdfforge GbR)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Advanced SystemCare Browser Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Michaela\AppData\Roaming\Mozilla\Firefox\Profiles\62q4hg8p.default
FF SearchEngineOrder.1: Search By ZoneAlarm
FF SelectedSearchEngine: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Advanced SystemCare Surfing Protection - C:\Users\Michaela\AppData\Roaming\Mozilla\Firefox\Profiles\62q4hg8p.default\Extensions\ascsurfingprotection@iobit.com [2014-10-07]
FF Extension: Yahoo Community Smartbar - C:\Users\Michaela\AppData\Roaming\Mozilla\Firefox\Profiles\62q4hg8p.default\Extensions\{8be8c269-cb65-47bb-9f82-d5ad0cd73055} [2013-04-21]
FF Extension: Add-on Compatibility Reporter - C:\Users\Michaela\AppData\Roaming\Mozilla\Firefox\Profiles\62q4hg8p.default\Extensions\compatibility@addons.mozilla.org.xpi [2014-01-22]
FF Extension: ImTranslator - C:\Users\Michaela\AppData\Roaming\Mozilla\Firefox\Profiles\62q4hg8p.default\Extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi [2013-08-25]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-08-22]
FF HKLM\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files\PDF Architect\FFPDFArchitectExt [2013-03-30]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-11-24]
FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: No Name - C:\Program Files\IObit Apps Toolbar\FF [Not Found]
Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\33.0.1750.154\pdf.dll No File
CHR Plugin: (Advanced SystemCare 6) - C:\Users\Michaela\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkddabcabcabcabcabcabcabc\1.0.0_0\Plugin/ASCPlugin_Protect.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Picasa) - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll No File
CHR Profile: C:\Users\Michaela\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Michaela\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-12-07]
CHR Extension: (Advanced SystemCare Surfing Protection) - C:\Users\Michaela\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbmegnmpleoagolcnjnejdacakedpcgd [2014-03-16]
CHR Extension: (YouTube) - C:\Users\Michaela\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-12-07]
CHR Extension: (Google-Suche) - C:\Users\Michaela\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-12-07]
CHR Extension: (Media View) - C:\Users\Michaela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlkojehkngebfliacbjemkjcicanmbok [2014-03-15]
CHR Extension: (RealDownloader) - C:\Users\Michaela\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-04-03]
CHR Extension: (Advanced SystemCare Surfing Protection) - C:\Users\Michaela\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd [2014-03-04]
CHR Extension: (Google Wallet) - C:\Users\Michaela\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-14]
CHR Extension: (Google Mail) - C:\Users\Michaela\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-12-07]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AAV UpdateService; C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 EvtEng; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [819200 2008-05-23] (Intel(R) Corporation) [File not signed]
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2008-03-17] (Hewlett-Packard Company) [File not signed]
S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2282272 2014-08-19] (IObit)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation)
R2 PDF Architect Helper Service; C:\Program Files\PDF Architect\HelperService.exe [1324104 2013-01-09] (pdfforge GbR)
R2 PDF Architect Service; C:\Program Files\PDF Architect\ConversionService.exe [795208 2013-01-09] (pdfforge GbR)
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 RegSrvc; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [466944 2008-05-23] (Intel(R) Corporation) [File not signed]
R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [272024 2006-12-20] ()
R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe [1740600 2013-08-30] (TuneUp Software)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 KMDFMEMIO; C:\Windows\System32\DRIVERS\kmdfmemio.sys [13312 2006-11-14] (SAMSUNG ELECTRONICS CO., LTD.)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-10-12] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation)
R1 MpKsle2715c31; C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{49298FCB-DB9B-41DD-92B9-6ED3B1FCEFCB}\MpKsle2715c31.sys [39464 2014-10-19] (Microsoft Corporation)
R2 PfFilter; C:\Program Files\IObit\Protected Folder\pffilter.sys [34336 2013-04-03] (IObit Information Technology)
R2 SSPORT; C:\Windows\system32\Drivers\SSPORT.sys [5120 2009-10-28] (Samsung Electronics) [File not signed]
R3 VMC302; C:\Windows\System32\Drivers\VMC302.sys [242560 2008-04-05] (Vimicro Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
U5 BTHPORT; C:\Windows\System32\Drivers\BTHPORT.sys [219648 2008-01-21] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S1 ffeicctm; No ImagePath
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
R3 TuneUpUtilitiesDrv; \??\C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesDriver32.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 19-10-2014
Ran by Michaela at 2014-10-19 20:05:14
Running from C:\Users\Michaela\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
AAVUpdateManager (HKLM\...\{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}) (Version: 18.00.0000 - Wolters Kluwer Deutschland GmbH)
Adobe Digital Editions 3.0 (HKLM\...\Adobe Digital Editions 3.0) (Version: 3.0.1 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.7.700.224 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.43 - Adobe Systems Incorporated)
Adobe Reader X (10.1.12) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)
CCleaner (HKLM\...\CCleaner) (Version: 3.26 - Piriform)
CyberLink DVD Suite (HKLM\...\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 5.0.2403 - CyberLink Corp.)
CyberLink Power2Go (HKLM\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.0.3825 - CyberLink Corp.)
Dropbox (HKCU\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)
Easy Battery Manager (HKLM\...\{6F730513-8688-4C3C-90A3-6B9792CE2EF3}) (Version: 3.2.1.7 - )
Easy Display Manager (HKLM\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 2.0.0.0 - Samsung)
File Type Assistant (HKLM\...\Trusted Software Assistant_is1) (Version: 2014.3.25.0 - ) <==== ATTENTION
Final Media Player 2014 (HKLM\...\FinalMediaPlayer_is1) (Version: 2014.08.04.00 - Bitberry Software) <==== ATTENTION
Free YouTube to MP3 Converter version 3.12.20.1230 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.20.1230 - DVDVideoSoft Ltd.)
Google Chrome (HKLM\...\Google Chrome) (Version: 38.0.2125.104 - Google Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
Intel PROSet Wireless (Version: - ) Hidden
Intel(R) PROSet/Wireless WiFi-Software (HKLM\...\{BA5F3E0E-8F3E-47BD-88E4-AD3EB5225F51}) (Version: 12.00.2000 - Intel(R) Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (Version: 2.1.67.1 - Oracle, Inc.) Hidden
LabelPrint (HKLM\...\{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: .2406 - CyberLink Corp.)
LightScribe System Software 1.12.37.1 (HKLM\...\{004C5DA2-2051-4D25-94BA-51CF810C91EB}) (Version: 1.12.37.1 - LightScribe)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Marvell Miniport Driver (HKLM\...\Marvell Miniport Driver) (Version: 11.45.4.3 - Marvell)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 32.0.3 (x86 de) (HKLM\...\Mozilla Firefox 32.0.3 (x86 de)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: - )
OpenOffice.org 3.4.1 (HKLM\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
PDF Architect (HKLM\...\{80A07844-CA64-4DE4-AB61-D37DDBE8074F}) (Version: 1.0.52.8917 - pdfforge)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.6.2 - pdfforge)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PlayCamera (HKLM\...\{804F1285-8CBF-408D-8CDC-D4D40003B2E4}) (Version: 1.0.1.7 - )
PowerDirector (HKLM\...\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 5.0.3927 - CyberLink Corp.)
PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 7.0.3118.0 - CyberLink Corp.)
PowerProducer (HKLM\...\{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 085120(3.7)_Vista_SSPC - CyberLink Corp.)
Protected Folder (HKLM\...\Protected Folder_is1) (Version: - IObit)
RealDownloader (Version: 1.3.3 - RealNetworks, Inc.) Hidden
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5605 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Samsung Recovery Solution III (HKLM\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 3.0.0.5 - Samsung)
Samsung Scan Assistant (HKLM\...\Samsung Scan Assistant) (Version: 1.04.22.00 - Samsung Electronics Co., Ltd.)
Samsung SCX-3200 Series (HKLM\...\Samsung SCX-3200 Series) (Version: - Samsung Electronics Co., Ltd.)
Skype™ 6.18 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
Steuer-Spar-Erklärung 2011 (HKLM\...\{9F5FD796-86F0-4360-85F8-D54C0F5411EB}) (Version: 16.01 - Akademische Arbeitsgemeinschaft Verlag)
Steuer-Spar-Erklärung 2012 (HKLM\...\{CCD2BAD2-0919-40CB-80CC-E9538B0E4C2E}) (Version: 17.01 - Wolters Kluwer Deutschland GmbH)
Steuer-Spar-Erklärung 2013 (HKLM\...\{AEB61F7A-4BBA-4292-A096-7893E09034A4}) (Version: 18.02 - Wolters Kluwer Deutschland GmbH)
SteuerSparErklärung 2014 (HKLM\...\{A463EB06-22A6-47F5-9593-E52B291EF13E}) (Version: 19.07.73 - Akademische Arbeitsgemeinschaft)
Surfing Protection (HKLM\...\IObit Surfing Protection_is1) (Version: 1.0 - IObit)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 10.1.2.0 - Synaptics)
TuneUp Utilities 2014 (de-DE) (Version: 14.0.1000.89 - TuneUp Software) Hidden
Vimicro UVC Camera (HKLM\...\{71A51B09-E7D3-11DB-A386-005056C00008}) (Version: 1.00.0000 - Vimicro Corporation)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-942415238-3203751660-2953270710-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Michaela\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-942415238-3203751660-2953270710-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Michaela\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-942415238-3203751660-2953270710-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Michaela\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-942415238-3203751660-2953270710-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Michaela\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-942415238-3203751660-2953270710-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Michaela\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-942415238-3203751660-2953270710-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Michaela\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-942415238-3203751660-2953270710-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Michaela\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-942415238-3203751660-2953270710-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Michaela\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-942415238-3203751660-2953270710-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Michaela\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
==================== Restore Points =========================
09-10-2014 09:13:46 Revo Uninstaller's restore point - Bonanza Deals (remove only)
09-10-2014 09:19:16 Revo Uninstaller's restore point - Bonanza Deals (remove only)
09-10-2014 09:20:44 Revo Uninstaller's restore point - Delta Chrome Toolbar
09-10-2014 09:21:56 Revo Uninstaller's restore point - File Type Assistant
09-10-2014 09:28:11 Revo Uninstaller's restore point - Final Media Player 2012
09-10-2014 09:29:50 Revo Uninstaller's restore point - Media Player
09-10-2014 09:33:44 Revo Uninstaller's restore point - Media View
09-10-2014 09:36:32 Revo Uninstaller's restore point - Media Viewer
09-10-2014 09:38:28 Revo Uninstaller's restore point - SaveSense
09-10-2014 09:39:57 Revo Uninstaller's restore point - V-bates 2.0.0.437
09-10-2014 12:07:47 Revo Uninstaller's restore point - Video Player
09-10-2014 12:10:55 Revo Uninstaller's restore point - Webexp Enhanced
09-10-2014 12:22:00 Revo Uninstaller's restore point - Yahoo Community Smartbar Engine
09-10-2014 12:23:17 Revo Uninstaller's restore point - IObit Malware Fighter
09-10-2014 12:24:34 Revo Uninstaller's restore point - IObit Uninstaller
09-10-2014 12:25:38 Revo Uninstaller's restore point - IObit Unlocker
09-10-2014 16:20:37 Windows Update
10-10-2014 06:35:08 Geplanter Prüfpunkt
10-10-2014 11:55:50 Revo Uninstaller's restore point - Smart Defrag 3
10-10-2014 11:59:55 Revo Uninstaller's restore point - Advanced SystemCare 7
13-10-2014 16:22:25 Windows Update
14-10-2014 22:00:00 Geplanter Prüfpunkt
15-10-2014 22:00:01 Geplanter Prüfpunkt
16-10-2014 05:09:02 Windows-Modulinstallation
16-10-2014 21:54:50 Windows Update
17-10-2014 01:00:12 Windows Update
18-10-2014 06:11:29 Revo Uninstaller's restore point - TuneUp Utilities 2014
18-10-2014 06:12:46 TuneUp Utilities 2014 wird entfernt
18-10-2014 23:48:51 Geplanter Prüfpunkt
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2006-11-02 12:23 - 2014-10-09 15:06 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {0E7FA047-DD46-4BD7-90B7-0A55EF649DDD} - \AdobeFlashPlayerUpdate No Task File <==== ATTENTION
Task: {1419758E-0C5C-47B5-9DBB-485F0FEED91F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-12-07] (Google Inc.)
Task: {16CD6145-91AC-4D69-A4FC-067B5E25D6CC} - \AdobeFlashPlayerUpdate 2 No Task File <==== ATTENTION
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {1F185668-F306-4910-B89C-C55CDC9BBF8E} - \SaveSenseLiveUpdateTaskMachineCore No Task File <==== ATTENTION
Task: {2254F349-684B-4CB4-975C-09A9FBA0B7EA} - \Adobe Flash Player Updater No Task File <==== ATTENTION
Task: {269C44DB-DAE1-43B7-989E-2E9807E6307B} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {555CAE72-5DB4-4088-B7BD-358F2DC313DC} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-942415238-3203751660-2953270710-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {56553C57-380E-46DA-A9F1-C8FEC386C0BC} - System32\Tasks\ProgramUpdateCheck => C:\Program Files\File Type Assistant\TSAssist.exe [2014-03-25] (Trusted Software ApS) <==== ATTENTION
Task: {5E01DE15-A88B-4F1C-BFC1-82DB27A54FF6} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files\TuneUp Utilities 2014\OneClick.exe
Task: {75816C49-A908-43B8-AE51-551BC1938E50} - System32\Tasks\Final Media Player Update Checker => C:\Program Files\FinalMediaPlayer\FMPCheckForUpdates.exe [2013-03-25] (Bitberry Software)
Task: {847450C7-6C06-4BC2-B0DE-0E790758275D} - System32\Tasks\ProgramRefresh-ATFST => C:\Program Files\File Type Assistant\tsasetup.exe [2014-04-04] ( ) <==== ATTENTION
Task: {8C419D96-F47F-41AD-8B97-8C6B9FDFC100} - System32\Tasks\EasyBatteryManager => C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe [2008-04-17] (SAMSUNG Electronics co., LTD.)
Task: {9466EBF1-0480-4086-B1AD-E44F13113A59} - System32\Tasks\EasyDisplayMgr => C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe [2008-05-22] (SAMSUNG Electronics)
Task: {97DCD50B-16FB-4B2A-851D-502335CF2C97} - System32\Tasks\EasySpeedUpManager => C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
Task: {9BC4F5AB-60B2-45C6-8B58-241260B1FD06} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-942415238-3203751660-2953270710-1000 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {B8F2DB4E-336E-4EAD-8351-F9F42F3F3F31} - \SaveSenseLiveUpdateTaskMachineUA No Task File <==== ATTENTION
Task: {BF5CA0E8-67C5-474F-83C3-C53A77FD9E10} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-942415238-3203751660-2953270710-1000 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {C8D7022C-7D2C-4BAE-96DD-6FC329F8AA09} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-12-19] (Piriform Ltd)
Task: {DA3D0881-F888-4F8D-99F6-2F36BF8161E2} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-942415238-3203751660-2953270710-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {DB976070-BE8B-4B9D-ABF5-B7BD536F367A} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2014-07-25] (Oracle Corporation)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: {EF2CF96B-520A-44D9-84BC-DDED7E093B03} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-12-07] (Google Inc.)
Task: {F2597B68-9125-483E-BA3B-B98E0B69BEE5} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-08-21] (Adobe Systems Incorporated)
Task: {F2CCA185-ED4F-47B8-B6A7-17F22F2519C4} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-942415238-3203751660-2953270710-1000 => C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe [2013-08-14] (RealNetworks, Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Final Media Player Update Checker.job => C:\Program Files\FinalMediaPlayer\FMPCheckForUpdates.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2008-05-23 13:46 - 2008-05-23 13:46 - 00200704 _____ () C:\Program Files\Intel\WiFi\bin\IWMSPROV.DLL
2012-11-29 17:23 - 2011-04-14 04:40 - 00024064 _____ () C:\Windows\System32\ssb3ml3.dll
2012-11-29 17:23 - 2011-04-14 04:40 - 00626688 _____ () C:\Windows\system32\spool\DRIVERS\W32X86\3\ssb3mdu.dll
2008-10-24 17:35 - 2008-10-24 17:35 - 00128296 _____ () C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
2013-08-14 16:19 - 2013-08-14 16:19 - 00039056 _____ () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
2012-08-03 22:44 - 2006-12-20 07:23 - 00272024 ____N () C:\Program Files\CyberLink\Shared Files\RichVideo.exe
2012-08-03 22:49 - 2006-08-12 12:48 - 00049152 _____ () C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll
2012-11-29 17:25 - 2011-07-06 13:24 - 00688128 _____ () C:\Windows\Samsung\PanelMgr\SSMMgr.exe
2012-11-29 17:27 - 2011-06-21 03:18 - 01990144 _____ () C:\Windows\twain_32\Samsung\SCX3200\Scan2Pc.exe
2012-11-29 17:27 - 2009-11-19 14:10 - 01384520 _____ () C:\Windows\twain_32\Samsung\SCX3200\ssole.dll
2007-07-12 13:55 - 2007-07-12 13:55 - 01581056 _____ () C:\Program Files\Common Files\LightScribe\QtCore4.dll
2007-08-14 13:59 - 2007-08-14 13:59 - 06365184 _____ () C:\Program Files\Common Files\LightScribe\QtGui4.dll
2007-07-12 13:55 - 2007-07-12 13:55 - 00131072 _____ () C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
2014-10-17 03:48 - 2014-10-17 03:48 - 00043008 _____ () c:\users\michaela\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpsvbrs5.dll
2013-08-23 21:01 - 2013-08-23 21:01 - 25100288 _____ () C:\Users\Michaela\AppData\Roaming\Dropbox\bin\libcef.dll
2012-08-10 17:51 - 2012-08-10 17:51 - 00985088 _____ () C:\Program Files\OpenOffice.org 3\program\libxml2.dll
2014-09-25 04:01 - 2014-09-25 04:01 - 03715184 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-02-09 01:20 - 2014-02-09 01:20 - 16287624 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_43.dll
2013-08-30 10:51 - 2013-08-30 10:51 - 00501560 _____ () C:\Program Files\TuneUp Utilities 2014\avgreplibx.dll
2014-10-17 21:36 - 2008-10-15 16:44 - 00205312 _____ () C:\Program Files\File Type Assistant\itdownload.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
========================= Accounts: ==========================
Administrator (S-1-5-21-942415238-3203751660-2953270710-500 - Administrator - Disabled)
Gast (S-1-5-21-942415238-3203751660-2953270710-501 - Limited - Disabled)
Michaela (S-1-5-21-942415238-3203751660-2953270710-1000 - Administrator - Enabled) => C:\Users\Michaela
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (10/18/2014 08:18:36 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (10/18/2014 08:18:28 AM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: MAHAKALA-PC)
Description: 0C:\Windows\explorer.exeWindows-Explorer0411730840
Error: (10/18/2014 08:11:25 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {516da998-ce88-4012-b842-b7a1c631a0b1}
Error: (10/17/2014 03:47:53 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (10/17/2014 03:47:53 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (10/17/2014 03:31:56 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/17/2014 03:08:33 AM) (Source: Perflib) (EventID: 1017) (User: )
Description: PolicyAgent
Error: (10/17/2014 03:08:33 AM) (Source: Perflib) (EventID: 1005) (User: )
Description: OpenIPSecPerformanceDataC:\Windows\System32\ipsecsvc.dllPolicyAgent4
Error: (10/17/2014 03:08:33 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4
Error: (10/17/2014 03:08:32 AM) (Source: Perflib) (EventID: 1010) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4
System errors:
=============
Error: (10/18/2014 08:19:21 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.
Neue Signaturversion:
Vorherige Signaturversion: 1.185.3455.0
Aktualisierungsquelle: %NT-AUTORITÄT59
Aktualisierungsphase: 4.6.0305.00
Quellpfad: 4.6.0305.01
Signaturtyp: %NT-AUTORITÄT602
Aktualisierungstyp: %NT-AUTORITÄT604
Benutzer: NT-AUTORITÄT\SYSTEM
Aktuelle Modulversion: %NT-AUTORITÄT605
Vorherige Modulversion: %NT-AUTORITÄT606
Fehlercode: %NT-AUTORITÄT607
Fehlerbeschreibung: %NT-AUTORITÄT608
Error: (10/17/2014 03:31:56 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058
Error: (10/17/2014 03:27:36 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
Error: (10/12/2014 05:29:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058
Error: (10/12/2014 05:29:10 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 12.10.2014 um 17:27:49 unerwartet heruntergefahren.
Error: (10/10/2014 02:00:32 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Advanced SystemCare Service 71
Microsoft Office Sessions:
=========================
Error: (10/18/2014 08:18:36 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe
Error: (10/18/2014 08:18:28 AM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: MAHAKALA-PC)
Description: 0C:\Windows\explorer.exeWindows-Explorer0411730840
Error: (10/18/2014 08:11:25 AM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {516da998-ce88-4012-b842-b7a1c631a0b1}
Error: (10/17/2014 03:47:53 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe
Error: (10/17/2014 03:47:53 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe
Error: (10/17/2014 03:31:56 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/17/2014 03:08:33 AM) (Source: Perflib) (EventID: 1017) (User: )
Description: PolicyAgent
Error: (10/17/2014 03:08:33 AM) (Source: Perflib) (EventID: 1005) (User: )
Description: OpenIPSecPerformanceDataC:\Windows\System32\ipsecsvc.dllPolicyAgent4
Error: (10/17/2014 03:08:33 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4
Error: (10/17/2014 03:08:32 AM) (Source: Perflib) (EventID: 1010) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4
CodeIntegrity Errors:
===================================
Date: 2014-10-19 20:05:05.188
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-10-19 20:05:04.996
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-10-19 20:05:04.800
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-10-19 20:05:04.600
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-10-19 20:05:04.060
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-10-19 20:05:03.848
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-10-19 20:05:03.653
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-10-19 20:05:03.308
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-10-12 17:33:27.999
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-10-12 17:33:27.821
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Processor: Intel(R) Core(TM)2 Duo CPU P8400 @ 2.26GHz
Percentage of memory in use: 78%
Total physical RAM: 3065.88 MB
Available physical RAM: 652.6 MB
Total Pagefile: 6330.89 MB
Available Pagefile: 3118.87 MB
Total Virtual: 2047.88 MB
Available Virtual: 1918.66 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:140.62 GB) (Free:51.13 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:147.46 GB) (Free:81.58 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: B6394A61)
Partition 1: (Not Active) - (Size=10 GB) - (Type=27)
Partition 2: (Active) - (Size=140.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=147.5 GB) - (Type=07 NTFS)
==================== End Of Log ============================
--- --- --- Tune Up Utilies lässt sich nicht deinstallieren ... ist immer noch in der Leiste unten links - trotz Deinstallation mit Revo Uninstaller |
|
20.10.2014, 17:46
| #14 |
| /// the machine /// TB-Ausbilder | Samsung Laptop hängt ständig - kann nicht mehr mit arbeiten Flash und Adobe updaten. IOBIT deinstallieren. Backup auf H löschen. Revo Uninstaller - Download - Filepony damit Firefox deinstallieren, keine Daten behalten, Reste entfernen lassen, neu installieren. Dann: https://support.mozilla.org/de/kb/fi...einfach-loesen Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop. Schließe nun alle offenen Programme und trenne Dich von dem Internet. Doppelklick auf die TFC.exe und drücke auf Start. Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen. Frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
21.10.2014, 22:46
| #15 |
| | Samsung Laptop hängt ständig - kann nicht mehr mit arbeiten ok - Danke ... ääähhmmm - wie mache ich denn updates??? IOBIT habe ich noch? aha ... hmm... REVO Uninstaller habe ich noch ... ... H ...aha muss ich schauen ... |
|
dann auf 
und dann auf 
. 
WARNUNG an die MITLESER: 
Linear-Darstellung
