| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Ads by CinPl-2.5c Virus und FolgeschädenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
15.10.2014, 18:16
| #1 |
 |  Ads by CinPl-2.5c Virus und Folgeschäden Hallo liebes Trojaner-Board-Team, ich habe mir bei einem Download wohl ein Virus eingefangen. Ich habe beim Download sämtliche Häkchen entfernt, die zusätzliche Programme installieren wollten. Erst nachdem ich auf "weiter" geklickt habe, habe ich gesehen, dass man noch weiter nach unten Scrollen konnte und dass vermutlich noch viel mehr Programme angewählt waren. Plötzlich hatte ich 20 neue, nervige Programme auf meinem Computer, die immer wieder noch mehr Programme installiert haben. Ich habe sie alle deinstalliert und hatte 2 Tage Ruhe. Gestern hatte ich auf Firefox ständig Anzeigen von "Ads by CinPl-2.5c" und konnte deswegen keine Videos mehr abspielen. Ich habe auch dieses Programm wieder deinstalliert, hat aber nichts gebracht. Ich habe dann versucht, das Problem durch folgendes Vorgehen loszuwerden: malwaretips.com/blogs/cinpl-2-5c-removal/ Ich kam aber nur zu dem Punkt mit dem AdwCleaner. Der hat leider nicht funktioniert. Er stürzt immer ab, wenn ich Daten löschen will. Auch andere Programme auf meinem Computer stürzen ab und alles ist sehr langsam. Ich bin ziemlich sicher, dass ich noch ein Virus auf meinem Computer habe. Ich hoffe sehr ihr könnt mir helfen, das wieder hinzukriegen? Danke schon mal und viele Grüße! |
|
15.10.2014, 18:19
| #2 |
| /// the machine /// TB-Ausbilder    | Ads by CinPl-2.5c Virus und Folgeschäden hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
15.10.2014, 19:26
| #3 |
| | Ads by CinPl-2.5c Virus und Folgeschäden Hallo,
__________________vielen Dank für deine schnelle Antwort. Hier FRST.txt: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-10-2014 01
Ran by ***** (administrator) on *****-PC on 15-10-2014 20:10:38
Running from C:\Users\*****\Desktop
Loaded Profile: ***** (Available profiles: ***** & ********** & DefaultAppPool)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(MAGIX AG) C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
() C:\Users\*****\AppData\Local\Genesis_10091331\Monitor_10091331.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
() C:\monitor.exe
(Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
() C:\Program Files\CyberLink\Shared files\RichVideo.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(X10) C:\Program Files\Common Files\X10\Common\X10nets.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Wistron) C:\Program Files\Launch Manager\HotkeyApp.exe
(Wistron Corp.) C:\Program Files\Launch Manager\OSD.exe
(Wistron Corp.) C:\Program Files\Launch Manager\WButton.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(CyberLink) C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Dropbox, Inc.) C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(MyOSCompany) C:\Program Files\PCTRunner\MyOSProtect.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [HotkeyApp] => C:\Program Files\Launch Manager\HotkeyApp.exe [200704 2009-12-14] (Wistron)
HKLM\...\Run: [LMgrVolOSD] => C:\Program Files\Launch Manager\OSD.exe [348960 2009-12-11] (Wistron Corp.)
HKLM\...\Run: [LMgrOSD] => "C:\Program Files\Launch Manager\OSDCtrl.exe"
HKLM\...\Run: [Wbutton] => C:\Program Files\Launch Manager\Wbutton.exe [413696 2010-01-13] (Wistron Corp.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1594664 2009-12-11] (Synaptics Incorporated)
HKLM\...\Run: [CLMLServer] => C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-11-02] (CyberLink)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [8522272 2010-03-02] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe [678432 2010-03-02] (Realtek Semiconductor)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-09-27] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [421736 2011-10-09] (Apple Inc.)
HKLM\...\Run: [DivXUpdate] => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1259376 2011-07-29] ()
HKLM\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [685048 2012-08-03] (Cisco Systems, Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [974432 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
HKLM\...\Run: [mbot_de_137] => [X]
HKU\S-1-5-21-3931753103-4279822412-3289483211-1000\...\Run: [Facebook Update] => C:\Users\*****\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-11] (Facebook Inc.)
HKU\S-1-5-21-3931753103-4279822412-3289483211-1000\...\Run: [Google Update] => C:\Users\*****\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-10-23] (Google Inc.)
HKU\S-1-5-21-3931753103-4279822412-3289483211-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [22038120 2014-08-27] (Skype Technologies S.A.)
HKU\S-1-5-21-3931753103-4279822412-3289483211-1000\...\Run: [smoother] => C:\Users\*****\AppData\Roaming\SmootherWeb\SmootherWeb-Installer.exe [489651 2014-08-27] ()
HKU\S-1-5-21-3931753103-4279822412-3289483211-1000\...\MountPoints2: {63698762-8fde-11df-9421-00262df5ba12} - F:\LaunchU3.exe -a
Startup: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\**********\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\**********\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
ShortcutTarget: OpenOffice.org 3.2.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJ_lxMV3YF4my25wxYHXyASziywErMfAcl0f0ZBtFdEQ5uxruqqo5PzmU0-suly99bF9-3ICIU-eo0MVw2M6TM7jnipZoxXW4JSDvu-BEU_KWrZ0y6o9ztbVcTzo65BQmkJWyhRYeGgPj1xw6WSlhZ0w,,&q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJ_lxMV3YF4my25wxYHXyASziywErMfAcl0f0ZBtFdEQ5uxruqqo5PzmU0-suly99bF9-3ICIU-eo0MVw2M6TM7jnuYS0ahIMOHM71tICfNk_U7USnRQz-LvIgqVmXizTbcG_bcg72RONUnIy0AfQeWA,,
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1412861457&from=tugs&uid=WDCXWD5000BEVT-00A0RT0_WD-WX31A207948079480&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://isearch.omiga-plus.com/?type=hp&ts=1412861457&from=tugs&uid=WDCXWD5000BEVT-00A0RT0_WD-WX31A207948079480
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://isearch.omiga-plus.com/?type=hp&ts=1412861457&from=tugs&uid=WDCXWD5000BEVT-00A0RT0_WD-WX31A207948079480
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1412861457&from=tugs&uid=WDCXWD5000BEVT-00A0RT0_WD-WX31A207948079480&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://isearch.omiga-plus.com/?type=sc&ts=1412861457&from=tugs&uid=WDCXWD5000BEVT-00A0RT0_WD-WX31A207948079480
SearchScopes: HKLM - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJ_lxMV3YF4my25wxYHXyASziywErMfAcl0f0ZBtFdEQ5uxruqqo5PzmU0-suly99bF9-3ICIU-eo0MVw2M6TM7jnipZoxXW4JSDvu-BEU_KWrZ0y6o9ztbVcTzo65BQmkJWyhRYfCJvnbUWlj6I4rwVXp7A,,&q={searchTerms}
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJ_lxMV3YF4my25wxYHXyASziywErMfAcl0f0ZBtFdEQ5uxruqqo5PzmU0-suly99bF9-3ICIU-eo0MVw2M6TM7jnipZoxXW4JSDvu-BEU_KWrZ0y6o9ztbVcTzo65BQmkJWyhRYeGgPj1xw6WSlhZ0w,,&q={searchTerms}
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3325582&octid=EB_ORIGINAL_CTID&ISID=ME5822137-BC8E-4CC0-8678-4DAE522EC745&SearchSource=58&CUI=&UM=2&UP=SP10212541-3ABC-47AC-A377-29708A714C1F&q={searchTerms}&SSPV=
BHO: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files\SupTab\SupTab.dll No File
BHO: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
DPF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Winsock: Catalog9 01 C:\Windows\system32\MyOSProtect.dll [304776] (MyOSCompany)
Winsock: Catalog9 02 C:\Windows\system32\MyOSProtect.dll [304776] (MyOSCompany)
Winsock: Catalog9 03 C:\Windows\system32\MyOSProtect.dll [304776] (MyOSCompany)
Winsock: Catalog9 04 C:\Windows\system32\MyOSProtect.dll [304776] (MyOSCompany)
Winsock: Catalog9 15 C:\Windows\system32\MyOSProtect.dll [304776] (MyOSCompany)
Tcpip\Parameters: [DhcpNameServer] 192.168.140.1
FireFox:
========
FF ProfilePath: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\q8g87hy9.default-1413320695280
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\npPDFXCviewNPPlugin.dll No File
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.3 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=12.0.1.647 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=12.0.1.647 -> C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=12.0.1.647 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=12.0.1.647 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=12.0.1.647 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: PDF Architect 2 -> C:\Program Files\PDF Architect 2\np-previewer.dll (pdfforge GmbH)
FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\npPDFXCviewNPPlugin.dll No File
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\*****\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\*****\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\*****\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\*****\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\*****\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\*****\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\*****\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\omiga-plus.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Smoother Web - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\q8g87hy9.default-1413320695280\Extensions\jid1-U7omKQ6kQfxMaQ@jetpack.xpi [2014-10-14]
FF Extension: Skype extension - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-05-09]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011-05-19]
FF HKLM\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2014-06-06]
FF HKLM\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\h3l95hqu.default\extensions\faststartff@gmail.com
Chrome:
=======
CHR HomePage: Default -> hxxp://isearch.omiga-plus.com/?type=hp&ts=1412861457&from=tugs&uid=WDCXWD5000BEVT-00A0RT0_WD-WX31A207948079480
CHR StartupUrls: Default -> "hxxp://isearch.omiga-plus.com/?type=hp&ts=1412861457&from=tugs&uid=WDCXWD5000BEVT-00A0RT0_WD-WX31A207948079480"
CHR Profile: C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-05]
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2014-01-31]
CHR Extension: (Google Wallet) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-22]
CHR Extension: (Citavi Picker) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohgndokldibnndfnjnagojmheejlengn [2014-07-16]
CHR Extension: (Quick start) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma [2014-10-14]
CHR HKLM\...\Chrome\Extension: [fnjbmmemklcjgepojigaapkoodmkgbae] - C:\Program Files\DivX\DivX Plus Web Player\google_chrome\wpa\wpa.crx []
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2011-05-19]
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\google_chrome\html5video\html5video.crx [2011-05-19]
CHR HKLM\...\Chrome\Extension: [ohgndokldibnndfnjnagojmheejlengn] - C:\Program Files\Citavi 4\Pickers\Chrome\ChromePicker.crx [2014-02-07]
CHR HKLM\...\Chrome\Extension: [pelmeidfhdlhlbjimpabfcbnnojbboma] - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx [2014-10-09]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2011-11-29] (Adobe Systems) [File not signed]
R2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1155072 2009-02-03] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [3276800 2008-08-07] (MAGIX®) [File not signed]
R2 GenesisMonitor; C:\Users\*****\AppData\Local\Genesis_10091331\Monitor_10091331.exe [3699200 2014-10-09] () [File not signed]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe [227232 2010-01-15] (McAfee, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation)
R3 MyOSProtect; C:\Program Files\PCTRunner\MyOSProtect.exe [1317096 2014-09-01] (MyOSCompany) [File not signed]
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation)
S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [36352 2009-12-12] () [File not signed]
S3 PDF Architect 2; C:\Program Files\PDF Architect 2\ws.exe [1716264 2014-04-30] (pdfforge GmbH)
S3 pdfforge CrashHandler; C:\Program Files\PDF Architect 2\crash-handler-ws.exe [861736 2014-04-30] (pdfforge GmbH)
S2 ProtectMonitor; C:\monitorsvc.exe [34244 2014-09-02] () [File not signed] <==== ATTENTION
R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [244904 2010-02-10] () [File not signed]
R2 vpnagent; C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [537592 2012-08-03] (Cisco Systems, Inc.)
S3 WisLMSvc; C:\Program Files\Launch Manager\WisLMSvc.exe [118560 2009-10-22] (Wistron Corp.)
R2 x10nets; C:\Program Files\Common Files\X10\Common\X10nets.exe [20480 2009-11-07] (X10) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 acsock; C:\Windows\System32\DRIVERS\acsock.sys [87976 2012-08-03] (Cisco Systems, Inc.)
S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
S4 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.)
S3 LVUSBSta; C:\Windows\System32\drivers\LVUSBSta.sys [41752 2008-07-26] (Logitech Inc.)
S3 mod7700; C:\Windows\System32\DRIVERS\mod7700.sys [786400 2009-08-13] (DiBcom SA)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation)
R1 pcwatch; C:\Windows\system32\Drivers\pcwatch.sys [20480 2014-09-01] () [File not signed] <==== ATTENTION
S3 pepifilter; C:\Windows\System32\DRIVERS\lv302af.sys [13848 2008-07-26] (Logitech Inc.)
R3 pfc; C:\Windows\System32\drivers\pfc.sys [10368 2005-11-02] (Padus, Inc.) [File not signed]
S3 PID_PEPI; C:\Windows\System32\DRIVERS\LV302V32.SYS [2570520 2008-07-26] (Logitech Inc.)
R3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [25984 2009-12-12] (The OpenVPN Project)
S1 vflt; C:\Windows\System32\DRIVERS\vfilter.sys [17920 2010-09-02] (Shrew Soft Inc) [File not signed]
S3 vnet; C:\Windows\System32\DRIVERS\virtualnet.sys [13824 2010-09-02] (Shrew Soft Inc) [File not signed]
R3 X10Hid; C:\Windows\System32\Drivers\x10hid.sys [13720 2009-05-13] (X10 Wireless Technology, Inc.)
R3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [27160 2009-05-13] (X10 Wireless Technology, Inc.)
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-15 20:10 - 2014-10-15 20:11 - 00026101 _____ () C:\Users\*****\Desktop\FRST.txt
2014-10-15 20:07 - 2014-10-15 20:10 - 00000000 ____D () C:\Users\*****\Desktop\aktuelle Dokumente
2014-10-15 20:04 - 2014-10-15 20:11 - 00000000 ____D () C:\FRST
2014-10-15 20:04 - 2014-10-15 20:04 - 01102336 _____ (Farbar) C:\Users\*****\Desktop\FRST.exe
2014-10-15 16:03 - 2014-10-15 17:57 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-14 23:15 - 2014-10-15 16:28 - 00000000 ____D () C:\AdwCleaner
2014-10-14 23:13 - 2014-10-14 23:14 - 01976320 _____ () C:\Users\*****\Downloads\adwcleaner_4.000.exe
2014-10-14 16:33 - 2014-10-14 16:33 - 00017360 _____ () C:\Users\*****\.recently-used.xbel
2014-10-14 00:29 - 2014-10-14 00:29 - 00131072 _____ () C:\Windows\Minidump\101414-33945-01.dmp
2014-10-14 00:25 - 2014-10-15 17:25 - 00001330 _____ () C:\Windows\Tasks\BIXK.job
2014-10-14 00:23 - 2014-10-15 17:25 - 00001330 _____ () C:\Windows\Tasks\VPOY.job
2014-10-14 00:23 - 2014-10-15 00:28 - 00000000 ____D () C:\Program Files\globalUpdate
2014-10-14 00:23 - 2014-10-14 00:23 - 00000000 ____D () C:\Users\*****\AppData\Local\globalUpdate
2014-10-13 02:06 - 2014-10-13 02:07 - 00000000 ____D () C:\Users\*****\Desktop\Wasen 11 10 14
2014-10-13 01:49 - 2014-10-13 03:00 - 00000000 ____D () C:\Users\*****\Desktop\GM
2014-10-13 01:49 - 2014-10-13 02:57 - 00000000 ____D () C:\Users\*****\Desktop\NIS
2014-10-12 01:48 - 2014-07-23 11:15 - 00967685 _____ () C:\Users\*****\Downloads\adblock_plus-2.6.4-fx+an+sm+tb.xpi
2014-10-12 01:47 - 2014-10-12 01:48 - 00919582 _____ () C:\Users\*****\Downloads\adblock_plus-2.6.4-fx_an_sm_tb.xpi.zip
2014-10-10 00:29 - 2014-10-10 00:29 - 00000000 ____D () C:\Program Files\predm
2014-10-09 19:43 - 2014-10-09 20:20 - 00001126 _____ () C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-10-09 16:11 - 2014-10-09 20:20 - 00002062 _____ () C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-10-09 16:05 - 2014-10-10 01:33 - 00000000 ____D () C:\ProgramData\Systweak
2014-10-09 16:05 - 2014-10-10 01:30 - 00000000 ____D () C:\Users\*****\AppData\Roaming\systweak
2014-10-09 16:03 - 2014-10-09 16:03 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SmootherWeb
2014-10-09 16:03 - 2014-10-09 16:03 - 00000000 ____D () C:\SmootherWeb
2014-10-09 16:03 - 2014-08-05 19:14 - 00018280 _____ () C:\Windows\system32\roboot.exe
2014-10-09 16:02 - 2014-10-10 01:28 - 00000000 ____D () C:\Users\*****\AppData\Roaming\LookThisUp
2014-10-09 16:01 - 2014-10-14 23:35 - 00000000 ____D () C:\Users\*****\AppData\Roaming\SmootherWeb
2014-10-09 15:45 - 2014-10-09 15:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InetStat
2014-10-09 15:36 - 2014-09-01 20:29 - 00020480 _____ () C:\Windows\system32\Drivers\pcwatch.sys
2014-10-09 15:35 - 2014-10-09 15:38 - 00009784 _____ () C:\Windows\system32\MyOSProtect.ini
2014-10-09 15:35 - 2014-09-01 20:28 - 00304776 _____ (MyOSCompany) C:\Windows\system32\MyOSProtect.dll
2014-10-09 15:34 - 2014-10-09 15:34 - 00000000 ____D () C:\Users\*****\AppData\Roaming\TuneUp Software
2014-10-09 15:34 - 2014-10-09 15:34 - 00000000 ____D () C:\Users\*****\AppData\Local\TuneUp Software
2014-10-09 15:33 - 2014-10-15 18:30 - 00000000 ____D () C:\Program Files\SupTab
2014-10-09 15:33 - 2014-10-14 00:32 - 00000000 ___HD () C:\Users\Public\Temp
2014-10-09 15:33 - 2014-10-10 00:30 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect
2014-10-09 15:33 - 2014-10-09 15:34 - 00000000 ____D () C:\ProgramData\IePluginServices
2014-10-09 15:33 - 2014-10-09 15:33 - 00000000 ____D () C:\Users\*****\Documents\Optimizer Pro
2014-10-09 15:32 - 2014-10-09 15:38 - 00000000 ____D () C:\ProgramData\TuneUp Software
2014-10-09 15:32 - 2014-10-09 15:32 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2014-10-09 15:31 - 2014-10-10 00:49 - 00000000 ____D () C:\Program Files\Optimizer Pro
2014-10-09 15:31 - 2014-10-09 15:31 - 00000000 ____D () C:\Users\*****\AppData\Local\Genesis_10091331
2014-10-09 15:30 - 2014-10-15 17:26 - 00000000 ____D () C:\Program Files\PCTRunner
2014-10-09 15:30 - 2014-10-09 15:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PepperZip
2014-10-09 15:30 - 2014-10-09 15:30 - 00000000 ____D () C:\Program Files\XTRM Group
2014-10-09 15:29 - 2014-10-10 00:28 - 00000000 ____D () C:\Users\*****\AppData\Local\Genesis_10091329
2014-10-09 15:21 - 2014-10-09 15:21 - 00000000 ____D () C:\Users\*****\AppData\Roaming\RHEng
2014-10-09 15:19 - 2014-10-09 15:20 - 29840688 _____ (DVDVideoSoft Ltd. ) C:\Users\*****\Downloads\FreeYouTubeDownload.exe
2014-10-01 21:58 - 2014-10-01 21:58 - 00000048 _____ () C:\Users\*****\.gtk-bookmarks
2014-10-01 12:33 - 2014-09-25 03:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-09-25 23:49 - 2014-09-25 23:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-09-25 23:49 - 2014-09-25 23:49 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-09-25 17:50 - 2014-09-25 17:50 - 00000000 ____D () C:\Users\**********\AppData\Local\Skype
2014-09-25 16:14 - 2014-09-26 16:29 - 00000000 ____D () C:\Users\**********\Desktop\Qualität Medienempfehlung
2014-09-24 17:27 - 2014-09-09 23:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-24 12:22 - 2014-09-24 12:22 - 00000000 ____D () C:\Users\**********\Documents\IBM
2014-09-23 14:05 - 2014-09-26 11:03 - 00000000 ____D () C:\Users\**********\Documents\Citavi 4
2014-09-23 14:05 - 2014-09-23 14:05 - 00000000 ____D () C:\Users\**********\AppData\Roaming\Swiss Academic Software
2014-09-23 13:11 - 2014-09-23 13:12 - 00323672 _____ (Dropbox, Inc.) C:\Users\**********\Downloads\DropboxInstaller.exe
2014-09-23 13:05 - 2014-09-23 13:05 - 00000000 ____D () C:\Users\**********\Downloads\Amos22
2014-09-23 13:01 - 2014-09-23 13:04 - 65286173 _____ (ALTAP) C:\Users\**********\Downloads\Amos_22_Win.exe
2014-09-23 12:59 - 2014-09-23 13:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IBM SPSS Statistics
2014-09-23 12:59 - 2014-09-23 12:59 - 00000000 ____D () C:\ProgramData\SPSS
2014-09-23 12:47 - 2014-09-23 12:48 - 00000000 ____D () C:\Users\**********\Downloads\SPSS22_win32
2014-09-23 12:16 - 2014-09-23 12:44 - 728491088 _____ (ALTAP) C:\Users\**********\Downloads\SPSS22_win32.exe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-15 20:10 - 2011-12-21 16:55 - 00001116 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3931753103-4279822412-3289483211-1000UA.job
2014-10-15 20:09 - 2010-05-01 15:08 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Skype
2014-10-15 19:52 - 2012-06-09 13:25 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-15 19:21 - 2010-08-13 13:08 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-15 19:09 - 2010-04-29 22:16 - 01976608 _____ () C:\Windows\WindowsUpdate.log
2014-10-15 17:40 - 2011-10-27 02:23 - 00001134 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3931753103-4279822412-3289483211-1000UA.job
2014-10-15 17:38 - 2011-02-02 17:50 - 00000000 ___RD () C:\Users\*****\Dropbox
2014-10-15 17:38 - 2011-02-02 17:49 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Dropbox
2014-10-15 17:30 - 2010-03-02 07:02 - 01748740 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-15 17:28 - 2009-07-14 06:34 - 00018928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-15 17:28 - 2009-07-14 06:34 - 00018928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-15 17:25 - 2010-08-13 13:08 - 00001090 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-15 17:18 - 2010-03-02 08:06 - 00197104 _____ () C:\Windows\PFRO.log
2014-10-15 17:18 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-15 17:18 - 2009-07-14 06:39 - 00212447 _____ () C:\Windows\setupact.log
2014-10-15 17:18 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Registration
2014-10-14 19:01 - 2011-11-01 22:25 - 00000000 ____D () C:\Users\*****\AppData\Roaming\DVDVideoSoft
2014-10-14 19:01 - 2011-04-12 00:11 - 00000000 ____D () C:\Users\*****\.gimp-2.6
2014-10-14 16:33 - 2010-04-29 22:16 - 00000000 ____D () C:\Users\*****
2014-10-14 16:05 - 2011-12-21 16:55 - 00001064 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3931753103-4279822412-3289483211-1000Core.job
2014-10-14 00:29 - 2010-11-08 13:57 - 00000000 ____D () C:\Windows\Minidump
2014-10-14 00:28 - 2010-11-08 13:57 - 592307826 _____ () C:\Windows\MEMORY.DMP
2014-10-13 23:33 - 2011-10-27 02:23 - 00001112 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3931753103-4279822412-3289483211-1000Core.job
2014-10-10 01:32 - 2014-05-09 22:15 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-10-09 20:20 - 2013-04-05 04:08 - 00002125 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-09 20:20 - 2010-04-29 22:17 - 00001417 _____ () C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-10-09 20:19 - 2012-12-24 22:32 - 00001125 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-10-09 15:33 - 2009-07-14 04:37 - 00000000 ___RD () C:\Users\Public
2014-10-08 01:35 - 2014-03-02 22:33 - 00000000 ____D () C:\Users\*****\Desktop\Privatsphäre
2014-10-07 17:28 - 2014-06-06 15:07 - 00000000 ____D () C:\Users\*****\Documents\Citavi 4
2014-10-06 21:54 - 2014-07-07 00:36 - 00000000 ____D () C:\Users\*****\Desktop\Poliskop
2014-10-06 17:39 - 2014-08-21 16:14 - 00000000 ____D () C:\Users\*****\Desktop\Bewerbungsfoto
2014-10-06 13:31 - 2011-04-12 00:19 - 00000000 ____D () C:\Users\*****\AppData\Roaming\gtk-2.0
2014-10-01 20:09 - 2011-01-05 02:17 - 00034816 _____ () C:\Users\*****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-09-30 22:04 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-09-26 16:29 - 2013-01-13 22:06 - 00000000 ___RD () C:\Users\**********\Dropbox
2014-09-26 16:28 - 2013-02-24 12:54 - 00000000 ____D () C:\Users\**********\AppData\Roaming\NetSpeedMonitor
2014-09-26 16:28 - 2012-09-05 11:01 - 00000000 ____D () C:\Users\**********
2014-09-26 10:51 - 2013-01-13 22:03 - 00000000 ____D () C:\Users\**********\AppData\Roaming\Dropbox
2014-09-26 10:49 - 2012-04-26 13:23 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-09-25 23:49 - 2010-05-01 15:06 - 00000000 ___RD () C:\Program Files\Skype
2014-09-25 23:49 - 2010-05-01 15:06 - 00000000 ____D () C:\ProgramData\Skype
2014-09-25 23:31 - 2012-09-07 14:52 - 00000000 ____D () C:\Users\**********\AppData\Roaming\Skype
2014-09-25 03:00 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-09-24 22:25 - 2013-02-24 13:25 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-24 12:22 - 2013-02-12 10:31 - 00000000 ____D () C:\Users\**********\Desktop\Erasmus
2014-09-24 12:15 - 2012-09-07 14:27 - 00000000 ____D () C:\Users\**********\AppData\Local\javasharedresources
2014-09-23 14:07 - 2010-04-30 00:41 - 00141248 _____ () C:\Users\*****\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-23 13:14 - 2013-01-13 22:06 - 00001029 _____ () C:\Users\**********\Desktop\Dropbox.lnk
2014-09-23 13:14 - 2013-01-13 22:05 - 00000000 ____D () C:\Users\**********\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-09-23 13:09 - 2012-09-07 14:45 - 00141248 _____ () C:\Users\**********\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-23 13:08 - 2009-07-14 06:33 - 00481128 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-23 13:05 - 2013-01-12 02:12 - 00000014 _____ () C:\Windows\system32\ssprs.tgz
2014-09-23 13:05 - 2012-09-07 14:20 - 00000219 _____ () C:\Windows\system32\lsprst7.tgz
2014-09-23 13:05 - 2012-09-07 14:20 - 00000205 _____ () C:\Windows\system32\lsprst7.dll
2014-09-23 13:05 - 2012-09-07 14:20 - 00000016 ____H () C:\Windows\system32\servdat.slm
2014-09-23 12:11 - 2012-09-05 11:04 - 00000000 ____D () C:\Users\**********\AppData\Local\Mozilla
2014-09-22 08:41 - 2010-03-02 08:22 - 00231568 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-19 14:36 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-09-19 12:48 - 2011-02-02 17:49 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
Some content of TEMP:
====================
C:\Users\*****\AppData\Local\Temp\APNSetup.exe
C:\Users\*****\AppData\Local\Temp\BackupSetup.exe
C:\Users\*****\AppData\Local\Temp\dlLogic.exe
C:\Users\*****\AppData\Local\Temp\dltr.exe
C:\Users\*****\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpgcaena.dll
C:\Users\*****\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\*****\AppData\Local\Temp\edsetup.exe
C:\Users\*****\AppData\Local\Temp\ffsetup.exe
C:\Users\*****\AppData\Local\Temp\GCVerifier.dll
C:\Users\*****\AppData\Local\Temp\HAlG4.exe
C:\Users\*****\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\*****\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\*****\AppData\Local\Temp\lshufytx.dll
C:\Users\*****\AppData\Local\Temp\optprosetup.exe
C:\Users\*****\AppData\Local\Temp\Quarantine.exe
C:\Users\*****\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\*****\AppData\Local\Temp\setup_337.exe
C:\Users\*****\AppData\Local\Temp\SHelp2.exe
C:\Users\*****\AppData\Local\Temp\SkypeSetup.exe
C:\Users\*****\AppData\Local\Temp\SNUH8.dll
C:\Users\*****\AppData\Local\Temp\SNUH8.exe
C:\Users\*****\AppData\Local\Temp\SpOrder.dll
C:\Users\*****\AppData\Local\Temp\sqlite3.dll
C:\Users\*****\AppData\Local\Temp\verifier.exe
C:\Users\*****\AppData\Local\Temp\VOPackage.exe
C:\Users\**********\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpgega5b.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-10-06 13:49
==================== End Of Log ============================
--- --- --- Und hier Addition.txt: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 15-10-2014 01
Ran by ***** at 2014-10-15 20:12:53
Running from C:\Users\*****\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft)
7-Zip 4.65 (HKLM\...\7-Zip) (Version: - )
Adobe Audition 2.0 (HKLM\...\Adobe Audition 2.0) (Version: 2.0 - Adobe Systems Incorporated)
Adobe Audition 2.0 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Bridge 1.0 (Version: 1.0.1.1 - Adobe Systems) Hidden
Adobe Common File Installer (Version: 1.00.002 - Adobe System Incorporated) Hidden
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Help Center 2.0 (Version: 2.0.0 - Adobe Systems) Hidden
Adobe Reader XI (11.0.09) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
ALDI SÜD Mah Jong (HKLM\...\ALDI SÜD Mah Jong) (Version: - )
Apple Application Support (HKLM\...\{A83279FD-CA4B-4206-9535-90974DE76654}) (Version: 2.1.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{A00B9A50-3090-4CFF-9CDA-82DA0BEDAA21}) (Version: 4.0.0.96 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.23 - Atheros Communications Inc.)
ATLAS.ti (HKLM\...\{8AE484A4-4772-4577-99EA-271C4B967906}) (Version: 7.0.83.0 - ATLAS.ti Scientific Software Development GmbH)
Audacity 1.2.6 (HKLM\...\Audacity_is1) (Version: - )
Audacity Recovery Utility (HKLM\...\AURC_is1) (Version: - Markus Meyer)
bcTester 4.9 (de) (HKLM\...\{CD27A577-BD77-481D-9E07-314AE9059A77}) (Version: 4.9.0 - QS QualitySoft GmbH)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Cisco AnyConnect Secure Mobility Client (HKLM\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.00495 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (Version: 3.1.00495 - Cisco Systems, Inc.) Hidden
Citavi 4 (HKLM\...\{CC0A85B2-734A-45B3-B678-05F6A6499AC7}) (Version: 4.3.0.15 - Swiss Academic Software)
Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CorelDRAW Essentials 4 - Content (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Draw (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Filters (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - ICA (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - IPM - No VBA (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang BR (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang DE (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang EN (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang ES (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang FR (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang IT (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang NL (Version: 4.0 - Uw bedrijfsnaam) Hidden
CorelDRAW Essentials 4 - PHOTO-PAINT (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Windows Shell Extension (HKLM\...\_{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}) (Version: - Corel Corporation)
CorelDRAW Essentials 4 - Windows Shell Extension (Version: 1.1 - Corel Corporation) Hidden
CorelDRAW Essentials 4 (HKLM\...\_{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}) (Version: - Corel Corporation)
CorelDRAW Essentials 4 (Version: 4.0 - Corel Corporation) Hidden
CyberLink LabelPrint (HKLM\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2602 - CyberLink Corp.)
CyberLink LabelPrint (Version: 2.5.2602 - CyberLink Corp.) Hidden
CyberLink MediaShow (HKLM\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 5.0.1410a - CyberLink Corp.)
CyberLink MediaShow (Version: 5.0.1410a - CyberLink Corp.) Hidden
CyberLink PhotoNow (HKLM\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.6904 - CyberLink Corp.)
CyberLink PhotoNow (Version: 1.1.6904 - CyberLink Corp.) Hidden
CyberLink Power2Go (HKLM\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3602c - CyberLink Corp.)
CyberLink Power2Go (Version: 6.1.3602c - CyberLink Corp.) Hidden
CyberLink PowerDirector (HKLM\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.2522 - CyberLink Corp.)
CyberLink PowerDirector (Version: 8.0.2522 - CyberLink Corp.) Hidden
CyberLink PowerDVD 9 (HKLM\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.2519.00 - CyberLink Corp.)
CyberLink PowerDVD 9 (Version: 9.0.2519.00 - CyberLink Corp.) Hidden
CyberLink PowerDVD Copy (HKLM\...\InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}) (Version: 1.5.1306 - CyberLink Corp.)
CyberLink PowerDVD Copy (Version: 1.5.1306 - CyberLink Corp.) Hidden
CyberLink PowerProducer (HKLM\...\InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 5.0.2.2326 - CyberLink Corp.)
CyberLink PowerProducer (Version: 5.0.2.2326 - CyberLink Corp.) Hidden
CyberLink YouCam (HKLM\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.0.2609 - CyberLink Corp.)
CyberLink YouCam (Version: 3.0.2609 - CyberLink Corp.) Hidden
DivX-Setup (HKLM\...\DivX Setup) (Version: 2.6.1.5 - DivX, LLC)
Dropbox (HKCU\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)
Express Dictate (HKLM\...\Express) (Version: 5.72 - NCH Software)
Express Scribe (HKLM\...\Scribe) (Version: 5.63 - NCH Software)
f4 2012 (HKLM\...\f42012) (Version: - audiotranskription.de)
Facebook Video Calling 3.1.0.521 (HKLM\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Firebird SQL Server - MAGIX Edition (HKLM\...\{3E6F0CAD-EE38-42A5-9EEA-AE17A55BF2D4}) (Version: 2.1.23.0 - MAGIX AG)
Free Easy Burner V 4.4.1 (HKLM\...\Free Easy Burner_is1) (Version: 4.4.1.0 - Koyote soft)
Free WAV to MP3 Converter (HKLM\...\Free WAV to MP3 Converter) (Version: 1.0 - Polaris-Software.com)
Frozen-Bubble 1.0 (HKLM\...\Frozen-Bubble_is1) (Version: - Frozen-Bubble.org)
Gephi 0.8.2 (HKLM\...\{51722911-C391-4118-97BF-B50100D2AB15}_is1) (Version: - Gephi)
GIMP 2.6.11 (HKLM\...\WinGimp-2.0_is1) (Version: 2.6.11 - The GIMP Team)
Google Chrome (HKLM\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)
Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Talk Plugin (HKLM\...\{C1E3DFE7-4EAD-3E9E-A826-E06055BA5921}) (Version: 5.4.2.18903 - Google)
Google+ Auto Backup (HKCU\...\Google+ Auto Backup) (Version: 1.0.26.151 - Google, Inc.)
Google+ Auto Backup (HKLM\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
IBM SPSS Amos 22 (HKLM\...\{DEB57287-C937-4DE9-939A-5ED3AB8F052D}) (Version: 22.0.0.0 - IBM Corp)
IBM SPSS Statistics 22 (HKLM\...\{104875A1-D083-4A34-BC4F-3F635B7F8EF7}) (Version: 22.0.0.0 - IBM Corp)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2092 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.0.1037 - Intel Corporation)
Intel(R) TV Wizard (HKLM\...\TVWiz) (Version: - Intel Corporation)
iTunes (HKLM\...\{29ED20C9-5E15-4969-9279-25BF3727A3DA}) (Version: 10.5.0.142 - Apple Inc.)
Java 7 Update 60 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.600 - Oracle)
Java Auto Updater (Version: 2.1.60.19 - Oracle, Inc.) Hidden
JDownloader (HKLM\...\JDownloader) (Version: 0.89 - AppWork UG (haftungsbeschränkt))
Junk Mail filter update (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Launch Manager V1.5.0.8 (HKLM\...\{D0846526-66DD-4DC9-A02C-98F9A2806812}) (Version: 1.5.0.8 - Wistron Corp.)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
MAXQDA 11 (Release 11.0.9b) (HKLM\...\MAXQDA11) (Version: (Release 11.0.9b) - VERBI Software.Consult.Sozialforschung GmbH)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 2.0.181.2 - McAfee, Inc.)
MEDION Fotos auf CD & DVD SE Sued (HKLM\...\MEDION Fotos auf CD & DVD SE Sued D) (Version: 8.0.3.4 - MAGIX AG)
Medion Home Cinema (HKLM\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.1318 - CyberLink Corp.)
Medion Home Cinema (Version: 8.0.1318 - CyberLink Corp.) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (German) (HKLM\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Suite Activation Assistant (HKLM\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.6.0305.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [DEU] (HKLM\...\{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM\...\{39D0E034-1042-4905-BECB-5502909FCB7C}) (Version: 9.7.0621 - Microsoft Corporation)
Mozilla Firefox 32.0.3 (x86 de) (HKLM\...\Mozilla Firefox 32.0.3 (x86 de)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NetSpeedMonitor 2.5.4.0 x86 (HKLM\...\{86501894-E722-4385-A792-B7C2F28FAE7B}) (Version: 2.5.4.0 - Florian Gilles)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
OpenOffice.org 3.2 (HKLM\...\{192A107E-C6B9-41B9-BDBF-38E3AA226054}) (Version: 3.2.9483 - OpenOffice.org)
OpenVPN 2.1.1 (HKLM\...\OpenVPN) (Version: 2.1.1 - )
PDF Architect 2 (HKLM\...\PDF Architect 2) (Version: 2.0.24.16092 - pdfforge GmbH)
PDF Architect 2 View Module (HKLM\...\{46889070-D447-4936-A5D3-246DB972FA2E}) (Version: 2.0.6.16537 - pdfforge GmbH)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.3 - pdfforge)
PDF-Viewer (HKLM\...\{8D273DE5-ABFA-4BD0-A9D7-EE9C971438C4}_is1) (Version: 2.0.52.0 - Tracker Software Products Ltd)
PhonerLite 2.07 (HKLM\...\PhonerLite_is1) (Version: 2.07 - Heiko Sommerfeldt)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PlayReady PC Runtime x86 (HKLM\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
QuickTime (HKLM\...\{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}) (Version: 7.66.71.0 - Apple Inc.)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM\...\RealPlayer 12.0) (Version: - RealNetworks)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6057 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30101 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM\...\{9D3D8C60-A55F-4fed-B2B9-173F09590E16}) (Version: 1.00.0145 - REALTEK Semiconductor Corp.)
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Skype Toolbars (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.3.7555 - Skype Technologies S.A.)
Skype™ 6.20 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
SmootherWeb (HKCU Version: 1.0 - SmootherWeb LLC) Hidden
Sven Bømwøllen DL (HKLM\...\{0E5C4DE6-101B-11D6-986D-00500443CF9F}) (Version: - )
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.19.0 - Synaptics Incorporated)
TeamViewer 9 (HKLM\...\TeamViewer 9) (Version: 9.0.29947 - TeamViewer)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
VoipConnect (HKLM\...\VoipConnect_is1) (Version: 4.12 build 690 - Finarea S.A. Switzerland)
Windows Live Call (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Communications Platform (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Essentials (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live ID-Anmelde-Assistent (HKLM\...\{10A44844-4465-456E-8C97-80BDD4F68845}) (Version: 6.500.3146.0 - Microsoft Corporation)
Windows Live Mail (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Movie Maker (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM\...\{586509F0-350D-48B5-B763-9CC2F8D96C4C}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live Writer (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live-Uploadtool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR (HKLM\...\WinRAR archiver) (Version: - )
X10 Hardware(TM) (HKLM\...\X10Hardware) (Version: - )
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-3931753103-4279822412-3289483211-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3931753103-4279822412-3289483211-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\*****\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3931753103-4279822412-3289483211-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.21.135\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3931753103-4279822412-3289483211-1000_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\ProgramData\Skype Extras\ezPMUtils.dll (EasyBits Media)
CustomCLSID: HKU\S-1-5-21-3931753103-4279822412-3289483211-1000_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.21.99\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3931753103-4279822412-3289483211-1000_Classes\CLSID\{1FD1FE74-9E3C-4C1C-AEEB-AAB592AD770F}\localserver32 -> C:\Users\*****\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-3931753103-4279822412-3289483211-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3931753103-4279822412-3289483211-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3931753103-4279822412-3289483211-1000_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.21.79\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3931753103-4279822412-3289483211-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.23.9\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3931753103-4279822412-3289483211-1000_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Google Talk Plugin\googletalkax.dll (Google)
CustomCLSID: HKU\S-1-5-21-3931753103-4279822412-3289483211-1000_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\ProgramData\Skype Extras\ezPMUtils.dll (EasyBits Media)
CustomCLSID: HKU\S-1-5-21-3931753103-4279822412-3289483211-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3931753103-4279822412-3289483211-1000_Classes\CLSID\{5E71E4F3-E8C7-4906-9626-973E418762B6}\InprocServer32 -> C:\Users\*****\AppData\Local\Facebook\Update\1.2.205.0\goopdate.dll (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-3931753103-4279822412-3289483211-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.21.145\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3931753103-4279822412-3289483211-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.21.123\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3931753103-4279822412-3289483211-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.21.153\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3931753103-4279822412-3289483211-1000_Classes\CLSID\{8B9F5BF4-0407-4BB2-9FED-4C0372DABD00}\localserver32 -> C:\Users\*****\AppData\Local\Facebook\Video\Skype\FacebookVideoCallingProxy.exe (Skype Limited)
CustomCLSID: HKU\S-1-5-21-3931753103-4279822412-3289483211-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.24.15\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3931753103-4279822412-3289483211-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.22.3\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3931753103-4279822412-3289483211-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.21.165\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3931753103-4279822412-3289483211-1000_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Google Talk Plugin\o1dax.dll (Google)
CustomCLSID: HKU\S-1-5-21-3931753103-4279822412-3289483211-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3931753103-4279822412-3289483211-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3931753103-4279822412-3289483211-1000_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.21.115\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3931753103-4279822412-3289483211-1000_Classes\CLSID\{CBE9C57E-FFA9-4123-8354-AD360D6DD3CC}\InprocServer32 -> C:\Users\*****\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CustomCLSID: HKU\S-1-5-21-3931753103-4279822412-3289483211-1000_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-3931753103-4279822412-3289483211-1000_Classes\CLSID\{DD704315-4A5F-4002-A644-E892F988C376}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3931753103-4279822412-3289483211-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3931753103-4279822412-3289483211-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.24.15\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3931753103-4279822412-3289483211-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.22.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3931753103-4279822412-3289483211-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3931753103-4279822412-3289483211-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3931753103-4279822412-3289483211-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3931753103-4279822412-3289483211-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3931753103-4279822412-3289483211-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3931753103-4279822412-3289483211-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3931753103-4279822412-3289483211-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3931753103-4279822412-3289483211-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3931753103-4279822412-3289483211-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.21.111\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3931753103-4279822412-3289483211-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.24.7\psuser.dll No File
==================== Restore Points =========================
25-09-2014 01:00:14 Windows Update
28-09-2014 19:08:45 Windows Update
02-10-2014 01:00:26 Windows Update
05-10-2014 10:39:36 Windows Update
08-10-2014 19:06:24 Windows Update
09-10-2014 13:54:08 Removed MySafeProxy for Internet Explorer
09-10-2014 22:11:27 TuneUp Utilities 2014 wird entfernt
09-10-2014 22:24:43 TuneUp Utilities 2014 (de-DE) wird entfernt
12-10-2014 16:39:23 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {19ACD1F7-775D-4246-BE88-A305366F68BF} - System32\Tasks\VPOY => C:\Users\*****\AppData\Roaming\VPOY.exe <==== ATTENTION
Task: {1AB69FC5-A597-41C8-A704-06595D43B78C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-08-13] (Google Inc.)
Task: {3CA0D795-0144-4E8C-BB23-F8FC8A48D6FD} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3931753103-4279822412-3289483211-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2011-03-29] (RealNetworks, Inc.)
Task: {5E4FF61E-67D2-4B15-973B-61632226BDD8} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3931753103-4279822412-3289483211-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2011-03-29] (RealNetworks, Inc.)
Task: {68607171-5504-4E5F-B39C-3A9E273B57FE} - System32\Tasks\LaunchSignup => C:\Program Files\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {8314C4F1-AEB8-41CC-88A2-DA5F0C9D473C} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3931753103-4279822412-3289483211-1000UA => C:\Users\*****\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-11] (Facebook Inc.)
Task: {8458E8C3-139E-44DB-B8C0-3A4E0C84ED1F} - System32\Tasks\BIXK => C:\Users\*****\AppData\Roaming\BIXK.exe <==== ATTENTION
Task: {8AAB0214-FE90-4C8F-A501-B685A696C804} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3931753103-4279822412-3289483211-1000Core => C:\Users\*****\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-23] (Google Inc.)
Task: {90DECD51-63B6-46B0-973F-1D8D94C7E5AC} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3931753103-4279822412-3289483211-1000Core => C:\Users\*****\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-11] (Facebook Inc.)
Task: {B8FDD365-6349-4369-A050-EDCDECE0CFE7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-08-13] (Google Inc.)
Task: {C0B941FB-A5DB-43B2-BAFB-E8F55D9D6E5D} - System32\Tasks\{7F9ECA82-61A3-485A-991F-5C86ABC96C54} => C:\Program Files\Skype\Phone\Skype.exe [2014-08-27] (Skype Technologies S.A.)
Task: {EE57C8E7-3CB2-4FC7-9350-B57CDD06E41D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3931753103-4279822412-3289483211-1000UA => C:\Users\*****\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-23] (Google Inc.)
Task: {F781DC49-D43E-4507-9BAE-F3EF225B309B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-10] (Adobe Systems Incorporated)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\BIXK.job => C:\Users\*****\AppData\Roaming\BIXK.exe <==== ATTENTION
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3931753103-4279822412-3289483211-1000Core.job => C:\Users\*****\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3931753103-4279822412-3289483211-1000UA.job => C:\Users\*****\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3931753103-4279822412-3289483211-1000Core.job => C:\Users\*****\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3931753103-4279822412-3289483211-1000UA.job => C:\Users\*****\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\VPOY.job => C:\Users\*****\AppData\Roaming\VPOY.exe <==== ATTENTION
==================== Loaded Modules (whitelisted) =============
2012-08-03 21:53 - 2012-08-03 21:53 - 00062968 _____ () C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2014-10-09 15:31 - 2014-10-15 17:18 - 00679936 _____ () C:\Windows\TEMP\m32.dll
2012-12-24 15:53 - 2012-09-18 16:26 - 00169472 _____ () C:\Windows\System32\zlhp1020.dll
2012-12-24 15:53 - 2012-09-18 16:26 - 00059904 _____ () C:\Windows\system32\spool\PRTPROCS\W32X86\pphp1020.dll
2011-09-27 08:23 - 2011-09-27 08:23 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2011-09-27 08:22 - 2011-09-27 08:22 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-10-09 15:31 - 2014-10-09 15:31 - 03699200 _____ () C:\Users\*****\AppData\Local\Genesis_10091331\Monitor_10091331.exe
2014-09-02 21:55 - 2014-09-02 21:55 - 00487483 _____ () C:\monitor.exe
2010-03-02 07:59 - 2010-02-10 13:34 - 00244904 ____N () C:\Program Files\CyberLink\Shared files\RichVideo.exe
2010-03-02 07:17 - 2009-10-02 14:18 - 00058880 _____ () C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2010-09-11 16:46 - 2010-03-15 11:28 - 00141824 _____ () C:\Program Files\WinRAR\rarext.dll
2009-11-02 15:20 - 2009-11-02 15:20 - 00619816 ____N () C:\Program Files\CyberLink\Power2Go\CLMediaLibrary.dll
2009-11-02 15:23 - 2009-11-02 15:23 - 00013096 ____N () C:\Program Files\CyberLink\Power2Go\CLMLSvcPS.dll
2011-07-29 01:08 - 2011-07-29 01:08 - 01259376 _____ () C:\Program Files\DivX\DivX Update\DivXUpdate.exe
2011-07-29 01:09 - 2011-07-29 01:09 - 00096112 _____ () C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
2011-10-21 17:50 - 2011-10-21 17:50 - 00094208 _____ () C:\Windows\System32\IccLibDll.dll
2014-10-15 17:35 - 2014-10-15 17:35 - 00043008 _____ () c:\users\*****\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpgcaena.dll
2013-08-23 21:01 - 2013-08-23 21:01 - 25100288 _____ () C:\Users\*****\AppData\Roaming\Dropbox\bin\libcef.dll
2014-09-04 01:24 - 2014-09-04 01:24 - 00827392 _____ () C:\Program Files\pctrunner\pcproxydll.dll
2014-05-09 22:15 - 2014-09-25 12:04 - 03715184 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-09-10 18:52 - 2014-09-10 18:52 - 16825520 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\pcwatch.sys => ""="Driver" <==== ATTENTION
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MyOSProtect => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\pcwatch.sys => ""="Driver" <==== ATTENTION
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
HKU\S-1-5-21-3931753103-4279822412-3289483211-1000\Software\Classes\.exe: => <===== ATTENTION!
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^Users^*****^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: DivX Download Manager => "C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe" start
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: TkBellExe => "C:\Program Files\Real\RealPlayer\Update\realsched.exe" -osboot
========================= Accounts: ==========================
Administrator (S-1-5-21-3931753103-4279822412-3289483211-500 - Administrator - Disabled)
***** (S-1-5-21-3931753103-4279822412-3289483211-1000 - Administrator - Enabled) => C:\Users\*****
********** (S-1-5-21-3931753103-4279822412-3289483211-1003 - Administrator - Enabled) => C:\Users\**********
Gast (S-1-5-21-3931753103-4279822412-3289483211-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3931753103-4279822412-3289483211-1002 - Limited - Enabled)
==================== Faulty Device Manager Devices =============
Name: Shrew Soft Lightweight Filter
Description: Shrew Soft Lightweight Filter
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: vflt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (10/15/2014 05:32:44 PM) (Source: Windows Search Service) (EventID: 3100) (User: )
Description: Der Filterhostprozess kann nicht initialisiert werden. Der Vorgang wird abgebrochen.
Details:
Dieser Vorgang wurde wegen Zeitüberschreitung zurückgegeben. (HRESULT : 0x800705b4) (0x800705b4)
Error: (10/15/2014 03:31:24 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm adwcleaner_4.000.exe, Version 4.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 40d4
Startzeit: 01cfe87a34153549
Endzeit: 285
Anwendungspfad: C:\Users\*****\Downloads\adwcleaner_4.000.exe
Berichts-ID: 7bbff3ff-546f-11e4-9241-00262df5ba12
Error: (10/15/2014 03:15:12 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm adwcleaner_4.000.exe, Version 4.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 24cc
Startzeit: 01cfe877b49acf76
Endzeit: 255
Anwendungspfad: C:\Users\*****\Downloads\adwcleaner_4.000.exe
Berichts-ID: 45101e0a-546d-11e4-9241-00262df5ba12
Error: (10/15/2014 00:58:05 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm adwcleaner_4.000.exe, Version 4.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 58d4
Startzeit: 01cfe7fd29f48754
Endzeit: 1311
Anwendungspfad: C:\Users\*****\Downloads\adwcleaner_4.000.exe
Berichts-ID: 46d0fa67-53f5-11e4-a7ce-00262df5ba12
Error: (10/15/2014 00:19:23 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm adwcleaner_4.000.exe, Version 4.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 3a4c
Startzeit: 01cfe7fb6fb889ab
Endzeit: 147
Anwendungspfad: C:\Users\*****\Downloads\adwcleaner_4.000.exe
Berichts-ID: 17c57547-53f0-11e4-a7ce-00262df5ba12
Error: (10/15/2014 00:08:34 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm adwcleaner_4.000.exe, Version 4.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 26dc
Startzeit: 01cfe7fa37afc3c8
Endzeit: 426
Anwendungspfad: C:\Users\*****\Downloads\adwcleaner_4.000.exe
Berichts-ID: 9892c9f9-53ee-11e4-a7ce-00262df5ba12
Error: (10/14/2014 07:03:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 32.0.3.5379, Zeitstempel: 0x54224e6b
Name des fehlerhaften Moduls: mozalloc.dll, Version: 32.0.3.5379, Zeitstempel: 0x54221b67
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000141b
ID des fehlerhaften Prozesses: 0x383b4
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Error: (10/14/2014 01:16:03 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3276
Error: (10/14/2014 01:16:03 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3276
Error: (10/14/2014 01:16:03 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
System errors:
=============
Error: (10/15/2014 05:44:45 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "MyOSProtect" wurde unerwartet beendet. Dies ist bereits 6 Mal passiert.
Error: (10/15/2014 05:44:09 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "MyOSProtect" wurde unerwartet beendet. Dies ist bereits 5 Mal passiert.
Error: (10/15/2014 05:43:25 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "MyOSProtect" wurde unerwartet beendet. Dies ist bereits 4 Mal passiert.
Error: (10/15/2014 05:42:37 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "MyOSProtect" wurde unerwartet beendet. Dies ist bereits 3 Mal passiert.
Error: (10/15/2014 05:41:56 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "MyOSProtect" wurde unerwartet beendet. Dies ist bereits 2 Mal passiert.
Error: (10/15/2014 05:41:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (10/15/2014 05:41:13 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Media Player-Netzwerkfreigabedienst erreicht.
Error: (10/15/2014 05:41:08 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {94B83936-77EA-4708-8FC5-F3BBC55C2A32}
Error: (10/15/2014 05:40:41 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "MyOSProtect" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (10/15/2014 05:40:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Microsoft Office Sessions:
=========================
Error: (09/23/2014 02:07:37 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6700.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 22 seconds with 0 seconds of active time. This session ended with a crash.
Error: (03/31/2014 03:03:38 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 31712 seconds with 18180 seconds of active time. This session ended with a crash.
Error: (06/08/2010 09:12:36 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6514.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 33793 seconds with 2220 seconds of active time. This session ended with a crash.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i3 CPU M 330 @ 2.13GHz
Percentage of memory in use: 58%
Total physical RAM: 3510.6 MB
Available physical RAM: 1468.38 MB
Total Pagefile: 7019.49 MB
Available Pagefile: 4832.83 MB
Total Virtual: 2047.88 MB
Available Virtual: 1891.57 MB
==================== Drives ================================
Drive c: (Boot) (Fixed) (Total:424.66 GB) (Free:222.36 GB) NTFS
Drive d: (Recover) (Fixed) (Total:40 GB) (Free:20.45 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 50BFC7F2)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=424.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=40 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)
==================== End Of Log ============================
|
|
16.10.2014, 16:07
| #4 |
| /// the machine /// TB-Ausbilder | Ads by CinPl-2.5c Virus und Folgeschäden hi, Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
16.10.2014, 19:23
| #5 |
| | Ads by CinPl-2.5c Virus und Folgeschäden Hallo Schrauber, ich habe Combofix durchgeführt, aber es ist nichts passiert. Kein Neustart, kein Logfile. Heißt das mein PC ist virenfrei? Oder hat irgendwas nicht funktioniert? Ich habe gestern vergessen ein kleines (aber wahrscheinlich wichtiges) Detail zu erwähnen: Kurz bevor ich geschrieben habe, habe ich Malwarebytes Anti-Malware laufen lassen, dachte aber, dass sich nichts verändert hätte, weil der PC nach dem Neustart immer noch sehr langsam oder sogar noch langsamer war. Deswegen mein Post. Nach einer Weile sind aber immer wieder kleine Fenster erschienen, die infizierte Programme gemeldet haben, die ich dann in Quarantäne verschoben habe. Inzwischen scheint alles wieder normal zu laufen. Kann es sein, dass sich das Problem damit erledigt hat? Sorry, wenn ich dich umsonst bemüht haben sollte! (Ich schreibe grade meine Abschlussarbeit und mir kommen Computerprobleme sehr ungelegen...) Liebe Grüße! |
|
17.10.2014, 19:11
| #6 |
| /// the machine /// TB-Ausbilder | Ads by CinPl-2.5c Virus und Folgeschäden Poste mal bitte ein frisches FRST log.
__________________ --> Ads by CinPl-2.5c Virus und Folgeschäden |
|
17.10.2014, 19:49
| #7 |
| | Ads by CinPl-2.5c Virus und Folgeschäden ok FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 16-10-2014
Ran by ***** (administrator) on *****-PC on 17-10-2014 20:39:44
Running from C:\Users\*****\Desktop
Loaded Profile: ***** (Available profiles: ***** & ********** & DefaultAppPool)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(MAGIX AG) C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
() C:\Users\*****\AppData\Local\Genesis_10091331\Monitor_10091331.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
() C:\monitor.exe
(Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
() C:\Program Files\CyberLink\Shared files\RichVideo.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(X10) C:\Program Files\Common Files\X10\Common\X10nets.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Wistron) C:\Program Files\Launch Manager\HotkeyApp.exe
(Wistron Corp.) C:\Program Files\Launch Manager\OSD.exe
(Wistron Corp.) C:\Program Files\Launch Manager\WisLMSvc.exe
(Wistron Corp.) C:\Program Files\Launch Manager\WButton.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(CyberLink) C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(MyOSCompany) C:\Program Files\PCTRunner\MyOSProtect.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Dropbox, Inc.) C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [HotkeyApp] => C:\Program Files\Launch Manager\HotkeyApp.exe [200704 2009-12-14] (Wistron)
HKLM\...\Run: [LMgrVolOSD] => C:\Program Files\Launch Manager\OSD.exe [348960 2009-12-11] (Wistron Corp.)
HKLM\...\Run: [LMgrOSD] => "C:\Program Files\Launch Manager\OSDCtrl.exe"
HKLM\...\Run: [Wbutton] => C:\Program Files\Launch Manager\Wbutton.exe [413696 2010-01-13] (Wistron Corp.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1594664 2009-12-11] (Synaptics Incorporated)
HKLM\...\Run: [CLMLServer] => C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-11-02] (CyberLink)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [8522272 2010-03-02] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe [678432 2010-03-02] (Realtek Semiconductor)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-09-27] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [421736 2011-10-09] (Apple Inc.)
HKLM\...\Run: [DivXUpdate] => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1259376 2011-07-29] ()
HKLM\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [685048 2012-08-03] (Cisco Systems, Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [974432 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
HKLM\...\Run: [mbot_de_137] => [X]
HKU\S-1-5-21-3931753103-4279822412-3289483211-1000\...\Run: [Facebook Update] => C:\Users\*****\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-11] (Facebook Inc.)
HKU\S-1-5-21-3931753103-4279822412-3289483211-1000\...\Run: [Google Update] => C:\Users\*****\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-10-23] (Google Inc.)
HKU\S-1-5-21-3931753103-4279822412-3289483211-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [22038120 2014-08-27] (Skype Technologies S.A.)
HKU\S-1-5-21-3931753103-4279822412-3289483211-1000\...\Run: [smoother] => C:\Users\*****\AppData\Roaming\SmootherWeb\SmootherWeb-Installer.exe [489651 2014-08-27] ()
HKU\S-1-5-21-3931753103-4279822412-3289483211-1000\...\MountPoints2: {63698762-8fde-11df-9421-00262df5ba12} - F:\LaunchU3.exe -a
Startup: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\**********\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\**********\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
ShortcutTarget: OpenOffice.org 3.2.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJ_lxMV3YF4my25wxYHXyASziywErMfAcl0f0ZBtFdEQ5uxruqqo5PzmU0-suly99bF9-3ICIU-eo0MVw2M6TM7jnipZoxXW4JSDvu-BEU_KWrZ0y6o9ztbVcTzo65BQmkJWyhRYeGgPj1xw6WSlhZ0w,,&q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJ_lxMV3YF4my25wxYHXyASziywErMfAcl0f0ZBtFdEQ5uxruqqo5PzmU0-suly99bF9-3ICIU-eo0MVw2M6TM7jnuYS0ahIMOHM71tICfNk_U7USnRQz-LvIgqVmXizTbcG_bcg72RONUnIy0AfQeWA,,
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1412861457&from=tugs&uid=WDCXWD5000BEVT-00A0RT0_WD-WX31A207948079480&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://isearch.omiga-plus.com/?type=hp&ts=1412861457&from=tugs&uid=WDCXWD5000BEVT-00A0RT0_WD-WX31A207948079480
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://isearch.omiga-plus.com/?type=hp&ts=1412861457&from=tugs&uid=WDCXWD5000BEVT-00A0RT0_WD-WX31A207948079480
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1412861457&from=tugs&uid=WDCXWD5000BEVT-00A0RT0_WD-WX31A207948079480&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://isearch.omiga-plus.com/?type=sc&ts=1412861457&from=tugs&uid=WDCXWD5000BEVT-00A0RT0_WD-WX31A207948079480
SearchScopes: HKLM - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJ_lxMV3YF4my25wxYHXyASziywErMfAcl0f0ZBtFdEQ5uxruqqo5PzmU0-suly99bF9-3ICIU-eo0MVw2M6TM7jnipZoxXW4JSDvu-BEU_KWrZ0y6o9ztbVcTzo65BQmkJWyhRYfCJvnbUWlj6I4rwVXp7A,,&q={searchTerms}
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJ_lxMV3YF4my25wxYHXyASziywErMfAcl0f0ZBtFdEQ5uxruqqo5PzmU0-suly99bF9-3ICIU-eo0MVw2M6TM7jnipZoxXW4JSDvu-BEU_KWrZ0y6o9ztbVcTzo65BQmkJWyhRYeGgPj1xw6WSlhZ0w,,&q={searchTerms}
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3325582&octid=EB_ORIGINAL_CTID&ISID=ME5822137-BC8E-4CC0-8678-4DAE522EC745&SearchSource=58&CUI=&UM=2&UP=SP10212541-3ABC-47AC-A377-29708A714C1F&q={searchTerms}&SSPV=
BHO: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files\SupTab\SupTab.dll No File
BHO: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
DPF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Winsock: Catalog9 01 C:\Windows\system32\MyOSProtect.dll [304776] (MyOSCompany)
Winsock: Catalog9 02 C:\Windows\system32\MyOSProtect.dll [304776] (MyOSCompany)
Winsock: Catalog9 03 C:\Windows\system32\MyOSProtect.dll [304776] (MyOSCompany)
Winsock: Catalog9 04 C:\Windows\system32\MyOSProtect.dll [304776] (MyOSCompany)
Winsock: Catalog9 15 C:\Windows\system32\MyOSProtect.dll [304776] (MyOSCompany)
Tcpip\Parameters: [DhcpNameServer] 192.168.140.1
FireFox:
========
FF ProfilePath: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\q8g87hy9.default-1413320695280
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\npPDFXCviewNPPlugin.dll No File
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.3 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=12.0.1.647 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=12.0.1.647 -> C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=12.0.1.647 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=12.0.1.647 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=12.0.1.647 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: PDF Architect 2 -> C:\Program Files\PDF Architect 2\np-previewer.dll (pdfforge GmbH)
FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\npPDFXCviewNPPlugin.dll No File
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\*****\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\*****\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\*****\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\*****\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\*****\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\*****\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\*****\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\omiga-plus.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Smoother Web - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\q8g87hy9.default-1413320695280\Extensions\jid1-U7omKQ6kQfxMaQ@jetpack.xpi [2014-10-14]
FF Extension: Skype extension - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-05-09]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011-05-19]
FF HKLM\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2014-06-06]
FF HKLM\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\h3l95hqu.default\extensions\faststartff@gmail.com
Chrome:
=======
CHR HomePage: Default -> hxxp://isearch.omiga-plus.com/?type=hp&ts=1412861457&from=tugs&uid=WDCXWD5000BEVT-00A0RT0_WD-WX31A207948079480
CHR StartupUrls: Default -> "hxxp://isearch.omiga-plus.com/?type=hp&ts=1412861457&from=tugs&uid=WDCXWD5000BEVT-00A0RT0_WD-WX31A207948079480"
CHR Profile: C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-05]
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2014-01-31]
CHR Extension: (Google Wallet) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-22]
CHR Extension: (Citavi Picker) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohgndokldibnndfnjnagojmheejlengn [2014-07-16]
CHR Extension: (Quick start) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma [2014-10-14]
CHR HKLM\...\Chrome\Extension: [fnjbmmemklcjgepojigaapkoodmkgbae] - C:\Program Files\DivX\DivX Plus Web Player\google_chrome\wpa\wpa.crx []
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2011-05-19]
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\google_chrome\html5video\html5video.crx [2011-05-19]
CHR HKLM\...\Chrome\Extension: [ohgndokldibnndfnjnagojmheejlengn] - C:\Program Files\Citavi 4\Pickers\Chrome\ChromePicker.crx [2014-02-07]
CHR HKLM\...\Chrome\Extension: [pelmeidfhdlhlbjimpabfcbnnojbboma] - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx [2014-10-09]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2011-11-29] (Adobe Systems) [File not signed]
R2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1155072 2009-02-03] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [3276800 2008-08-07] (MAGIX®) [File not signed]
R2 GenesisMonitor; C:\Users\*****\AppData\Local\Genesis_10091331\Monitor_10091331.exe [3699200 2014-10-09] () [File not signed]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe [227232 2010-01-15] (McAfee, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation)
R3 MyOSProtect; C:\Program Files\PCTRunner\MyOSProtect.exe [1317096 2014-09-01] (MyOSCompany) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation)
S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [36352 2009-12-12] () [File not signed]
S3 PDF Architect 2; C:\Program Files\PDF Architect 2\ws.exe [1716264 2014-04-30] (pdfforge GmbH)
S3 pdfforge CrashHandler; C:\Program Files\PDF Architect 2\crash-handler-ws.exe [861736 2014-04-30] (pdfforge GmbH)
S2 ProtectMonitor; C:\monitorsvc.exe [34244 2014-09-02] () [File not signed] <==== ATTENTION
R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [244904 2010-02-10] () [File not signed]
R2 vpnagent; C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [537592 2012-08-03] (Cisco Systems, Inc.)
R3 WisLMSvc; C:\Program Files\Launch Manager\WisLMSvc.exe [118560 2009-10-22] (Wistron Corp.)
R2 x10nets; C:\Program Files\Common Files\X10\Common\X10nets.exe [20480 2009-11-07] (X10) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 acsock; C:\Windows\System32\DRIVERS\acsock.sys [87976 2012-08-03] (Cisco Systems, Inc.)
S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
S4 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.)
S3 LVUSBSta; C:\Windows\System32\drivers\LVUSBSta.sys [41752 2008-07-26] (Logitech Inc.)
S3 mod7700; C:\Windows\System32\DRIVERS\mod7700.sys [786400 2009-08-13] (DiBcom SA)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation)
R1 pcwatch; C:\Windows\system32\Drivers\pcwatch.sys [20480 2014-09-01] () [File not signed] <==== ATTENTION
S3 pepifilter; C:\Windows\System32\DRIVERS\lv302af.sys [13848 2008-07-26] (Logitech Inc.)
R3 pfc; C:\Windows\System32\drivers\pfc.sys [10368 2005-11-02] (Padus, Inc.) [File not signed]
S3 PID_PEPI; C:\Windows\System32\DRIVERS\LV302V32.SYS [2570520 2008-07-26] (Logitech Inc.)
R3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [25984 2009-12-12] (The OpenVPN Project)
S1 vflt; C:\Windows\System32\DRIVERS\vfilter.sys [17920 2010-09-02] (Shrew Soft Inc) [File not signed]
S3 vnet; C:\Windows\System32\DRIVERS\virtualnet.sys [13824 2010-09-02] (Shrew Soft Inc) [File not signed]
R3 X10Hid; C:\Windows\System32\Drivers\x10hid.sys [13720 2009-05-13] (X10 Wireless Technology, Inc.)
R3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [27160 2009-05-13] (X10 Wireless Technology, Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-17 20:39 - 2014-10-17 20:41 - 00026299 _____ () C:\Users\*****\Desktop\FRST.txt
2014-10-17 20:39 - 2014-10-17 20:39 - 00000000 ____D () C:\Users\*****\Desktop\FRST-OlderVersion
2014-10-17 13:03 - 2014-10-17 13:04 - 01054912 _____ (Adobe) C:\Users\*****\Downloads\install_flashplayer15x32au_mssa_aaa_aih.exe
2014-10-16 23:33 - 2014-10-10 03:44 - 00396288 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-16 23:33 - 2014-10-10 03:44 - 00230912 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-16 23:33 - 2014-10-10 03:39 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-16 23:33 - 2014-09-29 02:41 - 02379264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-16 23:33 - 2014-09-26 00:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-16 23:33 - 2014-09-19 03:14 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-16 23:33 - 2014-09-19 03:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-16 23:33 - 2014-09-19 03:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-16 23:33 - 2014-09-19 02:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-16 23:33 - 2014-09-19 02:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-16 23:33 - 2014-09-19 02:50 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-16 23:33 - 2014-09-19 02:44 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-16 23:33 - 2014-09-19 02:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-16 23:33 - 2014-09-04 07:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-16 23:32 - 2014-10-07 04:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-16 23:32 - 2014-09-26 00:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-16 23:32 - 2014-09-26 00:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-16 23:32 - 2014-09-26 00:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-16 23:32 - 2014-09-26 00:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-16 23:32 - 2014-09-19 03:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-16 23:32 - 2014-09-19 03:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-16 23:32 - 2014-09-19 03:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-16 23:32 - 2014-09-19 03:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-16 23:32 - 2014-09-19 02:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-16 23:32 - 2014-09-19 02:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-16 23:32 - 2014-09-19 02:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-16 23:32 - 2014-09-19 02:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-16 23:32 - 2014-09-19 02:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-16 23:32 - 2014-09-19 02:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-16 23:32 - 2014-09-19 02:20 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-16 23:32 - 2014-09-19 02:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-16 23:32 - 2014-09-19 02:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-16 23:32 - 2014-09-19 01:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-16 23:32 - 2014-09-19 01:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-16 23:32 - 2014-09-19 01:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-16 23:32 - 2014-08-29 03:44 - 04922368 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-16 23:32 - 2014-08-29 03:44 - 02744320 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-10-16 23:32 - 2014-08-29 03:44 - 01050112 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-16 23:32 - 2014-08-29 03:44 - 00269312 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2014-10-16 23:32 - 2014-08-29 03:44 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-10-16 23:32 - 2014-07-17 03:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-16 23:32 - 2014-07-17 03:39 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-16 23:32 - 2014-07-17 03:39 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-16 23:32 - 2014-07-17 03:39 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-16 23:32 - 2014-07-17 03:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-16 23:32 - 2014-07-17 03:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-16 23:32 - 2014-07-17 03:03 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-16 23:32 - 2014-07-17 03:02 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-16 23:32 - 2014-06-19 00:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-16 23:32 - 2014-06-19 00:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-16 23:32 - 2014-06-19 00:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-16 23:31 - 2014-09-18 03:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-16 23:31 - 2014-09-13 03:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-16 21:30 - 2014-10-16 21:30 - 00026638 _____ () C:\Users\*****\.recently-used.xbel
2014-10-16 19:49 - 2014-10-16 19:49 - 00000000 ___SD () C:\ComboFix
2014-10-16 19:43 - 2014-10-16 19:49 - 00000000 ____D () C:\Qoobox
2014-10-16 19:42 - 2014-10-16 19:42 - 00000000 ____D () C:\Windows\erdnt
2014-10-16 19:35 - 2014-10-16 19:35 - 05583559 ____R (Swearware) C:\Users\*****\Desktop\ComboFix.exe
2014-10-15 20:07 - 2014-10-15 20:10 - 00000000 ____D () C:\Users\*****\Desktop\aktuelle Dokumente
2014-10-15 20:04 - 2014-10-17 20:40 - 00000000 ____D () C:\FRST
2014-10-15 20:04 - 2014-10-17 20:39 - 01102848 _____ (Farbar) C:\Users\*****\Desktop\FRST.exe
2014-10-15 16:03 - 2014-10-15 17:57 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-14 23:15 - 2014-10-15 16:28 - 00000000 ____D () C:\AdwCleaner
2014-10-14 23:13 - 2014-10-14 23:14 - 01976320 _____ () C:\Users\*****\Downloads\adwcleaner_4.000.exe
2014-10-14 00:29 - 2014-10-14 00:29 - 00131072 _____ () C:\Windows\Minidump\101414-33945-01.dmp
2014-10-14 00:25 - 2014-10-17 12:59 - 00001330 _____ () C:\Windows\Tasks\BIXK.job
2014-10-14 00:23 - 2014-10-17 12:59 - 00001330 _____ () C:\Windows\Tasks\VPOY.job
2014-10-14 00:23 - 2014-10-15 00:28 - 00000000 ____D () C:\Program Files\globalUpdate
2014-10-14 00:23 - 2014-10-14 00:23 - 00000000 ____D () C:\Users\*****\AppData\Local\globalUpdate
2014-10-13 02:06 - 2014-10-13 02:07 - 00000000 ____D () C:\Users\*****\Desktop\Wasen 11 10 14
2014-10-13 01:49 - 2014-10-15 23:10 - 00000000 ____D () C:\Users\*****\Desktop\NIS
2014-10-13 01:49 - 2014-10-13 03:00 - 00000000 ____D () C:\Users\*****\Desktop\GM
2014-10-12 01:48 - 2014-07-23 11:15 - 00967685 _____ () C:\Users\*****\Downloads\adblock_plus-2.6.4-fx+an+sm+tb.xpi
2014-10-12 01:47 - 2014-10-12 01:48 - 00919582 _____ () C:\Users\*****\Downloads\adblock_plus-2.6.4-fx_an_sm_tb.xpi.zip
2014-10-10 00:29 - 2014-10-10 00:29 - 00000000 ____D () C:\Program Files\predm
2014-10-09 19:43 - 2014-10-09 20:20 - 00001126 _____ () C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-10-09 16:11 - 2014-10-09 20:20 - 00002062 _____ () C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-10-09 16:05 - 2014-10-10 01:33 - 00000000 ____D () C:\ProgramData\Systweak
2014-10-09 16:05 - 2014-10-10 01:30 - 00000000 ____D () C:\Users\*****\AppData\Roaming\systweak
2014-10-09 16:03 - 2014-10-09 16:03 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SmootherWeb
2014-10-09 16:03 - 2014-10-09 16:03 - 00000000 ____D () C:\SmootherWeb
2014-10-09 16:03 - 2014-08-05 19:14 - 00018280 _____ () C:\Windows\system32\roboot.exe
2014-10-09 16:02 - 2014-10-10 01:28 - 00000000 ____D () C:\Users\*****\AppData\Roaming\LookThisUp
2014-10-09 16:01 - 2014-10-14 23:35 - 00000000 ____D () C:\Users\*****\AppData\Roaming\SmootherWeb
2014-10-09 15:45 - 2014-10-09 15:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InetStat
2014-10-09 15:36 - 2014-09-01 20:29 - 00020480 _____ () C:\Windows\system32\Drivers\pcwatch.sys
2014-10-09 15:35 - 2014-10-09 15:38 - 00009784 _____ () C:\Windows\system32\MyOSProtect.ini
2014-10-09 15:35 - 2014-09-01 20:28 - 00304776 _____ (MyOSCompany) C:\Windows\system32\MyOSProtect.dll
2014-10-09 15:34 - 2014-10-09 15:34 - 00000000 ____D () C:\Users\*****\AppData\Roaming\TuneUp Software
2014-10-09 15:34 - 2014-10-09 15:34 - 00000000 ____D () C:\Users\*****\AppData\Local\TuneUp Software
2014-10-09 15:33 - 2014-10-15 18:30 - 00000000 ____D () C:\Program Files\SupTab
2014-10-09 15:33 - 2014-10-14 00:32 - 00000000 ___HD () C:\Users\Public\Temp
2014-10-09 15:33 - 2014-10-10 00:30 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect
2014-10-09 15:33 - 2014-10-09 15:34 - 00000000 ____D () C:\ProgramData\IePluginServices
2014-10-09 15:33 - 2014-10-09 15:33 - 00000000 ____D () C:\Users\*****\Documents\Optimizer Pro
2014-10-09 15:32 - 2014-10-09 15:38 - 00000000 ____D () C:\ProgramData\TuneUp Software
2014-10-09 15:32 - 2014-10-09 15:32 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2014-10-09 15:31 - 2014-10-10 00:49 - 00000000 ____D () C:\Program Files\Optimizer Pro
2014-10-09 15:31 - 2014-10-09 15:31 - 00000000 ____D () C:\Users\*****\AppData\Local\Genesis_10091331
2014-10-09 15:30 - 2014-10-15 17:26 - 00000000 ____D () C:\Program Files\PCTRunner
2014-10-09 15:30 - 2014-10-09 15:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PepperZip
2014-10-09 15:30 - 2014-10-09 15:30 - 00000000 ____D () C:\Program Files\XTRM Group
2014-10-09 15:29 - 2014-10-10 00:28 - 00000000 ____D () C:\Users\*****\AppData\Local\Genesis_10091329
2014-10-09 15:21 - 2014-10-09 15:21 - 00000000 ____D () C:\Users\*****\AppData\Roaming\RHEng
2014-10-09 15:19 - 2014-10-09 15:20 - 29840688 _____ (DVDVideoSoft Ltd. ) C:\Users\*****\Downloads\FreeYouTubeDownload.exe
2014-10-01 21:58 - 2014-10-01 21:58 - 00000048 _____ () C:\Users\*****\.gtk-bookmarks
2014-10-01 12:33 - 2014-09-25 03:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-09-25 23:49 - 2014-09-25 23:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-09-25 23:49 - 2014-09-25 23:49 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-09-25 17:50 - 2014-09-25 17:50 - 00000000 ____D () C:\Users\**********\AppData\Local\Skype
2014-09-25 16:14 - 2014-09-26 16:29 - 00000000 ____D () C:\Users\**********\Desktop\Qualität Medienempfehlung
2014-09-24 17:27 - 2014-09-09 23:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-24 12:22 - 2014-09-24 12:22 - 00000000 ____D () C:\Users\**********\Documents\IBM
2014-09-23 14:05 - 2014-09-26 11:03 - 00000000 ____D () C:\Users\**********\Documents\Citavi 4
2014-09-23 14:05 - 2014-09-23 14:05 - 00000000 ____D () C:\Users\**********\AppData\Roaming\Swiss Academic Software
2014-09-23 13:11 - 2014-09-23 13:12 - 00323672 _____ (Dropbox, Inc.) C:\Users\**********\Downloads\DropboxInstaller.exe
2014-09-23 13:05 - 2014-09-23 13:05 - 00000000 ____D () C:\Users\**********\Downloads\Amos22
2014-09-23 13:01 - 2014-09-23 13:04 - 65286173 _____ (ALTAP) C:\Users\**********\Downloads\Amos_22_Win.exe
2014-09-23 12:59 - 2014-09-23 13:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IBM SPSS Statistics
2014-09-23 12:59 - 2014-09-23 12:59 - 00000000 ____D () C:\ProgramData\SPSS
2014-09-23 12:47 - 2014-09-23 12:48 - 00000000 ____D () C:\Users\**********\Downloads\SPSS22_win32
2014-09-23 12:16 - 2014-09-23 12:44 - 728491088 _____ (ALTAP) C:\Users\**********\Downloads\SPSS22_win32.exe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-17 20:33 - 2011-10-27 02:23 - 00001134 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3931753103-4279822412-3289483211-1000UA.job
2014-10-17 20:21 - 2010-08-13 13:08 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-17 20:20 - 2010-05-01 15:08 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Skype
2014-10-17 20:10 - 2011-12-21 16:55 - 00001116 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3931753103-4279822412-3289483211-1000UA.job
2014-10-17 19:52 - 2012-06-09 13:25 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-17 16:50 - 2010-04-29 22:16 - 01847736 _____ () C:\Windows\WindowsUpdate.log
2014-10-17 15:53 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-10-17 15:42 - 2010-07-12 02:35 - 00000000 ____D () C:\Users\*****\Rezepte
2014-10-17 14:10 - 2011-12-21 16:55 - 00001064 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3931753103-4279822412-3289483211-1000Core.job
2014-10-17 13:26 - 2009-07-14 06:34 - 00018928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-17 13:26 - 2009-07-14 06:34 - 00018928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-17 13:02 - 2011-02-02 17:50 - 00000000 ___RD () C:\Users\*****\Dropbox
2014-10-17 13:02 - 2011-02-02 17:49 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Dropbox
2014-10-17 12:59 - 2010-08-13 13:08 - 00001090 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-17 12:58 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-17 12:58 - 2009-07-14 06:39 - 00212615 _____ () C:\Windows\setupact.log
2014-10-17 12:56 - 2009-07-14 06:33 - 00481128 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-17 12:56 - 2009-07-14 04:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-10-17 12:53 - 2014-05-06 21:41 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-17 12:53 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-10-17 01:55 - 2010-03-02 07:45 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-17 01:50 - 2013-08-30 11:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-17 01:39 - 2010-03-02 08:25 - 100290944 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-17 01:33 - 2011-04-12 00:11 - 00000000 ____D () C:\Users\*****\.gimp-2.6
2014-10-16 23:33 - 2011-10-27 02:23 - 00001112 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3931753103-4279822412-3289483211-1000Core.job
2014-10-16 21:30 - 2011-04-12 00:19 - 00000000 ____D () C:\Users\*****\AppData\Roaming\gtk-2.0
2014-10-16 21:30 - 2010-04-29 22:16 - 00000000 ____D () C:\Users\*****
2014-10-16 13:40 - 2010-03-02 07:02 - 01748740 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-16 11:18 - 2010-03-02 08:06 - 00197462 _____ () C:\Windows\PFRO.log
2014-10-15 17:18 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Registration
2014-10-14 19:01 - 2011-11-01 22:25 - 00000000 ____D () C:\Users\*****\AppData\Roaming\DVDVideoSoft
2014-10-14 00:29 - 2010-11-08 13:57 - 00000000 ____D () C:\Windows\Minidump
2014-10-14 00:28 - 2010-11-08 13:57 - 592307826 _____ () C:\Windows\MEMORY.DMP
2014-10-10 01:32 - 2014-05-09 22:15 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-10-09 20:20 - 2013-04-05 04:08 - 00002125 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-09 20:20 - 2010-04-29 22:17 - 00001417 _____ () C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-10-09 20:19 - 2012-12-24 22:32 - 00001125 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-10-09 15:33 - 2009-07-14 04:37 - 00000000 ___RD () C:\Users\Public
2014-10-08 01:35 - 2014-03-02 22:33 - 00000000 ____D () C:\Users\*****\Desktop\Privatsphäre
2014-10-07 17:28 - 2014-06-06 15:07 - 00000000 ____D () C:\Users\*****\Documents\Citavi 4
2014-10-06 21:54 - 2014-07-07 00:36 - 00000000 ____D () C:\Users\*****\Desktop\Poliskop
2014-10-06 17:39 - 2014-08-21 16:14 - 00000000 ____D () C:\Users\*****\Desktop\Bewerbungsfoto
2014-10-01 20:09 - 2011-01-05 02:17 - 00034816 _____ () C:\Users\*****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-09-30 22:04 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-09-26 16:29 - 2013-01-13 22:06 - 00000000 ___RD () C:\Users\**********\Dropbox
2014-09-26 16:28 - 2013-02-24 12:54 - 00000000 ____D () C:\Users\**********\AppData\Roaming\NetSpeedMonitor
2014-09-26 16:28 - 2012-09-05 11:01 - 00000000 ____D () C:\Users\**********
2014-09-26 10:51 - 2013-01-13 22:03 - 00000000 ____D () C:\Users\**********\AppData\Roaming\Dropbox
2014-09-26 10:49 - 2012-04-26 13:23 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-09-25 23:49 - 2010-05-01 15:06 - 00000000 ___RD () C:\Program Files\Skype
2014-09-25 23:49 - 2010-05-01 15:06 - 00000000 ____D () C:\ProgramData\Skype
2014-09-25 23:31 - 2012-09-07 14:52 - 00000000 ____D () C:\Users\**********\AppData\Roaming\Skype
2014-09-24 22:25 - 2013-02-24 13:25 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-24 12:22 - 2013-02-12 10:31 - 00000000 ____D () C:\Users\**********\Desktop\Erasmus
2014-09-24 12:15 - 2012-09-07 14:27 - 00000000 ____D () C:\Users\**********\AppData\Local\javasharedresources
2014-09-23 14:07 - 2010-04-30 00:41 - 00141248 _____ () C:\Users\*****\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-23 13:14 - 2013-01-13 22:06 - 00001029 _____ () C:\Users\**********\Desktop\Dropbox.lnk
2014-09-23 13:14 - 2013-01-13 22:05 - 00000000 ____D () C:\Users\**********\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-09-23 13:09 - 2012-09-07 14:45 - 00141248 _____ () C:\Users\**********\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-23 13:05 - 2013-01-12 02:12 - 00000014 _____ () C:\Windows\system32\ssprs.tgz
2014-09-23 13:05 - 2012-09-07 14:20 - 00000219 _____ () C:\Windows\system32\lsprst7.tgz
2014-09-23 13:05 - 2012-09-07 14:20 - 00000205 _____ () C:\Windows\system32\lsprst7.dll
2014-09-23 13:05 - 2012-09-07 14:20 - 00000016 ____H () C:\Windows\system32\servdat.slm
2014-09-23 12:11 - 2012-09-05 11:04 - 00000000 ____D () C:\Users\**********\AppData\Local\Mozilla
2014-09-22 08:41 - 2010-03-02 08:22 - 00231568 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-19 14:36 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-09-19 12:48 - 2011-02-02 17:49 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
Some content of TEMP:
====================
C:\Users\*****\AppData\Local\Temp\APNSetup.exe
C:\Users\*****\AppData\Local\Temp\BackupSetup.exe
C:\Users\*****\AppData\Local\Temp\dlLogic.exe
C:\Users\*****\AppData\Local\Temp\dltr.exe
C:\Users\*****\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpukezeu.dll
C:\Users\*****\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\*****\AppData\Local\Temp\edsetup.exe
C:\Users\*****\AppData\Local\Temp\ffsetup.exe
C:\Users\*****\AppData\Local\Temp\GCVerifier.dll
C:\Users\*****\AppData\Local\Temp\HAlG4.exe
C:\Users\*****\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\*****\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\*****\AppData\Local\Temp\lshufytx.dll
C:\Users\*****\AppData\Local\Temp\optprosetup.exe
C:\Users\*****\AppData\Local\Temp\Quarantine.exe
C:\Users\*****\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\*****\AppData\Local\Temp\setup_337.exe
C:\Users\*****\AppData\Local\Temp\SHelp2.exe
C:\Users\*****\AppData\Local\Temp\SkypeSetup.exe
C:\Users\*****\AppData\Local\Temp\SNUH8.dll
C:\Users\*****\AppData\Local\Temp\SNUH8.exe
C:\Users\*****\AppData\Local\Temp\SpOrder.dll
C:\Users\*****\AppData\Local\Temp\sqlite3.dll
C:\Users\*****\AppData\Local\Temp\verifier.exe
C:\Users\*****\AppData\Local\Temp\VOPackage.exe
C:\Users\**********\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpgega5b.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-10-06 13:49
==================== End Of Log ============================
--- --- --- irgendwas auffälliges? LG! |
|
18.10.2014, 13:42
| #8 |
| /// the machine /// TB-Ausbilder | Ads by CinPl-2.5c Virus und Folgeschäden Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
19.10.2014, 00:42
| #9 |
| | Ads by CinPl-2.5c Virus und Folgeschäden hier die log files: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 19.10.2014 Suchlauf-Zeit: 00:20:04 Logdatei: mbam.txt Administrator: Ja Version: 2.00.3.1025 Malware Datenbank: v2014.10.18.06 Rootkit Datenbank: v2014.10.17.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x86 Dateisystem: NTFS Benutzer: ***** Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 401768 Verstrichene Zeit: 39 Min, 47 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Warnen PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente erkannt) Module: 0 (Keine schädliche Elemente erkannt) Registrierungsschlüssel: 0 (Keine schädliche Elemente erkannt) Registrierungswerte: 0 (Keine schädliche Elemente erkannt) Registrierungsdaten: 0 (Keine schädliche Elemente erkannt) Ordner: 0 (Keine schädliche Elemente erkannt) Dateien: 0 (Keine schädliche Elemente erkannt) Physische Sektoren: 0 (Keine schädliche Elemente erkannt) (end) Code:
ATTFilter # AdwCleaner v4.000 - Bericht erstellt am 19/10/2014 um 01:20:25
# DB v2014-10-17.9
# Aktualisiert 12/10/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzername : ***** - *****-PC
# Gestartet von : C:\Users\*****\Desktop\adwcleaner_4.000.exe
# Option : Löschen
***** [ Dienste ] *****
Dienst Gelöscht : MyOSProtect
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\apn
Ordner Gelöscht : C:\Users\*****\AppData\Local\Temp\apn
Ordner Gelöscht : C:\Users\**********\AppData\Local\Temp\apn
Ordner Gelöscht : C:\Program Files\globalUpdate
Ordner Gelöscht : C:\Users\*****\AppData\Local\globalUpdate
Ordner Gelöscht : C:\ProgramData\IePluginServices
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InetStat
Ordner Gelöscht : C:\Users\*****\AppData\Roaming\LookThisUp
Ordner Gelöscht : C:\ProgramData\NCH Software
Ordner Gelöscht : C:\Program Files\NCH Software
Ordner Gelöscht : C:\Users\*****\AppData\Roaming\NCH Software
Ordner Gelöscht : C:\Program Files\Optimizer Pro
Ordner Gelöscht : C:\Users\*****\Documents\Optimizer Pro
Ordner Gelöscht : C:\Program Files\PCTRunner
Ordner Gelöscht : C:\Users\*****\AppData\Roaming\pdfforge
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PepperZip
Ordner Gelöscht : C:\Program Files\predm
Ordner Gelöscht : C:\Users\*****\AppData\Roaming\SendSpace
Ordner Gelöscht : C:\SmootherWeb
Ordner Gelöscht : C:\Users\*****\AppData\Roaming\SmootherWeb
Ordner Gelöscht : C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SmootherWeb
Ordner Gelöscht : C:\Program Files\SupTab
Ordner Gelöscht : C:\ProgramData\Systweak
Ordner Gelöscht : C:\Users\*****\AppData\Roaming\Systweak
Ordner Gelöscht : C:\ProgramData\WindowsMangerProtect
Ordner Gelöscht : C:\Program Files\XTRM Group
Ordner Gelöscht : C:\Users\*****\AppData\Roaming\RHEng
Ordner Gelöscht : C:\Users\*****\AppData\Local\Genesis_10091329
Ordner Gelöscht : C:\Users\*****\AppData\Local\Genesis_10091331
Ordner Gelöscht : C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma
Datei Gelöscht : C:\monitor.exe
Datei Gelöscht : C:\Windows\system32\MyOSProtect.dll
Datei Gelöscht : C:\Windows\system32\MyOSProtect.ini
Datei Gelöscht : C:\Windows\system32\roboot.exe
Datei Gelöscht : C:\Users\*****\AppData\Local\Temp\VOPackage.exe
Datei Gelöscht : C:\Users\**********\AppData\Roaming\Mozilla\Firefox\Profiles\x00jsrfp.default\searchplugins\ask-search.xml
Datei Gelöscht : C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx
***** [ Tasks ] *****
Task Gelöscht : LaunchSignup
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [smoother]
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\InstTracker_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\InstTracker_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\pdfforgeToolbar-stub-1_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\pdfforgeToolbar-stub-1_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SearchSettings_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SearchSettings_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\smartbar_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\smartbar_rasmancs
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_frozen-bubble_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_frozen-bubble_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_super_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_super_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Schlüssel Gelöscht : HKCU\Software\genesis
Schlüssel Gelöscht : HKCU\Software\GlobalUpdate
Schlüssel Gelöscht : HKCU\Software\InetStat
Schlüssel Gelöscht : HKCU\Software\MyBestOffersToday
Schlüssel Gelöscht : HKCU\Software\Optimizer Pro
Schlüssel Gelöscht : HKCU\Software\systweak
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gelöscht : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Schlüssel Gelöscht : HKLM\SOFTWARE\GlobalUpdate
Schlüssel Gelöscht : HKLM\SOFTWARE\systweak
Schlüssel Gelöscht : HKLM\SOFTWARE\Tutorials
Schlüssel Gelöscht : HKLM\SOFTWARE\XTRM Group Ltd.
Schlüssel Gelöscht : HKLM\SOFTWARE\PCDRunner
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SmootherWeb
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\30C16B15B255BD349A1157B8A83E2AF9
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F754C503375A13344B22388E18DFE87E
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2BC4C58B253B8DB418C8CB3E35951970
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\54A306F2659DB694185B057D28249467
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Features\2BC4C58B253B8DB418C8CB3E35951970
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Features\54A306F2659DB694185B057D28249467
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17344
-\\ Mozilla Firefox v32.0.3 (x86 de)
-\\ Google Chrome v37.0.2062.124
*************************
AdwCleaner[R0].txt - [19823 octets] - [14/10/2014 23:15:56]
AdwCleaner[R1].txt - [318 octets] - [14/10/2014 23:30:13]
AdwCleaner[R2].txt - [19943 octets] - [14/10/2014 23:38:45]
AdwCleaner[R3].txt - [20004 octets] - [15/10/2014 00:00:22]
AdwCleaner[R4].txt - [20065 octets] - [15/10/2014 00:09:10]
AdwCleaner[R5].txt - [20126 octets] - [15/10/2014 00:21:49]
AdwCleaner[R6].txt - [15039 octets] - [15/10/2014 14:58:40]
AdwCleaner[R7].txt - [15100 octets] - [15/10/2014 15:17:32]
AdwCleaner[R8].txt - [15161 octets] - [15/10/2014 15:38:29]
AdwCleaner[R9].txt - [10093 octets] - [19/10/2014 01:18:11]
AdwCleaner[S0].txt - [12339 octets] - [15/10/2014 16:25:38]
AdwCleaner[S1].txt - [9699 octets] - [19/10/2014 01:20:25]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [9759 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.3 (10.14.2014:1)
OS: Windows 7 Home Premium x86
Ran by ***** on 19.10.2014 at 1:29:05,03
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ FireFox
Emptied folder: C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\q8g87hy9.default-1413320695280\minidumps [10 files]
~~~ Chrome
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Google [Blacklisted Policy]
Successfully deleted: [Folder] C:\Users\*****\appdata\local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 19.10.2014 at 1:30:57,49
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 18-10-2014 01
Ran by ***** (administrator) on *****-PC on 19-10-2014 01:32:42
Running from C:\Users\*****\Desktop
Loaded Profile: ***** (Available profiles: ***** & ********** & DefaultAppPool)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(MAGIX AG) C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
(Wistron) C:\Program Files\Launch Manager\HotkeyApp.exe
(Wistron Corp.) C:\Program Files\Launch Manager\OSD.exe
(Wistron Corp.) C:\Program Files\Launch Manager\WButton.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
() C:\Program Files\CyberLink\Shared files\RichVideo.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(X10) C:\Program Files\Common Files\X10\Common\X10nets.exe
(CyberLink) C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Dropbox, Inc.) C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Wistron Corp.) C:\Program Files\Launch Manager\WisLMSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [HotkeyApp] => C:\Program Files\Launch Manager\HotkeyApp.exe [200704 2009-12-14] (Wistron)
HKLM\...\Run: [LMgrVolOSD] => C:\Program Files\Launch Manager\OSD.exe [348960 2009-12-11] (Wistron Corp.)
HKLM\...\Run: [LMgrOSD] => "C:\Program Files\Launch Manager\OSDCtrl.exe"
HKLM\...\Run: [Wbutton] => C:\Program Files\Launch Manager\Wbutton.exe [413696 2010-01-13] (Wistron Corp.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1594664 2009-12-11] (Synaptics Incorporated)
HKLM\...\Run: [CLMLServer] => C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-11-02] (CyberLink)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [8522272 2010-03-02] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe [678432 2010-03-02] (Realtek Semiconductor)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-09-27] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [421736 2011-10-09] (Apple Inc.)
HKLM\...\Run: [DivXUpdate] => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1259376 2011-07-29] ()
HKLM\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [685048 2012-08-03] (Cisco Systems, Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [974432 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
HKU\S-1-5-21-3931753103-4279822412-3289483211-1000\...\Run: [Facebook Update] => C:\Users\*****\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-11] (Facebook Inc.)
HKU\S-1-5-21-3931753103-4279822412-3289483211-1000\...\Run: [Google Update] => C:\Users\*****\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-18] (Google Inc.)
HKU\S-1-5-21-3931753103-4279822412-3289483211-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [22038120 2014-08-27] (Skype Technologies S.A.)
HKU\S-1-5-21-3931753103-4279822412-3289483211-1000\...\MountPoints2: {63698762-8fde-11df-9421-00262df5ba12} - F:\LaunchU3.exe -a
Startup: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\**********\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\**********\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
ShortcutTarget: OpenOffice.org 3.2.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
BHO: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
DPF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.140.1
FireFox:
========
FF ProfilePath: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\q8g87hy9.default-1413320695280
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\npPDFXCviewNPPlugin.dll No File
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.3 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=12.0.1.647 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=12.0.1.647 -> C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=12.0.1.647 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=12.0.1.647 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=12.0.1.647 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: PDF Architect 2 -> C:\Program Files\PDF Architect 2\np-previewer.dll (pdfforge GmbH)
FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\npPDFXCviewNPPlugin.dll No File
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\*****\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\*****\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\*****\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\*****\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\*****\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\*****\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\omiga-plus.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Smoother Web - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\q8g87hy9.default-1413320695280\Extensions\jid1-U7omKQ6kQfxMaQ@jetpack.xpi [2014-10-14]
FF Extension: Adblock Plus - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\q8g87hy9.default-1413320695280\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-10-17]
FF Extension: Skype extension - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-05-09]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011-05-19]
FF HKLM\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2014-06-06]
Chrome:
=======
CHR HomePage: Default -> hxxp://isearch.omiga-plus.com/?type=hp&ts=1412861457&from=tugs&uid=WDCXWD5000BEVT-00A0RT0_WD-WX31A207948079480
CHR StartupUrls: Default -> "hxxp://isearch.omiga-plus.com/?type=hp&ts=1412861457&from=tugs&uid=WDCXWD5000BEVT-00A0RT0_WD-WX31A207948079480"
CHR Profile: C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-05]
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2014-01-31]
CHR Extension: (Google Wallet) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-22]
CHR Extension: (Citavi Picker) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohgndokldibnndfnjnagojmheejlengn [2014-07-16]
CHR HKLM\...\Chrome\Extension: [fnjbmmemklcjgepojigaapkoodmkgbae] - C:\Program Files\DivX\DivX Plus Web Player\google_chrome\wpa\wpa.crx []
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2011-05-19]
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\google_chrome\html5video\html5video.crx [2011-05-19]
CHR HKLM\...\Chrome\Extension: [ohgndokldibnndfnjnagojmheejlengn] - C:\Program Files\Citavi 4\Pickers\Chrome\ChromePicker.crx [2014-02-07]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2011-11-29] (Adobe Systems) [File not signed]
R2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1155072 2009-02-03] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [3276800 2008-08-07] (MAGIX®) [File not signed]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe [227232 2010-01-15] (McAfee, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation)
S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [36352 2009-12-12] () [File not signed]
S3 PDF Architect 2; C:\Program Files\PDF Architect 2\ws.exe [1716264 2014-04-30] (pdfforge GmbH)
S3 pdfforge CrashHandler; C:\Program Files\PDF Architect 2\crash-handler-ws.exe [861736 2014-04-30] (pdfforge GmbH)
R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [244904 2010-02-10] () [File not signed]
R2 vpnagent; C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [537592 2012-08-03] (Cisco Systems, Inc.)
R3 WisLMSvc; C:\Program Files\Launch Manager\WisLMSvc.exe [118560 2009-10-22] (Wistron Corp.)
R2 x10nets; C:\Program Files\Common Files\X10\Common\X10nets.exe [20480 2009-11-07] (X10) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 acsock; C:\Windows\System32\DRIVERS\acsock.sys [87976 2012-08-03] (Cisco Systems, Inc.)
S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
S4 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.)
S3 LVUSBSta; C:\Windows\System32\drivers\LVUSBSta.sys [41752 2008-07-26] (Logitech Inc.)
S3 mod7700; C:\Windows\System32\DRIVERS\mod7700.sys [786400 2009-08-13] (DiBcom SA)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation)
S3 pepifilter; C:\Windows\System32\DRIVERS\lv302af.sys [13848 2008-07-26] (Logitech Inc.)
R3 pfc; C:\Windows\System32\drivers\pfc.sys [10368 2005-11-02] (Padus, Inc.) [File not signed]
S3 PID_PEPI; C:\Windows\System32\DRIVERS\LV302V32.SYS [2570520 2008-07-26] (Logitech Inc.)
R3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [25984 2009-12-12] (The OpenVPN Project)
S1 vflt; C:\Windows\System32\DRIVERS\vfilter.sys [17920 2010-09-02] (Shrew Soft Inc) [File not signed]
S3 vnet; C:\Windows\System32\DRIVERS\virtualnet.sys [13824 2010-09-02] (Shrew Soft Inc) [File not signed]
R3 X10Hid; C:\Windows\System32\Drivers\x10hid.sys [13720 2009-05-13] (X10 Wireless Technology, Inc.)
R3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [27160 2009-05-13] (X10 Wireless Technology, Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-19 01:30 - 2014-10-19 01:30 - 00001027 _____ () C:\Users\*****\Desktop\JRT.txt
2014-10-19 01:27 - 2014-10-19 01:28 - 01705698 _____ (Thisisu) C:\Users\*****\Desktop\JRT.exe
2014-10-19 01:03 - 2014-10-19 01:03 - 00001199 _____ () C:\Users\*****\Desktop\mbam.txt
2014-10-19 00:15 - 2014-10-19 00:15 - 00001068 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-10-19 00:10 - 2014-10-19 00:11 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\*****\Downloads\mbam-setup-2.0.3.1025.exe
2014-10-17 20:42 - 2014-10-17 20:43 - 00046103 _____ () C:\Users\*****\Desktop\Addition.txt
2014-10-17 20:39 - 2014-10-19 01:32 - 00022046 _____ () C:\Users\*****\Desktop\FRST.txt
2014-10-17 20:39 - 2014-10-19 01:32 - 00000000 ____D () C:\Users\*****\Desktop\FRST-OlderVersion
2014-10-17 13:03 - 2014-10-17 13:04 - 01054912 _____ (Adobe) C:\Users\*****\Downloads\install_flashplayer15x32au_mssa_aaa_aih.exe
2014-10-16 23:33 - 2014-10-10 03:44 - 00396288 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-16 23:33 - 2014-10-10 03:44 - 00230912 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-16 23:33 - 2014-10-10 03:39 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-16 23:33 - 2014-09-29 02:41 - 02379264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-16 23:33 - 2014-09-26 00:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-16 23:33 - 2014-09-19 03:14 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-16 23:33 - 2014-09-19 03:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-16 23:33 - 2014-09-19 03:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-16 23:33 - 2014-09-19 02:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-16 23:33 - 2014-09-19 02:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-16 23:33 - 2014-09-19 02:50 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-16 23:33 - 2014-09-19 02:44 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-16 23:33 - 2014-09-19 02:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-16 23:33 - 2014-09-04 07:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-16 23:32 - 2014-10-07 04:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-16 23:32 - 2014-09-26 00:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-16 23:32 - 2014-09-26 00:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-16 23:32 - 2014-09-26 00:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-16 23:32 - 2014-09-26 00:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-16 23:32 - 2014-09-19 03:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-16 23:32 - 2014-09-19 03:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-16 23:32 - 2014-09-19 03:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-16 23:32 - 2014-09-19 03:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-16 23:32 - 2014-09-19 02:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-16 23:32 - 2014-09-19 02:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-16 23:32 - 2014-09-19 02:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-16 23:32 - 2014-09-19 02:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-16 23:32 - 2014-09-19 02:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-16 23:32 - 2014-09-19 02:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-16 23:32 - 2014-09-19 02:20 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-16 23:32 - 2014-09-19 02:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-16 23:32 - 2014-09-19 02:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-16 23:32 - 2014-09-19 01:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-16 23:32 - 2014-09-19 01:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-16 23:32 - 2014-09-19 01:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-16 23:32 - 2014-08-29 03:44 - 04922368 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-16 23:32 - 2014-08-29 03:44 - 02744320 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-10-16 23:32 - 2014-08-29 03:44 - 01050112 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-16 23:32 - 2014-08-29 03:44 - 00269312 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2014-10-16 23:32 - 2014-08-29 03:44 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-10-16 23:32 - 2014-07-17 03:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-16 23:32 - 2014-07-17 03:39 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-16 23:32 - 2014-07-17 03:39 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-16 23:32 - 2014-07-17 03:39 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-16 23:32 - 2014-07-17 03:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-16 23:32 - 2014-07-17 03:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-16 23:32 - 2014-07-17 03:03 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-16 23:32 - 2014-07-17 03:02 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-16 23:32 - 2014-06-19 00:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-16 23:32 - 2014-06-19 00:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-16 23:32 - 2014-06-19 00:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-16 23:31 - 2014-09-18 03:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-16 23:31 - 2014-09-13 03:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-16 21:30 - 2014-10-16 21:30 - 00026638 _____ () C:\Users\*****\.recently-used.xbel
2014-10-16 19:49 - 2014-10-16 19:49 - 00000000 ___SD () C:\ComboFix
2014-10-16 19:43 - 2014-10-16 19:49 - 00000000 ____D () C:\Qoobox
2014-10-16 19:42 - 2014-10-16 19:42 - 00000000 ____D () C:\Windows\erdnt
2014-10-16 19:35 - 2014-10-16 19:35 - 05583559 ____R (Swearware) C:\Users\*****\Desktop\ComboFix.exe
2014-10-15 20:07 - 2014-10-18 23:39 - 00000000 ____D () C:\Users\*****\Desktop\aktuelle Dokumente
2014-10-15 20:04 - 2014-10-19 01:32 - 01103360 _____ (Farbar) C:\Users\*****\Desktop\FRST.exe
2014-10-15 20:04 - 2014-10-19 01:32 - 00000000 ____D () C:\FRST
2014-10-15 16:03 - 2014-10-19 01:11 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-14 23:15 - 2014-10-19 01:20 - 00000000 ____D () C:\AdwCleaner
2014-10-14 23:13 - 2014-10-14 23:14 - 01976320 _____ () C:\Users\*****\Desktop\adwcleaner_4.000.exe
2014-10-14 00:29 - 2014-10-14 00:29 - 00131072 _____ () C:\Windows\Minidump\101414-33945-01.dmp
2014-10-14 00:25 - 2014-10-19 01:22 - 00001330 _____ () C:\Windows\Tasks\BIXK.job
2014-10-14 00:23 - 2014-10-19 01:22 - 00001330 _____ () C:\Windows\Tasks\VPOY.job
2014-10-13 02:06 - 2014-10-13 02:07 - 00000000 ____D () C:\Users\*****\Desktop\Wasen 11 10 14
2014-10-13 01:49 - 2014-10-15 23:10 - 00000000 ____D () C:\Users\*****\Desktop\NIS
2014-10-13 01:49 - 2014-10-13 03:00 - 00000000 ____D () C:\Users\*****\Desktop\GM
2014-10-12 01:48 - 2014-07-23 11:15 - 00967685 _____ () C:\Users\*****\Downloads\adblock_plus-2.6.4-fx+an+sm+tb.xpi
2014-10-12 01:47 - 2014-10-12 01:48 - 00919582 _____ () C:\Users\*****\Downloads\adblock_plus-2.6.4-fx_an_sm_tb.xpi.zip
2014-10-09 19:43 - 2014-10-09 20:20 - 00001126 _____ () C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-10-09 16:11 - 2014-10-09 20:20 - 00002062 _____ () C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-10-09 15:34 - 2014-10-09 15:34 - 00000000 ____D () C:\Users\*****\AppData\Roaming\TuneUp Software
2014-10-09 15:34 - 2014-10-09 15:34 - 00000000 ____D () C:\Users\*****\AppData\Local\TuneUp Software
2014-10-09 15:33 - 2014-10-14 00:32 - 00000000 ___HD () C:\Users\Public\Temp
2014-10-09 15:32 - 2014-10-09 15:38 - 00000000 ____D () C:\ProgramData\TuneUp Software
2014-10-09 15:32 - 2014-10-09 15:32 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2014-10-09 15:19 - 2014-10-09 15:20 - 29840688 _____ (DVDVideoSoft Ltd. ) C:\Users\*****\Downloads\FreeYouTubeDownload.exe
2014-10-01 21:58 - 2014-10-01 21:58 - 00000048 _____ () C:\Users\*****\.gtk-bookmarks
2014-10-01 12:33 - 2014-09-25 03:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-09-25 23:49 - 2014-09-25 23:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-09-25 23:49 - 2014-09-25 23:49 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-09-25 17:50 - 2014-09-25 17:50 - 00000000 ____D () C:\Users\**********\AppData\Local\Skype
2014-09-25 16:14 - 2014-09-26 16:29 - 00000000 ____D () C:\Users\**********\Desktop\Qualität Medienempfehlung
2014-09-24 17:27 - 2014-09-09 23:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-24 12:22 - 2014-09-24 12:22 - 00000000 ____D () C:\Users\**********\Documents\IBM
2014-09-23 14:05 - 2014-09-26 11:03 - 00000000 ____D () C:\Users\**********\Documents\Citavi 4
2014-09-23 14:05 - 2014-09-23 14:05 - 00000000 ____D () C:\Users\**********\AppData\Roaming\Swiss Academic Software
2014-09-23 13:11 - 2014-09-23 13:12 - 00323672 _____ (Dropbox, Inc.) C:\Users\**********\Downloads\DropboxInstaller.exe
2014-09-23 13:05 - 2014-09-23 13:05 - 00000000 ____D () C:\Users\**********\Downloads\Amos22
2014-09-23 13:01 - 2014-09-23 13:04 - 65286173 _____ (ALTAP) C:\Users\**********\Downloads\Amos_22_Win.exe
2014-09-23 12:59 - 2014-09-23 13:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IBM SPSS Statistics
2014-09-23 12:59 - 2014-09-23 12:59 - 00000000 ____D () C:\ProgramData\SPSS
2014-09-23 12:47 - 2014-09-23 12:48 - 00000000 ____D () C:\Users\**********\Downloads\SPSS22_win32
2014-09-23 12:16 - 2014-09-23 12:44 - 728491088 _____ (ALTAP) C:\Users\**********\Downloads\SPSS22_win32.exe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-19 01:31 - 2009-07-14 06:34 - 00018928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-19 01:31 - 2009-07-14 06:34 - 00018928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-19 01:29 - 2013-04-05 17:49 - 00000000 ____D () C:\Windows\ERUNT
2014-10-19 01:29 - 2010-05-01 15:08 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Skype
2014-10-19 01:25 - 2011-02-02 17:50 - 00000000 ___RD () C:\Users\*****\Dropbox
2014-10-19 01:24 - 2011-02-02 17:49 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Dropbox
2014-10-19 01:22 - 2010-08-13 13:08 - 00001090 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-19 01:22 - 2010-03-02 08:06 - 00197772 _____ () C:\Windows\PFRO.log
2014-10-19 01:22 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-19 01:22 - 2009-07-14 06:39 - 00212727 _____ () C:\Windows\setupact.log
2014-10-19 01:21 - 2010-08-13 13:08 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-19 01:21 - 2010-04-29 22:16 - 01908384 _____ () C:\Windows\WindowsUpdate.log
2014-10-19 01:16 - 2011-12-21 16:55 - 00001116 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3931753103-4279822412-3289483211-1000UA.job
2014-10-19 01:06 - 2014-07-10 03:37 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware
2014-10-19 00:52 - 2012-06-09 13:25 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-19 00:15 - 2014-07-10 03:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-10-18 23:33 - 2011-10-27 02:23 - 00001134 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3931753103-4279822412-3289483211-1000UA.job
2014-10-18 23:33 - 2011-10-27 02:23 - 00001112 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3931753103-4279822412-3289483211-1000Core.job
2014-10-18 23:16 - 2011-12-21 16:55 - 00001064 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3931753103-4279822412-3289483211-1000Core.job
2014-10-17 15:53 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-10-17 15:42 - 2010-07-12 02:35 - 00000000 ____D () C:\Users\*****\Rezepte
2014-10-17 12:56 - 2009-07-14 06:33 - 00481128 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-17 12:56 - 2009-07-14 04:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-10-17 12:53 - 2014-05-06 21:41 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-17 12:53 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-10-17 01:55 - 2010-03-02 07:45 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-17 01:50 - 2013-08-30 11:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-17 01:39 - 2010-03-02 08:25 - 100290944 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-17 01:33 - 2011-04-12 00:11 - 00000000 ____D () C:\Users\*****\.gimp-2.6
2014-10-16 21:30 - 2011-04-12 00:19 - 00000000 ____D () C:\Users\*****\AppData\Roaming\gtk-2.0
2014-10-16 21:30 - 2010-04-29 22:16 - 00000000 ____D () C:\Users\*****
2014-10-16 13:40 - 2010-03-02 07:02 - 01748740 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-15 17:18 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Registration
2014-10-14 19:01 - 2011-11-01 22:25 - 00000000 ____D () C:\Users\*****\AppData\Roaming\DVDVideoSoft
2014-10-14 00:29 - 2010-11-08 13:57 - 00000000 ____D () C:\Windows\Minidump
2014-10-14 00:28 - 2010-11-08 13:57 - 592307826 _____ () C:\Windows\MEMORY.DMP
2014-10-10 01:32 - 2014-05-09 22:15 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-10-09 20:20 - 2013-04-05 04:08 - 00002125 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-09 20:20 - 2010-04-29 22:17 - 00001417 _____ () C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-10-09 20:19 - 2012-12-24 22:32 - 00001125 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-10-09 15:33 - 2009-07-14 04:37 - 00000000 ___RD () C:\Users\Public
2014-10-08 01:35 - 2014-03-02 22:33 - 00000000 ____D () C:\Users\*****\Desktop\Privatsphäre
2014-10-07 17:28 - 2014-06-06 15:07 - 00000000 ____D () C:\Users\*****\Documents\Citavi 4
2014-10-06 21:54 - 2014-07-07 00:36 - 00000000 ____D () C:\Users\*****\Desktop\Poliskop
2014-10-06 17:39 - 2014-08-21 16:14 - 00000000 ____D () C:\Users\*****\Desktop\Bewerbungsfoto
2014-10-01 20:09 - 2011-01-05 02:17 - 00034816 _____ () C:\Users\*****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-10-01 11:11 - 2014-07-10 03:37 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-01 11:11 - 2014-07-10 03:37 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-01 11:11 - 2013-04-05 13:52 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-30 22:04 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-09-26 16:29 - 2013-01-13 22:06 - 00000000 ___RD () C:\Users\**********\Dropbox
2014-09-26 16:28 - 2013-02-24 12:54 - 00000000 ____D () C:\Users\**********\AppData\Roaming\NetSpeedMonitor
2014-09-26 16:28 - 2012-09-05 11:01 - 00000000 ____D () C:\Users\**********
2014-09-26 10:51 - 2013-01-13 22:03 - 00000000 ____D () C:\Users\**********\AppData\Roaming\Dropbox
2014-09-26 10:49 - 2012-04-26 13:23 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-09-25 23:49 - 2010-05-01 15:06 - 00000000 ___RD () C:\Program Files\Skype
2014-09-25 23:49 - 2010-05-01 15:06 - 00000000 ____D () C:\ProgramData\Skype
2014-09-25 23:31 - 2012-09-07 14:52 - 00000000 ____D () C:\Users\**********\AppData\Roaming\Skype
2014-09-24 22:25 - 2013-02-24 13:25 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-24 12:22 - 2013-02-12 10:31 - 00000000 ____D () C:\Users\**********\Desktop\Erasmus
2014-09-24 12:15 - 2012-09-07 14:27 - 00000000 ____D () C:\Users\**********\AppData\Local\javasharedresources
2014-09-23 14:07 - 2010-04-30 00:41 - 00141248 _____ () C:\Users\*****\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-23 13:14 - 2013-01-13 22:06 - 00001029 _____ () C:\Users\**********\Desktop\Dropbox.lnk
2014-09-23 13:14 - 2013-01-13 22:05 - 00000000 ____D () C:\Users\**********\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-09-23 13:09 - 2012-09-07 14:45 - 00141248 _____ () C:\Users\**********\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-23 13:05 - 2013-01-12 02:12 - 00000014 _____ () C:\Windows\system32\ssprs.tgz
2014-09-23 13:05 - 2012-09-07 14:20 - 00000219 _____ () C:\Windows\system32\lsprst7.tgz
2014-09-23 13:05 - 2012-09-07 14:20 - 00000205 _____ () C:\Windows\system32\lsprst7.dll
2014-09-23 13:05 - 2012-09-07 14:20 - 00000016 ____H () C:\Windows\system32\servdat.slm
2014-09-23 12:11 - 2012-09-05 11:04 - 00000000 ____D () C:\Users\**********\AppData\Local\Mozilla
2014-09-22 08:41 - 2010-03-02 08:22 - 00231568 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-19 14:36 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-09-19 12:48 - 2011-02-02 17:49 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
Some content of TEMP:
====================
C:\Users\*****\AppData\Local\Temp\APNSetup.exe
C:\Users\*****\AppData\Local\Temp\BackupSetup.exe
C:\Users\*****\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmppw7kjl.dll
C:\Users\*****\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\*****\AppData\Local\Temp\edsetup.exe
C:\Users\*****\AppData\Local\Temp\ffsetup.exe
C:\Users\*****\AppData\Local\Temp\HAlG4.exe
C:\Users\*****\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\*****\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\*****\AppData\Local\Temp\lshufytx.dll
C:\Users\*****\AppData\Local\Temp\optprosetup.exe
C:\Users\*****\AppData\Local\Temp\Quarantine.exe
C:\Users\*****\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\*****\AppData\Local\Temp\setup_337.exe
C:\Users\*****\AppData\Local\Temp\SkypeSetup.exe
C:\Users\*****\AppData\Local\Temp\SNUH8.dll
C:\Users\*****\AppData\Local\Temp\SNUH8.exe
C:\Users\*****\AppData\Local\Temp\SpOrder.dll
C:\Users\*****\AppData\Local\Temp\sqlite3.dll
C:\Users\**********\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpgega5b.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-10-06 13:49
==================== End Of Log ============================
--- --- --- |
|
19.10.2014, 14:18
| #10 |
| /// the machine /// TB-Ausbilder | Ads by CinPl-2.5c Virus und FolgeschädenESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
20.10.2014, 17:11
| #11 |
| | Ads by CinPl-2.5c Virus und Folgeschäden Hier die Logs: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=619c60c04e11d344adf78aebe78a7226
# engine=20676
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-10-20 08:55:33
# local_time=2014-10-20 10:55:33 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 2476198 85085355 0 0
# scanned=269097
# found=78
# cleaned=0
# scan_time=26430
sh=8871BA7436B0D8B92BE4824C9B0DF4AF1EE01979 ft=1 fh=783c8a9d5bb7b11d vn="Win32/AdWare.Loadshop.A Anwendung" ac=I fn="C:\monitor.exe"
sh=D911EB5507070609F9FC2392B495B9B20A3BB30F ft=1 fh=4c0bdf77751f2704 vn="Win32/AdWare.Loadshop.C Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\PCTRunner\MyOSProtect.dll.vir"
sh=F91AADF2E65A4AE53F5002BB4A8E933ACAEF7B31 ft=1 fh=e17135eee6cb0126 vn="Win32/AdWare.Loadshop.D Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\PCTRunner\MyOSProtect.exe.vir"
sh=85BA05E45279215B6BFD53A3E5C3830692D64845 ft=1 fh=a53a27a527ff292c vn="Win64/Adware.Loadshop.C Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\PCTRunner\MyOSProtect64.dll.vir"
sh=C2E1C31E2E1FFCA5AA4EB341F50353EBC39F728D ft=1 fh=dbb833ddf89b2378 vn="Win64/Adware.Loadshop.D Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\PCTRunner\pcwtc64f.sys.vir"
sh=1862E7F50BF013ACB2CE17E71E3D76E81A93CB00 ft=1 fh=98786c141e62063a vn="Win64/Adware.Loadshop.E Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\PCTRunner\pcwtc64r.sys.vir"
sh=A8A25383F8F16E2337D1664E0055BD2B9DDA687D ft=1 fh=295c78733579e7ab vn="Win32/AdWare.Loadshop.G Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\PCTRunner\postcollect.exe.vir"
sh=EAFFBE73877C256957F085F048A5F26015B4F44D ft=1 fh=486104c11900e37c vn="Win32/AdWare.Loadshop.G Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\PCTRunner\precollect.exe.vir"
sh=A9E2E3401E2A6FD5B09535EE83FE2D70AC48C2A9 ft=1 fh=77c22f362384d262 vn="Win32/AdWare.Loadshop.F Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\PCTRunner\WDCertInstaller.dll.vir"
sh=744A0640927DA7065DC79212074BF7D69FDD316F ft=1 fh=0394227f5f901456 vn="Win32/SmootherWeb.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\SmootherWeb\Uninstall.exe.vir"
sh=E24E2E8D2D7B75265D1A6E873BA240A00C1A7B72 ft=1 fh=1e21efa8cefc11c3 vn="Win32/VOPackage.AD evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\*****\AppData\Local\Temp\VOPackage.exe.vir"
sh=98FA0364C8353B1590ACF135C7B8D1681094344F ft=0 fh=0000000000000000 vn="Win32/SmootherWeb.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\*****\AppData\Roaming\SmootherWeb\jid1-U7omKQ6kQfxMaQ@jetpack.xpi.vir"
sh=0C53AD8C5815EC193F269B7F4225526331F55560 ft=1 fh=428351b47f1227d5 vn="Win32/SmootherWeb.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\*****\AppData\Roaming\SmootherWeb\SmootherWeb-Installer.exe.vir"
sh=D911EB5507070609F9FC2392B495B9B20A3BB30F ft=1 fh=4c0bdf77751f2704 vn="Win32/AdWare.Loadshop.C Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\system32\MyOSProtect.dll.vir"
sh=E1A2C9DA921D9DA917ADE37B872D97E732A138BD ft=1 fh=a4119be6dfe53dd8 vn="Variante von Win32/Systweak.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\system32\roboot.exe.vir"
sh=B5FBF75FDC92BAC48A2C11DDAF42F6E892486BC7 ft=1 fh=e766e8bc28ee8a0a vn="Variante von Win32/Complitly.A evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\Free WAV to MP3 Converter\AcPro.exe"
sh=D911EB5507070609F9FC2392B495B9B20A3BB30F ft=1 fh=4c0bdf77751f2704 vn="Win32/AdWare.Loadshop.C Anwendung" ac=I fn="C:\Program Files\PCTRunner\MyOSProtect.dll"
sh=F91AADF2E65A4AE53F5002BB4A8E933ACAEF7B31 ft=1 fh=e17135eee6cb0126 vn="Win32/AdWare.Loadshop.D Anwendung" ac=I fn="C:\Program Files\PCTRunner\MyOSProtect.exe"
sh=85BA05E45279215B6BFD53A3E5C3830692D64845 ft=1 fh=a53a27a527ff292c vn="Win64/Adware.Loadshop.C Anwendung" ac=I fn="C:\Program Files\PCTRunner\MyOSProtect64.dll"
sh=C2E1C31E2E1FFCA5AA4EB341F50353EBC39F728D ft=1 fh=dbb833ddf89b2378 vn="Win64/Adware.Loadshop.D Anwendung" ac=I fn="C:\Program Files\PCTRunner\pcwtc64f.sys"
sh=1862E7F50BF013ACB2CE17E71E3D76E81A93CB00 ft=1 fh=98786c141e62063a vn="Win64/Adware.Loadshop.E Anwendung" ac=I fn="C:\Program Files\PCTRunner\pcwtc64r.sys"
sh=A8A25383F8F16E2337D1664E0055BD2B9DDA687D ft=1 fh=295c78733579e7ab vn="Win32/AdWare.Loadshop.G Anwendung" ac=I fn="C:\Program Files\PCTRunner\postcollect.exe"
sh=EAFFBE73877C256957F085F048A5F26015B4F44D ft=1 fh=486104c11900e37c vn="Win32/AdWare.Loadshop.G Anwendung" ac=I fn="C:\Program Files\PCTRunner\precollect.exe"
sh=A9E2E3401E2A6FD5B09535EE83FE2D70AC48C2A9 ft=1 fh=77c22f362384d262 vn="Win32/AdWare.Loadshop.F Anwendung" ac=I fn="C:\Program Files\PCTRunner\WDCertInstaller.dll"
sh=744A0640927DA7065DC79212074BF7D69FDD316F ft=1 fh=0394227f5f901456 vn="Win32/SmootherWeb.A evtl. unerwünschte Anwendung" ac=I fn="C:\SmootherWeb\Uninstall.exe"
sh=7028F239FAC673EE7DC7772ACC75D759EA73837D ft=1 fh=e769f095fe49f653 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\*****\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0IDZ8LEW\spstub[1].exe"
sh=98FA0364C8353B1590ACF135C7B8D1681094344F ft=0 fh=0000000000000000 vn="Win32/SmootherWeb.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\*****\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LJFF5YK0\smootherweb[1].xpi"
sh=7ABA4DC9BC22D9605675C22CEC12A0DB7EAF0937 ft=1 fh=e11cb87d8b8a9b76 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\*****\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LJFF5YK0\SPSetup[1].exe"
sh=A01CAE4A9C48BEB8A490C3E88CB03F9B95C31671 ft=1 fh=5c1219a5576ddaa1 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\*****\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T00QS19M\sp-downloader[1].exe"
sh=CB0DFC60CA2846392F24111D89173AD3FB0F724E ft=1 fh=5d86f7f5f1f0a105 vn="Variante von Win32/SoftPulse.O evtl. unerwünschte Anwendung" ac=I fn="C:\Users\*****\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T7QSKNN5\Setup[1].exe"
sh=C1D78D4FCA3A060B7E7435C88DE2C72B326FE7E6 ft=1 fh=5b39ac7221466c9f vn="Mehrere Bedrohungen" ac=I fn="C:\Users\*****\AppData\Local\Temp\optprosetup.exe"
sh=E24E2E8D2D7B75265D1A6E873BA240A00C1A7B72 ft=1 fh=1e21efa8cefc11c3 vn="Win32/VOPackage.AD evtl. unerwünschte Anwendung" ac=I fn="C:\Users\*****\AppData\Local\Temp\VOPackage.exe"
sh=AF023CD20C85601E6874CB788BCAA49AE325A40D ft=1 fh=da3b4c00ec0bc47d vn="Win32/MyPCBackup.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\*****\AppData\Local\Temp\F069tmp\cloud_backup_setup.exe"
sh=9A485800A5B8864DB8B09D1C35F9DCF2C6D24FC9 ft=1 fh=09535bb5f69dbeba vn="JS/Superfish.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\*****\AppData\Local\Temp\F07Atmp\fastplayersetup.exe"
sh=069ECC833453649D1C7B81067E1C288A578E6BFC ft=1 fh=12b6a5d73ae90594 vn="Win32/VOPackage.AD evtl. unerwünschte Anwendung" ac=I fn="C:\Users\*****\AppData\Local\Temp\F08Etmp\vopackage.exe"
sh=631A0F2103D517CDFF0B2D772DB5FEA53E6905DF ft=1 fh=032081990ac95dc8 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\*****\AppData\Local\Temp\F0B4tmp\optimizerpro.exe"
sh=AA8492454530E9BF61A3834EF3029F1151B91B82 ft=1 fh=8dd75b87cd9c48d8 vn="Win32/AdWare.EoRezo.AW Anwendung" ac=I fn="C:\Users\*****\AppData\Local\Temp\is-S9IN3.tmp\package_regclean_installer_multilang.exe"
sh=553600FA919C7F9CB71BAB9BC1D0AE0FED226FB9 ft=1 fh=c6e411e9835252f3 vn="Win32/AdWare.EoRezo.AW Anwendung" ac=I fn="C:\Users\*****\AppData\Local\Temp\is-S9IN3.tmp\package_secprotwhite_installer_multilang.exe"
sh=EEAB20A42E6281018DFCE00FCAC54884763D167C ft=1 fh=c71c00116462c559 vn="Variante von Win32/Packed.VMDetector.I evtl. unerwünschte Anwendung" ac=I fn="C:\Users\*****\AppData\Local\Temp\nscD1D6.tmp\InstallerUtils.dll"
sh=78A87348B96F3ADAEFEBEB752CE50A554054FE93 ft=1 fh=9378fb2ca06e75dd vn="Variante von Win32/Packed.VMDetector.I evtl. unerwünschte Anwendung" ac=I fn="C:\Users\*****\AppData\Local\Temp\nscD1D6.tmp\InstallerUtils2.dll"
sh=40E916F85DCC8C2B3838D4E4A59815D872F16ED5 ft=1 fh=60fa4cf3b41ab757 vn="Win32/Packed.VMDetector.I evtl. unerwünschte Anwendung" ac=I fn="C:\Users\*****\AppData\Local\Temp\nst3468.tmp\Kwyzxitbisf.exe"
sh=24CE25CE530C855E219C872D8E0C89CCD7E6B022 ft=1 fh=c71c0011017ad7cc vn="Variante von Win32/Packed.VMDetector.I evtl. unerwünschte Anwendung" ac=I fn="C:\Users\*****\AppData\Local\Temp\nsuFD72.tmp\InstallerUtils.dll"
sh=53920515E7302E24628E34BBF6B2C1DC19F46573 ft=1 fh=dba81782e929da93 vn="Variante von Win32/Packed.VMDetector.I evtl. unerwünschte Anwendung" ac=I fn="C:\Users\*****\AppData\Local\Temp\nsuFD72.tmp\InstallerUtils2.dll"
sh=0341443CE26533AF99733A197169AFFFDA666677 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\*****\AppData\Local\Temp\nsuFD72.tmp\extensionData\plugins\91.js"
sh=0341443CE26533AF99733A197169AFFFDA666677 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\*****\AppData\Local\Temp\nsuFD72.tmp\novaExtensionData\plugins\91.js"
sh=EEAB20A42E6281018DFCE00FCAC54884763D167C ft=1 fh=c71c00116462c559 vn="Variante von Win32/Packed.VMDetector.I evtl. unerwünschte Anwendung" ac=I fn="C:\Users\*****\AppData\Local\Temp\nszBC25.tmp\InstallerUtils.dll"
sh=78A87348B96F3ADAEFEBEB752CE50A554054FE93 ft=1 fh=9378fb2ca06e75dd vn="Variante von Win32/Packed.VMDetector.I evtl. unerwünschte Anwendung" ac=I fn="C:\Users\*****\AppData\Local\Temp\nszBC25.tmp\InstallerUtils2.dll"
sh=9413821E4285C46DAF48156B472065FC2D763FE8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\*****\AppData\Roaming\BIXK"
sh=DDD7E789E67132CF6C5D8169B2F46E3498FCA60F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\*****\AppData\Roaming\VPOY"
sh=98FA0364C8353B1590ACF135C7B8D1681094344F ft=0 fh=0000000000000000 vn="Win32/SmootherWeb.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\q8g87hy9.default-1413320695280\extensions\jid1-U7omKQ6kQfxMaQ@jetpack.xpi"
sh=0C53AD8C5815EC193F269B7F4225526331F55560 ft=1 fh=428351b47f1227d5 vn="Win32/SmootherWeb.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\*****\AppData\Roaming\SmootherWeb\SmootherWeb-Installer.exe"
sh=98FA0364C8353B1590ACF135C7B8D1681094344F ft=0 fh=0000000000000000 vn="Win32/SmootherWeb.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\*****\Desktop\Alte Firefox-Daten\h3l95hqu.default\extensions\jid1-U7omKQ6kQfxMaQ@jetpack.xpi"
sh=0341443CE26533AF99733A197169AFFFDA666677 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\*****\Desktop\Alte Firefox-Daten\h3l95hqu.default\extensions\3c8f3083-413b-4aa6-ad29-fb93d8982e80@gmail.com\extensionData\plugins\91.js"
sh=BCF43267B4416C6DDEFAAD5AE0A63E3F682C5BB0 ft=1 fh=905be375e5c80006 vn="Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung" ac=I fn="C:\Users\*****\Downloads\PDFCreator-1_6_2_setup.exe"
sh=D0357617961BF3D526BEFAAB0048CBB983EA4DF9 ft=1 fh=c604c933e8b9509f vn="Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung" ac=I fn="C:\Users\*****\Downloads\PDFCreator-1_7_0_setup(1).exe"
sh=D0357617961BF3D526BEFAAB0048CBB983EA4DF9 ft=1 fh=c604c933e8b9509f vn="Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung" ac=I fn="C:\Users\*****\Downloads\PDFCreator-1_7_0_setup.exe"
sh=FBBE31F08E493A8B0702FE72F3ABA6DF996E20C6 ft=1 fh=1055b3d0ea15ac02 vn="Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung" ac=I fn="C:\Users\*****\Downloads\PDFCreator-1_7_2_setup.exe"
sh=E2C028A886AA7352539DEE32CBB38770C529A76E ft=1 fh=d2aeb2930bcba9f7 vn="Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung" ac=I fn="C:\Users\*****\Downloads\PDFCreator-1_7_3_setup.exe"
sh=0F950F135F45C37872EAB7D88DCA5603C5550017 ft=0 fh=0000000000000000 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\4956a82.msi"
sh=971FE5F015F8EF585EBC98622B2EC0D2D5EF8C10 ft=0 fh=0000000000000000 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\4956a88.msi"
sh=36EB32D18626788561826E68D2E47417CC0289DC ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Widgi evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\59537.msi"
sh=BA2C170D2D9B7A52B7646D4AAF2F79E1DDBB6E46 ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Iminent.E evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\df1498.msi"
sh=FB6671A49A884070C6EF715D2F1FAD2BDBBBC136 ft=1 fh=2af0db3e042baa77 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSI6F4F.tmp-\Smartbar.Resources.HistoryAndStatsWrapper.dll"
sh=0350DF22B6626CFD0AD4EB6007A2461F11CEEE10 ft=1 fh=209276bd891a8712 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSI6F4F.tmp-\spbe.dll"
sh=B65091119509CD666CCCA7B15B877C4B022A7833 ft=1 fh=4367817249f0c42e vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSI6F4F.tmp-\sppsm.dll"
sh=74170C095222A2C20A4890317F06F305E8F3AD4D ft=1 fh=c7c1dc6906c45ff4 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSI6F4F.tmp-\spusm.dll"
sh=A9CBD104B9E7095FA2149353191B54C6BE529B89 ft=1 fh=175322f6e29cd6c3 vn="Variante von MSIL/Toolbar.Linkury.C evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSI6F4F.tmp-\srbs.dll"
sh=04DB138EADC252C1A2A992522B885B1EC49FC51B ft=1 fh=2b5a7693da531107 vn="Variante von MSIL/Toolbar.Linkury.F evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSI6F4F.tmp-\srbu.dll"
sh=FA84A01F54889BF65D7FF7FEE70C0ABB2022EB34 ft=1 fh=55bc1129650c5700 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSI6F4F.tmp-\srptc.dll"
sh=FB6671A49A884070C6EF715D2F1FAD2BDBBBC136 ft=1 fh=2af0db3e042baa77 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSI9C39.tmp-\Smartbar.Resources.HistoryAndStatsWrapper.dll"
sh=FA84A01F54889BF65D7FF7FEE70C0ABB2022EB34 ft=1 fh=55bc1129650c5700 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSI9C39.tmp-\srptc.dll"
sh=FB6671A49A884070C6EF715D2F1FAD2BDBBBC136 ft=1 fh=2af0db3e042baa77 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSIA6C1.tmp-\Smartbar.Resources.HistoryAndStatsWrapper.dll"
sh=B65091119509CD666CCCA7B15B877C4B022A7833 ft=1 fh=4367817249f0c42e vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSIA6C1.tmp-\sppsm.dll"
sh=74170C095222A2C20A4890317F06F305E8F3AD4D ft=1 fh=c7c1dc6906c45ff4 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSIA6C1.tmp-\spusm.dll"
sh=FA84A01F54889BF65D7FF7FEE70C0ABB2022EB34 ft=1 fh=55bc1129650c5700 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSIA6C1.tmp-\srptc.dll"
sh=D911EB5507070609F9FC2392B495B9B20A3BB30F ft=1 fh=4c0bdf77751f2704 vn="Win32/AdWare.Loadshop.C Anwendung" ac=I fn="C:\Windows\System32\MyOSProtect.dll"
sh=E1A2C9DA921D9DA917ADE37B872D97E732A138BD ft=1 fh=a4119be6dfe53dd8 vn="Variante von Win32/Systweak.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\roboot.exe"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="Win32/AdWare.Loadshop.C Anwendung" ac=I fn="${Memory}"
Code:
ATTFilter Results of screen317's Security Check version 0.99.87
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Microsoft Security Essentials
(On Access scanning disabled!)
Error obtaining update status for antivirus!
`````````Anti-malware/Other Utilities Check:`````````
Java 7 Update 60
Java version out of Date!
Adobe Flash Player 15.0.0.152
Adobe Reader XI
Mozilla Firefox (32.0.3)
Google Chrome 37.0.2062.120
Google Chrome 37.0.2062.124
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-10-2014
Ran by ***** (administrator) on *****-PC on 20-10-2014 17:27:06
Running from C:\Users\*****\Desktop
Loaded Profile: ***** (Available profiles: ***** & ********** & DefaultAppPool)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(MAGIX AG) C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
(Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
() C:\Program Files\CyberLink\Shared files\RichVideo.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(X10) C:\Program Files\Common Files\X10\Common\X10nets.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Wistron) C:\Program Files\Launch Manager\HotkeyApp.exe
(Wistron Corp.) C:\Program Files\Launch Manager\OSD.exe
(Wistron Corp.) C:\Program Files\Launch Manager\WButton.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(CyberLink) C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(Wistron Corp.) C:\Program Files\Launch Manager\WisLMSvc.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Dropbox, Inc.) C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe
(MyOSCompany) C:\Program Files\PCTRunner\MyOSProtect.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [HotkeyApp] => C:\Program Files\Launch Manager\HotkeyApp.exe [200704 2009-12-14] (Wistron)
HKLM\...\Run: [LMgrVolOSD] => C:\Program Files\Launch Manager\OSD.exe [348960 2009-12-11] (Wistron Corp.)
HKLM\...\Run: [LMgrOSD] => "C:\Program Files\Launch Manager\OSDCtrl.exe"
HKLM\...\Run: [Wbutton] => C:\Program Files\Launch Manager\Wbutton.exe [413696 2010-01-13] (Wistron Corp.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1594664 2009-12-11] (Synaptics Incorporated)
HKLM\...\Run: [CLMLServer] => C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-11-02] (CyberLink)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [8522272 2010-03-02] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe [678432 2010-03-02] (Realtek Semiconductor)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-09-27] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [421736 2011-10-09] (Apple Inc.)
HKLM\...\Run: [DivXUpdate] => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1259376 2011-07-29] ()
HKLM\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [685048 2012-08-03] (Cisco Systems, Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [974432 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
HKLM\...\Run: [mbot_de_137] => [X]
HKU\S-1-5-21-3931753103-4279822412-3289483211-1000\...\Run: [Facebook Update] => C:\Users\*****\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-11] (Facebook Inc.)
HKU\S-1-5-21-3931753103-4279822412-3289483211-1000\...\Run: [Google Update] => C:\Users\*****\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-10-23] (Google Inc.)
HKU\S-1-5-21-3931753103-4279822412-3289483211-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [22038120 2014-08-27] (Skype Technologies S.A.)
HKU\S-1-5-21-3931753103-4279822412-3289483211-1000\...\Run: [smoother] => C:\Users\*****\AppData\Roaming\SmootherWeb\SmootherWeb-Installer.exe [489651 2014-08-27] ()
HKU\S-1-5-21-3931753103-4279822412-3289483211-1000\...\MountPoints2: {63698762-8fde-11df-9421-00262df5ba12} - F:\LaunchU3.exe -a
Startup: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\**********\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\**********\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
ShortcutTarget: OpenOffice.org 3.2.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJ_lxMV3YF4my25wxYHXyASziywErMfAcl0f0ZBtFdEQ5uxruqqo5PzmU0-suly99bF9-3ICIU-eo0MVw2M6TM7jnipZoxXW4JSDvu-BEU_KWrZ0y6o9ztbVcTzo65BQmkJWyhRYeGgPj1xw6WSlhZ0w,,&q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJ_lxMV3YF4my25wxYHXyASziywErMfAcl0f0ZBtFdEQ5uxruqqo5PzmU0-suly99bF9-3ICIU-eo0MVw2M6TM7jnuYS0ahIMOHM71tICfNk_U7USnRQz-LvIgqVmXizTbcG_bcg72RONUnIy0AfQeWA,,
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1412861457&from=tugs&uid=WDCXWD5000BEVT-00A0RT0_WD-WX31A207948079480&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://isearch.omiga-plus.com/?type=hp&ts=1412861457&from=tugs&uid=WDCXWD5000BEVT-00A0RT0_WD-WX31A207948079480
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://isearch.omiga-plus.com/?type=hp&ts=1412861457&from=tugs&uid=WDCXWD5000BEVT-00A0RT0_WD-WX31A207948079480
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1412861457&from=tugs&uid=WDCXWD5000BEVT-00A0RT0_WD-WX31A207948079480&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://isearch.omiga-plus.com/?type=sc&ts=1412861457&from=tugs&uid=WDCXWD5000BEVT-00A0RT0_WD-WX31A207948079480
SearchScopes: HKLM - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJ_lxMV3YF4my25wxYHXyASziywErMfAcl0f0ZBtFdEQ5uxruqqo5PzmU0-suly99bF9-3ICIU-eo0MVw2M6TM7jnipZoxXW4JSDvu-BEU_KWrZ0y6o9ztbVcTzo65BQmkJWyhRYfCJvnbUWlj6I4rwVXp7A,,&q={searchTerms}
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJ_lxMV3YF4my25wxYHXyASziywErMfAcl0f0ZBtFdEQ5uxruqqo5PzmU0-suly99bF9-3ICIU-eo0MVw2M6TM7jnipZoxXW4JSDvu-BEU_KWrZ0y6o9ztbVcTzo65BQmkJWyhRYeGgPj1xw6WSlhZ0w,,&q={searchTerms}
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3325582&octid=EB_ORIGINAL_CTID&ISID=ME5822137-BC8E-4CC0-8678-4DAE522EC745&SearchSource=58&CUI=&UM=2&UP=SP10212541-3ABC-47AC-A377-29708A714C1F&q={searchTerms}&SSPV=
BHO: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files\SupTab\SupTab.dll No File
BHO: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
DPF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Winsock: Catalog9 01 C:\Windows\system32\MyOSProtect.dll [304776] (MyOSCompany)
Winsock: Catalog9 02 C:\Windows\system32\MyOSProtect.dll [304776] (MyOSCompany)
Winsock: Catalog9 03 C:\Windows\system32\MyOSProtect.dll [304776] (MyOSCompany)
Winsock: Catalog9 04 C:\Windows\system32\MyOSProtect.dll [304776] (MyOSCompany)
Winsock: Catalog9 15 C:\Windows\system32\MyOSProtect.dll [304776] (MyOSCompany)
Tcpip\Parameters: [DhcpNameServer] 192.168.140.1
FireFox:
========
FF ProfilePath: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\q8g87hy9.default-1413320695280
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\npPDFXCviewNPPlugin.dll No File
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.3 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=12.0.1.647 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=12.0.1.647 -> C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=12.0.1.647 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=12.0.1.647 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=12.0.1.647 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: PDF Architect 2 -> C:\Program Files\PDF Architect 2\np-previewer.dll (pdfforge GmbH)
FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\npPDFXCviewNPPlugin.dll No File
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\*****\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\*****\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\*****\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\*****\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\*****\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\*****\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\*****\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\omiga-plus.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Smoother Web - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\q8g87hy9.default-1413320695280\Extensions\jid1-U7omKQ6kQfxMaQ@jetpack.xpi [2014-10-14]
FF Extension: Adblock Plus - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\q8g87hy9.default-1413320695280\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-10-17]
FF Extension: Skype extension - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-05-09]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011-05-19]
FF HKLM\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2014-06-06]
FF HKLM\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\h3l95hqu.default\extensions\faststartff@gmail.com
Chrome:
=======
CHR HomePage: Default -> hxxp://isearch.omiga-plus.com/?type=hp&ts=1412861457&from=tugs&uid=WDCXWD5000BEVT-00A0RT0_WD-WX31A207948079480
CHR StartupUrls: Default -> "hxxp://isearch.omiga-plus.com/?type=hp&ts=1412861457&from=tugs&uid=WDCXWD5000BEVT-00A0RT0_WD-WX31A207948079480"
CHR Profile: C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-05]
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2014-01-31]
CHR Extension: (Google Wallet) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-22]
CHR Extension: (Citavi Picker) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohgndokldibnndfnjnagojmheejlengn [2014-07-16]
CHR Extension: (Quick start) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma [2014-10-14]
CHR HKLM\...\Chrome\Extension: [fnjbmmemklcjgepojigaapkoodmkgbae] - C:\Program Files\DivX\DivX Plus Web Player\google_chrome\wpa\wpa.crx []
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2011-05-19]
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\google_chrome\html5video\html5video.crx [2011-05-19]
CHR HKLM\...\Chrome\Extension: [ohgndokldibnndfnjnagojmheejlengn] - C:\Program Files\Citavi 4\Pickers\Chrome\ChromePicker.crx [2014-02-07]
CHR HKLM\...\Chrome\Extension: [pelmeidfhdlhlbjimpabfcbnnojbboma] - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx [2014-02-07]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2011-11-29] (Adobe Systems) [File not signed]
R2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1155072 2009-02-03] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [3276800 2008-08-07] (MAGIX®) [File not signed]
S2 GenesisMonitor; C:\Users\*****\AppData\Local\Genesis_10091331\Monitor_10091331.exe [3699200 2014-10-09] () [File not signed]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe [227232 2010-01-15] (McAfee, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation)
R3 MyOSProtect; C:\Program Files\PCTRunner\MyOSProtect.exe [1317096 2014-09-01] (MyOSCompany) [File not signed]
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation)
S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [36352 2009-12-12] () [File not signed]
S3 PDF Architect 2; C:\Program Files\PDF Architect 2\ws.exe [1716264 2014-04-30] (pdfforge GmbH)
S3 pdfforge CrashHandler; C:\Program Files\PDF Architect 2\crash-handler-ws.exe [861736 2014-04-30] (pdfforge GmbH)
S2 ProtectMonitor; C:\monitorsvc.exe [34244 2014-09-02] () [File not signed] <==== ATTENTION
R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [244904 2010-02-10] () [File not signed]
R2 vpnagent; C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [537592 2012-08-03] (Cisco Systems, Inc.)
R3 WisLMSvc; C:\Program Files\Launch Manager\WisLMSvc.exe [118560 2009-10-22] (Wistron Corp.)
R2 x10nets; C:\Program Files\Common Files\X10\Common\X10nets.exe [20480 2009-11-07] (X10) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 acsock; C:\Windows\System32\DRIVERS\acsock.sys [87976 2012-08-03] (Cisco Systems, Inc.)
S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
S4 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.)
S3 LVUSBSta; C:\Windows\System32\drivers\LVUSBSta.sys [41752 2008-07-26] (Logitech Inc.)
S3 mod7700; C:\Windows\System32\DRIVERS\mod7700.sys [786400 2009-08-13] (DiBcom SA)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation)
S1 pcwatch; C:\Windows\system32\Drivers\pcwatch.sys [20480 2014-09-01] () [File not signed] <==== ATTENTION
S3 pepifilter; C:\Windows\System32\DRIVERS\lv302af.sys [13848 2008-07-26] (Logitech Inc.)
R3 pfc; C:\Windows\System32\drivers\pfc.sys [10368 2005-11-02] (Padus, Inc.) [File not signed]
S3 PID_PEPI; C:\Windows\System32\DRIVERS\LV302V32.SYS [2570520 2008-07-26] (Logitech Inc.)
R3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [25984 2009-12-12] (The OpenVPN Project)
S1 vflt; C:\Windows\System32\DRIVERS\vfilter.sys [17920 2010-09-02] (Shrew Soft Inc) [File not signed]
S3 vnet; C:\Windows\System32\DRIVERS\virtualnet.sys [13824 2010-09-02] (Shrew Soft Inc) [File not signed]
R3 X10Hid; C:\Windows\System32\Drivers\x10hid.sys [13720 2009-05-13] (X10 Wireless Technology, Inc.)
R3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [27160 2009-05-13] (X10 Wireless Technology, Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-20 17:27 - 2014-10-20 17:27 - 00026702 _____ () C:\Users\*****\Desktop\FRST.txt
2014-10-20 17:27 - 2014-10-20 17:27 - 00000000 ____D () C:\Users\*****\Desktop\FRST-OlderVersion
2014-10-20 17:25 - 2014-10-20 17:25 - 00000976 _____ () C:\Users\*****\Desktop\checkup.txt
2014-10-20 17:19 - 2014-10-20 17:19 - 00854417 _____ () C:\Users\*****\Desktop\SecurityCheck.exe
2014-10-20 17:01 - 2014-10-20 17:01 - 00003408 ____N () C:\bootsqm.dat
2014-10-20 03:28 - 2014-10-20 03:28 - 02347384 _____ (ESET) C:\Users\*****\Desktop\esetsmartinstaller_deu.exe
2014-10-19 13:47 - 2014-10-10 03:44 - 00396288 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-19 13:47 - 2014-10-10 03:44 - 00230912 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-19 13:47 - 2014-10-10 03:39 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-19 13:47 - 2014-10-07 04:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-19 13:47 - 2014-09-29 02:41 - 02379264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-19 13:47 - 2014-09-26 00:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-19 13:47 - 2014-09-26 00:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-19 13:47 - 2014-09-26 00:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-19 13:47 - 2014-09-26 00:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-19 13:47 - 2014-09-26 00:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-19 13:47 - 2014-09-19 03:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-19 13:47 - 2014-09-19 03:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-19 13:47 - 2014-09-19 03:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-19 13:47 - 2014-09-19 03:14 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-19 13:47 - 2014-09-19 03:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-19 13:47 - 2014-09-19 03:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-19 13:47 - 2014-09-19 03:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-19 13:47 - 2014-09-19 02:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-19 13:47 - 2014-09-19 02:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-19 13:47 - 2014-09-19 02:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-19 13:47 - 2014-09-19 02:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-19 13:47 - 2014-09-19 02:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-19 13:47 - 2014-09-19 02:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-19 13:47 - 2014-09-19 02:50 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-19 13:47 - 2014-09-19 02:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-19 13:47 - 2014-09-19 02:44 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-19 13:47 - 2014-09-19 02:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-19 13:47 - 2014-09-19 02:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-19 13:47 - 2014-09-19 02:20 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-19 13:47 - 2014-09-19 02:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-19 13:47 - 2014-09-19 02:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-19 13:47 - 2014-09-19 01:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-19 13:47 - 2014-09-19 01:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-19 13:47 - 2014-09-19 01:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-19 13:47 - 2014-09-04 07:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-19 13:47 - 2014-06-19 00:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-19 13:47 - 2014-06-19 00:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-19 13:47 - 2014-06-19 00:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-19 13:46 - 2014-08-29 03:44 - 04922368 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-19 13:46 - 2014-08-29 03:44 - 02744320 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-10-19 13:46 - 2014-08-29 03:44 - 01050112 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-19 13:46 - 2014-08-29 03:44 - 00269312 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2014-10-19 13:46 - 2014-08-29 03:44 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-10-19 13:46 - 2014-07-17 03:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-19 13:46 - 2014-07-17 03:39 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-19 13:46 - 2014-07-17 03:39 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-19 13:46 - 2014-07-17 03:39 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-19 13:46 - 2014-07-17 03:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-19 13:46 - 2014-07-17 03:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-19 13:46 - 2014-07-17 03:03 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-19 13:46 - 2014-07-17 03:02 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-19 13:44 - 2014-09-18 03:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-19 13:44 - 2014-09-13 03:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-19 01:30 - 2014-10-19 01:30 - 00001027 _____ () C:\Users\*****\Desktop\JRT.txt
2014-10-19 01:03 - 2014-10-19 01:03 - 00001199 _____ () C:\Users\*****\Desktop\mbam.txt
2014-10-17 20:42 - 2014-10-17 20:43 - 00046103 _____ () C:\Users\*****\Desktop\Addition.txt
2014-10-16 21:30 - 2014-10-16 21:30 - 00026638 _____ () C:\Users\*****\.recently-used.xbel
2014-10-16 19:49 - 2014-10-16 19:49 - 00000000 ___SD () C:\ComboFix
2014-10-16 19:43 - 2014-10-16 19:49 - 00000000 ____D () C:\Qoobox
2014-10-16 19:42 - 2014-10-16 19:42 - 00000000 ____D () C:\Windows\erdnt
2014-10-16 19:35 - 2014-10-16 19:35 - 05583559 ____R (Swearware) C:\Users\*****\Desktop\ComboFix.exe
2014-10-15 20:07 - 2014-10-20 03:21 - 00000000 ____D () C:\Users\*****\Desktop\aktuelle Dokumente
2014-10-15 20:04 - 2014-10-20 17:27 - 01102848 _____ (Farbar) C:\Users\*****\Desktop\FRST.exe
2014-10-15 20:04 - 2014-10-20 17:27 - 00000000 ____D () C:\FRST
2014-10-15 16:03 - 2014-10-15 17:57 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-14 23:15 - 2014-10-19 14:25 - 00000000 ____D () C:\AdwCleaner
2014-10-14 23:13 - 2014-10-14 23:14 - 01976320 _____ () C:\Users\*****\Downloads\adwcleaner_4.000.exe
2014-10-14 00:29 - 2014-10-14 00:29 - 00131072 _____ () C:\Windows\Minidump\101414-33945-01.dmp
2014-10-14 00:25 - 2014-10-20 17:08 - 00001330 _____ () C:\Windows\Tasks\BIXK.job
2014-10-14 00:23 - 2014-10-20 17:08 - 00001330 _____ () C:\Windows\Tasks\VPOY.job
2014-10-13 02:06 - 2014-10-13 02:07 - 00000000 ____D () C:\Users\*****\Desktop\Wasen 11 10 14
2014-10-13 01:49 - 2014-10-15 23:10 - 00000000 ____D () C:\Users\*****\Desktop\NIS
2014-10-13 01:49 - 2014-10-13 03:00 - 00000000 ____D () C:\Users\*****\Desktop\GM
2014-10-12 01:48 - 2014-07-23 11:15 - 00967685 _____ () C:\Users\*****\Downloads\adblock_plus-2.6.4-fx+an+sm+tb.xpi
2014-10-12 01:47 - 2014-10-12 01:48 - 00919582 _____ () C:\Users\*****\Downloads\adblock_plus-2.6.4-fx_an_sm_tb.xpi.zip
2014-10-09 19:43 - 2014-10-09 20:20 - 00001126 _____ () C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-10-09 16:11 - 2014-10-09 20:20 - 00002062 _____ () C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-10-09 16:05 - 2014-10-19 14:28 - 00000000 ____D () C:\Users\*****\AppData\Roaming\systweak
2014-10-09 16:03 - 2014-10-19 14:28 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SmootherWeb
2014-10-09 16:03 - 2014-10-19 14:28 - 00000000 ____D () C:\SmootherWeb
2014-10-09 16:03 - 2014-08-05 19:14 - 00018280 _____ () C:\Windows\system32\roboot.exe
2014-10-09 16:02 - 2014-10-19 14:28 - 00000000 ____D () C:\Users\*****\AppData\Roaming\LookThisUp
2014-10-09 16:01 - 2014-10-19 13:36 - 00000000 ____D () C:\Users\*****\AppData\Roaming\SmootherWeb
2014-10-09 15:45 - 2014-10-19 14:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InetStat
2014-10-09 15:36 - 2014-09-01 20:29 - 00020480 _____ () C:\Windows\system32\Drivers\pcwatch.sys
2014-10-09 15:35 - 2014-10-09 15:38 - 00009784 _____ () C:\Windows\system32\MyOSProtect.ini
2014-10-09 15:35 - 2014-09-01 20:28 - 00304776 _____ (MyOSCompany) C:\Windows\system32\MyOSProtect.dll
2014-10-09 15:34 - 2014-10-09 15:34 - 00000000 ____D () C:\Users\*****\AppData\Roaming\TuneUp Software
2014-10-09 15:34 - 2014-10-09 15:34 - 00000000 ____D () C:\Users\*****\AppData\Local\TuneUp Software
2014-10-09 15:33 - 2014-10-19 14:27 - 00000000 ____D () C:\ProgramData\IePluginServices
2014-10-09 15:33 - 2014-10-19 14:27 - 00000000 ____D () C:\Program Files\SupTab
2014-10-09 15:33 - 2014-10-14 00:32 - 00000000 ___HD () C:\Users\Public\Temp
2014-10-09 15:32 - 2014-10-09 15:38 - 00000000 ____D () C:\ProgramData\TuneUp Software
2014-10-09 15:32 - 2014-10-09 15:32 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2014-10-09 15:31 - 2014-10-19 14:28 - 00000000 ____D () C:\Users\*****\AppData\Local\Genesis_10091331
2014-10-09 15:31 - 2014-10-19 14:27 - 00000000 ____D () C:\Program Files\Optimizer Pro
2014-10-09 15:30 - 2014-10-19 14:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PepperZip
2014-10-09 15:30 - 2014-10-19 14:27 - 00000000 ____D () C:\Program Files\XTRM Group
2014-10-09 15:30 - 2014-10-19 14:27 - 00000000 ____D () C:\Program Files\PCTRunner
2014-10-09 15:29 - 2014-10-19 14:28 - 00000000 ____D () C:\Users\*****\AppData\Local\Genesis_10091329
2014-10-09 15:21 - 2014-10-19 14:28 - 00000000 ____D () C:\Users\*****\AppData\Roaming\RHEng
2014-10-09 15:19 - 2014-10-09 15:20 - 29840688 _____ (DVDVideoSoft Ltd. ) C:\Users\*****\Downloads\FreeYouTubeDownload.exe
2014-10-01 21:58 - 2014-10-01 21:58 - 00000048 _____ () C:\Users\*****\.gtk-bookmarks
2014-10-01 12:33 - 2014-09-25 03:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-09-25 23:49 - 2014-09-25 23:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-09-25 23:49 - 2014-09-25 23:49 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-09-25 17:50 - 2014-09-25 17:50 - 00000000 ____D () C:\Users\**********\AppData\Local\Skype
2014-09-25 16:14 - 2014-09-26 16:29 - 00000000 ____D () C:\Users\**********\Desktop\Qualität Medienempfehlung
2014-09-24 17:27 - 2014-09-09 23:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-24 12:22 - 2014-09-24 12:22 - 00000000 ____D () C:\Users\**********\Documents\IBM
2014-09-23 14:05 - 2014-09-26 11:03 - 00000000 ____D () C:\Users\**********\Documents\Citavi 4
2014-09-23 14:05 - 2014-09-23 14:05 - 00000000 ____D () C:\Users\**********\AppData\Roaming\Swiss Academic Software
2014-09-23 13:11 - 2014-09-23 13:12 - 00323672 _____ (Dropbox, Inc.) C:\Users\**********\Downloads\DropboxInstaller.exe
2014-09-23 13:05 - 2014-09-23 13:05 - 00000000 ____D () C:\Users\**********\Downloads\Amos22
2014-09-23 13:01 - 2014-09-23 13:04 - 65286173 _____ (ALTAP) C:\Users\**********\Downloads\Amos_22_Win.exe
2014-09-23 12:59 - 2014-09-23 13:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IBM SPSS Statistics
2014-09-23 12:59 - 2014-09-23 12:59 - 00000000 ____D () C:\ProgramData\SPSS
2014-09-23 12:47 - 2014-09-23 12:48 - 00000000 ____D () C:\Users\**********\Downloads\SPSS22_win32
2014-09-23 12:16 - 2014-09-23 12:44 - 728491088 _____ (ALTAP) C:\Users\**********\Downloads\SPSS22_win32.exe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-20 17:21 - 2010-08-13 13:08 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-20 17:19 - 2010-04-29 22:16 - 01988017 _____ () C:\Windows\WindowsUpdate.log
2014-10-20 17:15 - 2009-07-14 06:34 - 00018928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-20 17:15 - 2009-07-14 06:34 - 00018928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-20 17:12 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-10-20 17:10 - 2011-12-21 16:55 - 00001116 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3931753103-4279822412-3289483211-1000UA.job
2014-10-20 17:10 - 2011-02-02 17:50 - 00000000 ___RD () C:\Users\*****\Dropbox
2014-10-20 17:10 - 2010-05-01 15:08 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Skype
2014-10-20 17:09 - 2011-02-02 17:49 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Dropbox
2014-10-20 17:08 - 2010-08-13 13:08 - 00001090 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-20 17:07 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-20 17:06 - 2009-07-14 06:39 - 00212671 _____ () C:\Windows\setupact.log
2014-10-20 17:05 - 2009-07-14 04:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-10-20 17:04 - 2009-07-14 06:33 - 00481128 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-20 17:02 - 2014-05-06 21:41 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-20 17:02 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-10-20 11:26 - 2010-03-02 07:45 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-20 11:24 - 2013-08-30 11:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-20 11:16 - 2010-03-02 08:25 - 100290944 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-20 10:52 - 2012-06-09 13:25 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-20 10:48 - 2011-10-27 02:23 - 00001134 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3931753103-4279822412-3289483211-1000UA.job
2014-10-20 03:15 - 2011-10-27 02:23 - 00001112 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3931753103-4279822412-3289483211-1000Core.job
2014-10-19 14:28 - 2013-02-02 22:07 - 00000000 ____D () C:\Users\DefaultAppPool
2014-10-19 14:28 - 2012-09-05 11:01 - 00000000 ____D () C:\Users\**********
2014-10-19 14:28 - 2010-04-29 22:16 - 00000000 ____D () C:\Users\*****
2014-10-19 14:28 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\wfp
2014-10-19 14:27 - 2014-07-10 03:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-10-19 14:27 - 2014-07-10 03:37 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware
2014-10-19 14:27 - 2014-03-13 05:14 - 00000000 ____D () C:\Program Files\NCH Software
2014-10-19 14:27 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\registration
2014-10-19 14:27 - 2009-07-14 04:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-10-19 14:26 - 2009-07-14 10:56 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-10-19 14:25 - 2011-05-19 23:05 - 00000000 ____D () C:\ProgramData\Real
2014-10-19 14:10 - 2011-12-21 16:55 - 00001064 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3931753103-4279822412-3289483211-1000Core.job
2014-10-19 14:02 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\LogFiles
2014-10-17 15:42 - 2010-07-12 02:35 - 00000000 ____D () C:\Users\*****\Rezepte
2014-10-17 01:33 - 2011-04-12 00:11 - 00000000 ____D () C:\Users\*****\.gimp-2.6
2014-10-16 21:30 - 2011-04-12 00:19 - 00000000 ____D () C:\Users\*****\AppData\Roaming\gtk-2.0
2014-10-16 13:40 - 2010-03-02 07:02 - 01748740 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-16 11:18 - 2010-03-02 08:06 - 00197462 _____ () C:\Windows\PFRO.log
2014-10-14 19:01 - 2011-11-01 22:25 - 00000000 ____D () C:\Users\*****\AppData\Roaming\DVDVideoSoft
2014-10-14 00:29 - 2010-11-08 13:57 - 00000000 ____D () C:\Windows\Minidump
2014-10-14 00:28 - 2010-11-08 13:57 - 592307826 _____ () C:\Windows\MEMORY.DMP
2014-10-10 01:32 - 2014-05-09 22:15 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-10-09 20:20 - 2013-04-05 04:08 - 00002125 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-09 20:20 - 2010-04-29 22:17 - 00001417 _____ () C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-10-09 20:19 - 2012-12-24 22:32 - 00001125 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-10-09 15:33 - 2009-07-14 04:37 - 00000000 ___RD () C:\Users\Public
2014-10-08 01:35 - 2014-03-02 22:33 - 00000000 ____D () C:\Users\*****\Desktop\Privatsphäre
2014-10-07 17:28 - 2014-06-06 15:07 - 00000000 ____D () C:\Users\*****\Documents\Citavi 4
2014-10-06 21:54 - 2014-07-07 00:36 - 00000000 ____D () C:\Users\*****\Desktop\Poliskop
2014-10-06 17:39 - 2014-08-21 16:14 - 00000000 ____D () C:\Users\*****\Desktop\Bewerbungsfoto
2014-10-01 20:09 - 2011-01-05 02:17 - 00034816 _____ () C:\Users\*****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-09-30 22:04 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-09-26 16:29 - 2013-01-13 22:06 - 00000000 ___RD () C:\Users\**********\Dropbox
2014-09-26 16:28 - 2013-02-24 12:54 - 00000000 ____D () C:\Users\**********\AppData\Roaming\NetSpeedMonitor
2014-09-26 10:51 - 2013-01-13 22:03 - 00000000 ____D () C:\Users\**********\AppData\Roaming\Dropbox
2014-09-26 10:49 - 2012-04-26 13:23 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-09-25 23:49 - 2010-05-01 15:06 - 00000000 ___RD () C:\Program Files\Skype
2014-09-25 23:49 - 2010-05-01 15:06 - 00000000 ____D () C:\ProgramData\Skype
2014-09-25 23:31 - 2012-09-07 14:52 - 00000000 ____D () C:\Users\**********\AppData\Roaming\Skype
2014-09-24 22:25 - 2013-02-24 13:25 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-24 12:22 - 2013-02-12 10:31 - 00000000 ____D () C:\Users\**********\Desktop\Erasmus
2014-09-24 12:15 - 2012-09-07 14:27 - 00000000 ____D () C:\Users\**********\AppData\Local\javasharedresources
2014-09-23 14:07 - 2010-04-30 00:41 - 00141248 _____ () C:\Users\*****\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-23 13:14 - 2013-01-13 22:06 - 00001029 _____ () C:\Users\**********\Desktop\Dropbox.lnk
2014-09-23 13:14 - 2013-01-13 22:05 - 00000000 ____D () C:\Users\**********\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-09-23 13:09 - 2012-09-07 14:45 - 00141248 _____ () C:\Users\**********\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-23 13:05 - 2013-01-12 02:12 - 00000014 _____ () C:\Windows\system32\ssprs.tgz
2014-09-23 13:05 - 2012-09-07 14:20 - 00000219 _____ () C:\Windows\system32\lsprst7.tgz
2014-09-23 13:05 - 2012-09-07 14:20 - 00000205 _____ () C:\Windows\system32\lsprst7.dll
2014-09-23 13:05 - 2012-09-07 14:20 - 00000016 ____H () C:\Windows\system32\servdat.slm
2014-09-23 12:11 - 2012-09-05 11:04 - 00000000 ____D () C:\Users\**********\AppData\Local\Mozilla
2014-09-22 08:41 - 2010-03-02 08:22 - 00231568 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
Some content of TEMP:
====================
C:\Users\*****\AppData\Local\Temp\APNSetup.exe
C:\Users\*****\AppData\Local\Temp\BackupSetup.exe
C:\Users\*****\AppData\Local\Temp\dlLogic.exe
C:\Users\*****\AppData\Local\Temp\dltr.exe
C:\Users\*****\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpkv75pl.dll
C:\Users\*****\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\*****\AppData\Local\Temp\edsetup.exe
C:\Users\*****\AppData\Local\Temp\ffsetup.exe
C:\Users\*****\AppData\Local\Temp\GCVerifier.dll
C:\Users\*****\AppData\Local\Temp\HAlG4.exe
C:\Users\*****\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\*****\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\*****\AppData\Local\Temp\lshufytx.dll
C:\Users\*****\AppData\Local\Temp\optprosetup.exe
C:\Users\*****\AppData\Local\Temp\Quarantine.exe
C:\Users\*****\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\*****\AppData\Local\Temp\setup_337.exe
C:\Users\*****\AppData\Local\Temp\SHelp2.exe
C:\Users\*****\AppData\Local\Temp\SkypeSetup.exe
C:\Users\*****\AppData\Local\Temp\SNUH8.dll
C:\Users\*****\AppData\Local\Temp\SNUH8.exe
C:\Users\*****\AppData\Local\Temp\SpOrder.dll
C:\Users\*****\AppData\Local\Temp\sqlite3.dll
C:\Users\*****\AppData\Local\Temp\verifier.exe
C:\Users\*****\AppData\Local\Temp\VOPackage.exe
C:\Users\**********\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpgega5b.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-10-19 02:19
==================== End Of Log ============================
--- --- --- Also die ursprünglichen Probleme sind schon länger weg. Gestern hatte ich beim Hochfahren zum ersten Mal eine Systemstartreparatur und heute wurden beim Hochfahren erstmal massenweise Indexeinträge verarbeitet (?). Hat das was mit dem Eset zu tun? Jetzt scheint aber alles wieder normal zu funktionieren. Oder gibt es noch irgendwelche Auffälligkeiten? Danke! |
|
21.10.2014, 11:56
| #12 |
| /// the machine /// TB-Ausbilder | Ads by CinPl-2.5c Virus und Folgeschäden Java udpaten. Revo Uninstaller - Download - Filepony damit Firefox deinstallieren, keine Daten behalten, Reste entfernen lassen, neu installieren. Dann: https://support.mozilla.org/de/kb/fi...einfach-loesen Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter C:\Program Files\PCTRunner
C:\monitor.exe
C:\Users\*****\AppData\Roaming\BIXK
C:\Users\*****\AppData\Roaming\VPOY
C:\Windows\System32\MyOSProtect.dll
C:\Windows\System32\roboot.exe
HKLM\...\Run: [mbot_de_137] => [X]
HKU\S-1-5-21-3931753103-4279822412-3289483211-1000\...\Run: [Facebook Update] => C:\Users\*****\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-11] (Facebook Inc.)
HKU\S-1-5-21-3931753103-4279822412-3289483211-1000\...\Run: [smoother] => C:\Users\*****\AppData\Roaming\SmootherWeb\SmootherWeb-Installer.exe [489651 2014-08-27] ()
C:\Users\*****\AppData\Roaming\SmootherWeb
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJ_lxMV3YF4my25wxYHXyASziywErMfAcl0f0ZBtFdEQ5uxruqqo5PzmU0-suly99bF9-3ICIU-eo0MVw2M6TM7jnipZoxXW4JSDvu-BEU_KWrZ0y6o9ztbVcTzo65BQmkJWyhRYeGgPj1xw6WSlhZ0w,,&q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJ_lxMV3YF4my25wxYHXyASziywErMfAcl0f0ZBtFdEQ5uxruqqo5PzmU0-suly99bF9-3ICIU-eo0MVw2M6TM7jnuYS0ahIMOHM71tICfNk_U7USnRQz-LvIgqVmXizTbcG_bcg72RONUnIy0AfQeWA,,
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1412861457&from=tugs&uid=WDCXWD5000BEVT-00A0RT0_WD-WX31A207948079480&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://isearch.omiga-plus.com/?type=hp&ts=1412861457&from=tugs&uid=WDCXWD5000BEVT-00A0RT0_WD-WX31A207948079480
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://isearch.omiga-plus.com/?type=hp&ts=1412861457&from=tugs&uid=WDCXWD5000BEVT-00A0RT0_WD-WX31A207948079480
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1412861457&from=tugs&uid=WDCXWD5000BEVT-00A0RT0_WD-WX31A207948079480&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://isearch.omiga-plus.com/?type=sc&ts=1412861457&from=tugs&uid=WDCXWD5000BEVT-00A0RT0_WD-WX31A207948079480
SearchScopes: HKLM - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJ_lxMV3YF4my25wxYHXyASziywErMfAcl0f0ZBtFdEQ5uxruqqo5PzmU0-suly99bF9-3ICIU-eo0MVw2M6TM7jnipZoxXW4JSDvu-BEU_KWrZ0y6o9ztbVcTzo65BQmkJWyhRYfCJvnbUWlj6I4rwVXp7A,,&q={searchTerms}
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJ_lxMV3YF4my25wxYHXyASziywErMfAcl0f0ZBtFdEQ5uxruqqo5PzmU0-suly99bF9-3ICIU-eo0MVw2M6TM7jnipZoxXW4JSDvu-BEU_KWrZ0y6o9ztbVcTzo65BQmkJWyhRYeGgPj1xw6WSlhZ0w,,&q={searchTerms}
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3325582&octid=EB_ORIGINAL_CTID&ISID=ME5822137-BC8E-4CC0-8678-4DAE522EC745&SearchSource=58&CUI=&UM=2&UP=SP10212541-3ABC-47AC-A377-29708A714C1F&q={searchTerms}&SSPV=
BHO: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files\SupTab\SupTab.dll No File
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
Winsock: Catalog9 01 C:\Windows\system32\MyOSProtect.dll [304776] (MyOSCompany)
Winsock: Catalog9 02 C:\Windows\system32\MyOSProtect.dll [304776] (MyOSCompany)
Winsock: Catalog9 03 C:\Windows\system32\MyOSProtect.dll [304776] (MyOSCompany)
Winsock: Catalog9 04 C:\Windows\system32\MyOSProtect.dll [304776] (MyOSCompany)
Winsock: Catalog9 15 C:\Windows\system32\MyOSProtect.dll [304776] (MyOSCompany)
cmd: netsh winsock reset
CHR HomePage: Default -> hxxp://isearch.omiga-plus.com/?type=hp&ts=1412861457&from=tugs&uid=WDCXWD5000BEVT-00A0RT0_WD-WX31A207948079480
CHR StartupUrls: Default -> "hxxp://isearch.omiga-plus.com/?type=hp&ts=1412861457&from=tugs&uid=WDCXWD5000BEVT-00A0RT0_WD-WX31A207948079480"
CHR HKLM\...\Chrome\Extension: [pelmeidfhdlhlbjimpabfcbnnojbboma] - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx [2014-02-07]
R3 MyOSProtect; C:\Program Files\PCTRunner\MyOSProtect.exe [1317096 2014-09-01] (MyOSCompany) [File not signed]
S2 ProtectMonitor; C:\monitorsvc.exe [34244 2014-09-02] () [File not signed] <==== ATTENTION
File: C:\Windows\system32\Drivers\pcwatch.sys
Emptytemp:
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Frisches FRST Log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
21.10.2014, 14:53
| #13 |
| | Ads by CinPl-2.5c Virus und Folgeschäden Ok, hier die beiden Logs: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 21-10-2014
Ran by ***** at 2014-10-21 15:34:24 Run:1
Running from C:\Users\*****\Desktop
Loaded Profile: ***** (Available profiles: ***** & ********** & DefaultAppPool)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
C:\Program Files\PCTRunner
C:\monitor.exe
C:\Users\*****\AppData\Roaming\BIXK
C:\Users\*****\AppData\Roaming\VPOY
C:\Windows\System32\MyOSProtect.dll
C:\Windows\System32\roboot.exe
HKLM\...\Run: [mbot_de_137] => [X]
HKU\S-1-5-21-3931753103-4279822412-3289483211-1000\...\Run: [Facebook Update] => C:\Users\*****\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-11] (Facebook Inc.)
HKU\S-1-5-21-3931753103-4279822412-3289483211-1000\...\Run: [smoother] => C:\Users\*****\AppData\Roaming\SmootherWeb\SmootherWeb-Installer.exe [489651 2014-08-27] ()
C:\Users\*****\AppData\Roaming\SmootherWeb
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJ_lxMV3YF4my25wxYHXyASziywErMfAcl0f0ZBtFdEQ5uxruqqo5PzmU0-suly99bF9-3ICIU-eo0MVw2M6TM7jnipZoxXW4JSDvu-BEU_KWrZ0y6o9ztbVcTzo65BQmkJWyhRYeGgPj1xw6WSlhZ0w,,&q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJ_lxMV3YF4my25wxYHXyASziywErMfAcl0f0ZBtFdEQ5uxruqqo5PzmU0-suly99bF9-3ICIU-eo0MVw2M6TM7jnuYS0ahIMOHM71tICfNk_U7USnRQz-LvIgqVmXizTbcG_bcg72RONUnIy0AfQeWA,,
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1412861457&from=tugs&uid=WDCXWD5000BEVT-00A0RT0_WD-WX31A207948079480&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://isearch.omiga-plus.com/?type=hp&ts=1412861457&from=tugs&uid=WDCXWD5000BEVT-00A0RT0_WD-WX31A207948079480
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://isearch.omiga-plus.com/?type=hp&ts=1412861457&from=tugs&uid=WDCXWD5000BEVT-00A0RT0_WD-WX31A207948079480
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1412861457&from=tugs&uid=WDCXWD5000BEVT-00A0RT0_WD-WX31A207948079480&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://isearch.omiga-plus.com/?type=sc&ts=1412861457&from=tugs&uid=WDCXWD5000BEVT-00A0RT0_WD-WX31A207948079480
SearchScopes: HKLM - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJ_lxMV3YF4my25wxYHXyASziywErMfAcl0f0ZBtFdEQ5uxruqqo5PzmU0-suly99bF9-3ICIU-eo0MVw2M6TM7jnipZoxXW4JSDvu-BEU_KWrZ0y6o9ztbVcTzo65BQmkJWyhRYfCJvnbUWlj6I4rwVXp7A,,&q={searchTerms}
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJ_lxMV3YF4my25wxYHXyASziywErMfAcl0f0ZBtFdEQ5uxruqqo5PzmU0-suly99bF9-3ICIU-eo0MVw2M6TM7jnipZoxXW4JSDvu-BEU_KWrZ0y6o9ztbVcTzo65BQmkJWyhRYeGgPj1xw6WSlhZ0w,,&q={searchTerms}
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3325582&octid=EB_ORIGINAL_CTID&ISID=ME5822137-BC8E-4CC0-8678-4DAE522EC745&SearchSource=58&CUI=&UM=2&UP=SP10212541-3ABC-47AC-A377-29708A714C1F&q={searchTerms}&SSPV=
BHO: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files\SupTab\SupTab.dll No File
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
Winsock: Catalog9 01 C:\Windows\system32\MyOSProtect.dll [304776] (MyOSCompany)
Winsock: Catalog9 02 C:\Windows\system32\MyOSProtect.dll [304776] (MyOSCompany)
Winsock: Catalog9 03 C:\Windows\system32\MyOSProtect.dll [304776] (MyOSCompany)
Winsock: Catalog9 04 C:\Windows\system32\MyOSProtect.dll [304776] (MyOSCompany)
Winsock: Catalog9 15 C:\Windows\system32\MyOSProtect.dll [304776] (MyOSCompany)
cmd: netsh winsock reset
CHR HomePage: Default -> hxxp://isearch.omiga-plus.com/?type=hp&ts=1412861457&from=tugs&uid=WDCXWD5000BEVT-00A0RT0_WD-WX31A207948079480
CHR StartupUrls: Default -> "hxxp://isearch.omiga-plus.com/?type=hp&ts=1412861457&from=tugs&uid=WDCXWD5000BEVT-00A0RT0_WD-WX31A207948079480"
CHR HKLM\...\Chrome\Extension: [pelmeidfhdlhlbjimpabfcbnnojbboma] - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx [2014-02-07]
R3 MyOSProtect; C:\Program Files\PCTRunner\MyOSProtect.exe [1317096 2014-09-01] (MyOSCompany) [File not signed]
S2 ProtectMonitor; C:\monitorsvc.exe [34244 2014-09-02] () [File not signed] <==== ATTENTION
File: C:\Windows\system32\Drivers\pcwatch.sys
Emptytemp:
*****************
C:\Program Files\PCTRunner => Moved successfully.
C:\monitor.exe => Moved successfully.
C:\Users\*****\AppData\Roaming\BIXK => Moved successfully.
C:\Users\*****\AppData\Roaming\VPOY => Moved successfully.
C:\Windows\System32\MyOSProtect.dll => Moved successfully.
C:\Windows\System32\roboot.exe => Moved successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\mbot_de_137 => value deleted successfully.
HKU\S-1-5-21-3931753103-4279822412-3289483211-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Facebook Update => value deleted successfully.
HKU\S-1-5-21-3931753103-4279822412-3289483211-1000\Software\Microsoft\Windows\CurrentVersion\Run\\smoother => value deleted successfully.
C:\Users\*****\AppData\Roaming\SmootherWeb => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKCU\SOFTWARE\Policies\Google" => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}" => Key deleted successfully.
"HKCR\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}" => Key deleted successfully.
"HKCR\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}" => Key deleted successfully.
"HKCR\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}" => Key deleted successfully.
"HKCR\CLSID\{3049C3E9-B461-4BC5-8870-4C09146192CA}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}" => Key deleted successfully.
"HKCR\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{C345E174-3E87-4F41-A01C-B066A90A49B4}" => Key deleted successfully.
"HKCR\CLSID\{C345E174-3E87-4F41-A01C-B066A90A49B4}" => Key deleted successfully.
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001" => Key deleted successfully.
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002" => Key deleted successfully.
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003" => Key deleted successfully.
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004" => Key deleted successfully.
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000015" => Key deleted successfully.
========= netsh winsock reset =========
Die Initialisierungsfunktion InitHelperDll in NSHHTTP.DLL konnte nicht gestartet werden. Fehlercode 10107
Der Winsock-Katalog wurde zur�ckgesetzt.
Sie m�ssen den Computer neu starten, um den Vorgang abzuschlie�en.
========= End of CMD: =========
Chrome HomePage deleted successfully.
Chrome StartupUrls deleted successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma" => Key deleted successfully.
"C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx" => File/Directory not found.
MyOSProtect => Service stopped successfully.
MyOSProtect => Service deleted successfully.
ProtectMonitor => Service deleted successfully.
========================= File: C:\Windows\system32\Drivers\pcwatch.sys ========================
MD5: 49CD1E3BF6FA027BC219A9A9FB3E3772
Creation and modification date: 2014-10-09 15:36 - 2014-09-01 20:29
Size: 0020480
Attributes: ----A
Company Name:
Internal Name:
Original Name:
Product Name:
Description:
File Version:
Product Version:
Copyright:
====== End Of File: ======
EmptyTemp: => Removed 3 GB temporary data.
The system needed a reboot.
==== End of Fixlog ====
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21-10-2014
Ran by ***** (administrator) on *****-PC on 21-10-2014 15:45:55
Running from C:\Users\*****\Desktop
Loaded Profile: ***** (Available profiles: ***** & ********** & DefaultAppPool)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(MAGIX AG) C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
(Wistron) C:\Program Files\Launch Manager\HotkeyApp.exe
(Wistron Corp.) C:\Program Files\Launch Manager\OSD.exe
(Wistron Corp.) C:\Program Files\Launch Manager\WButton.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
() C:\Program Files\CyberLink\Shared files\RichVideo.exe
(CyberLink) C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(X10) C:\Program Files\Common Files\X10\Common\X10nets.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Wistron Corp.) C:\Program Files\Launch Manager\WisLMSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Dropbox, Inc.) C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [HotkeyApp] => C:\Program Files\Launch Manager\HotkeyApp.exe [200704 2009-12-14] (Wistron)
HKLM\...\Run: [LMgrVolOSD] => C:\Program Files\Launch Manager\OSD.exe [348960 2009-12-11] (Wistron Corp.)
HKLM\...\Run: [LMgrOSD] => "C:\Program Files\Launch Manager\OSDCtrl.exe"
HKLM\...\Run: [Wbutton] => C:\Program Files\Launch Manager\Wbutton.exe [413696 2010-01-13] (Wistron Corp.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1594664 2009-12-11] (Synaptics Incorporated)
HKLM\...\Run: [CLMLServer] => C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-11-02] (CyberLink)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [8522272 2010-03-02] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe [678432 2010-03-02] (Realtek Semiconductor)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-09-27] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [421736 2011-10-09] (Apple Inc.)
HKLM\...\Run: [DivXUpdate] => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1259376 2011-07-29] ()
HKLM\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [685048 2012-08-03] (Cisco Systems, Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [974432 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM\...\Run: [] => [X]
HKU\S-1-5-21-3931753103-4279822412-3289483211-1000\...\Run: [Google Update] => C:\Users\*****\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-10-23] (Google Inc.)
HKU\S-1-5-21-3931753103-4279822412-3289483211-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [22038120 2014-08-27] (Skype Technologies S.A.)
HKU\S-1-5-21-3931753103-4279822412-3289483211-1000\...\MountPoints2: {63698762-8fde-11df-9421-00262df5ba12} - F:\LaunchU3.exe -a
Startup: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\**********\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\**********\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
ShortcutTarget: OpenOffice.org 3.2.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
DPF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA}
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.140.1
FireFox:
========
FF ProfilePath: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\aevgqlwg.default-1413897422177
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\npPDFXCviewNPPlugin.dll No File
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.3 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=12.0.1.647 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=12.0.1.647 -> C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=12.0.1.647 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=12.0.1.647 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=12.0.1.647 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: PDF Architect 2 -> C:\Program Files\PDF Architect 2\np-previewer.dll (pdfforge GmbH)
FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\npPDFXCviewNPPlugin.dll No File
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\*****\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\*****\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\*****\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\*****\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\*****\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\*****\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\*****\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
Chrome:
=======
CHR Profile: C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-05]
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2014-01-31]
CHR Extension: (Google Wallet) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-22]
CHR Extension: (Citavi Picker) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohgndokldibnndfnjnagojmheejlengn [2014-07-16]
CHR HKLM\...\Chrome\Extension: [fnjbmmemklcjgepojigaapkoodmkgbae] - C:\Program Files\DivX\DivX Plus Web Player\google_chrome\wpa\wpa.crx []
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2011-05-19]
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\google_chrome\html5video\html5video.crx [2011-05-19]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2011-11-29] (Adobe Systems) [File not signed]
R2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1155072 2009-02-03] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [3276800 2008-08-07] (MAGIX®) [File not signed]
S2 GenesisMonitor; C:\Users\*****\AppData\Local\Genesis_10091331\Monitor_10091331.exe [3699200 2014-10-09] () [File not signed]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe [227232 2010-01-15] (McAfee, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation)
S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [36352 2009-12-12] () [File not signed]
S3 PDF Architect 2; C:\Program Files\PDF Architect 2\ws.exe [1716264 2014-04-30] (pdfforge GmbH)
S3 pdfforge CrashHandler; C:\Program Files\PDF Architect 2\crash-handler-ws.exe [861736 2014-04-30] (pdfforge GmbH)
R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [244904 2010-02-10] () [File not signed]
R2 vpnagent; C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [537592 2012-08-03] (Cisco Systems, Inc.)
R3 WisLMSvc; C:\Program Files\Launch Manager\WisLMSvc.exe [118560 2009-10-22] (Wistron Corp.)
R2 x10nets; C:\Program Files\Common Files\X10\Common\X10nets.exe [20480 2009-11-07] (X10) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 acsock; C:\Windows\System32\DRIVERS\acsock.sys [87976 2012-08-03] (Cisco Systems, Inc.)
S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
S4 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.)
S3 LVUSBSta; C:\Windows\System32\drivers\LVUSBSta.sys [41752 2008-07-26] (Logitech Inc.)
S3 mod7700; C:\Windows\System32\DRIVERS\mod7700.sys [786400 2009-08-13] (DiBcom SA)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation)
S1 pcwatch; C:\Windows\system32\Drivers\pcwatch.sys [20480 2014-09-01] () [File not signed] <==== ATTENTION
S3 pepifilter; C:\Windows\System32\DRIVERS\lv302af.sys [13848 2008-07-26] (Logitech Inc.)
R3 pfc; C:\Windows\System32\drivers\pfc.sys [10368 2005-11-02] (Padus, Inc.) [File not signed]
S3 PID_PEPI; C:\Windows\System32\DRIVERS\LV302V32.SYS [2570520 2008-07-26] (Logitech Inc.)
R3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [25984 2009-12-12] (The OpenVPN Project)
S1 vflt; C:\Windows\System32\DRIVERS\vfilter.sys [17920 2010-09-02] (Shrew Soft Inc) [File not signed]
S3 vnet; C:\Windows\System32\DRIVERS\virtualnet.sys [13824 2010-09-02] (Shrew Soft Inc) [File not signed]
R3 X10Hid; C:\Windows\System32\Drivers\x10hid.sys [13720 2009-05-13] (X10 Wireless Technology, Inc.)
R3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [27160 2009-05-13] (X10 Wireless Technology, Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-21 15:14 - 2014-10-21 15:14 - 00001125 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-10-21 15:14 - 2014-10-21 15:14 - 00001113 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-10-21 15:14 - 2014-10-21 15:14 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-10-21 15:14 - 2014-10-21 15:14 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-10-21 15:11 - 2014-10-21 15:12 - 00244408 _____ () C:\Users\*****\Downloads\Firefox Setup Stub 33.0.exe
2014-10-21 14:57 - 2014-10-21 14:57 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\*****\Downloads\revosetup95.exe
2014-10-21 14:57 - 2014-10-21 14:57 - 00001230 _____ () C:\Users\*****\Desktop\Revo Uninstaller.lnk
2014-10-21 14:57 - 2014-10-21 14:57 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-10-21 14:46 - 2014-10-21 14:45 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\REN23BD.tmp
2014-10-21 14:45 - 2014-10-21 14:45 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\RENA329.tmp
2014-10-21 14:45 - 2014-10-21 14:45 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-10-21 14:43 - 2014-10-21 14:43 - 00638888 _____ (Oracle Corporation) C:\Users\*****\Downloads\jxpiinstall(3).exe
2014-10-21 14:41 - 2014-10-21 14:40 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\REN9DBD.tmp
2014-10-21 14:40 - 2014-10-21 14:40 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\RENFE62.tmp
2014-10-21 14:33 - 2014-10-21 14:34 - 33733032 _____ (Oracle Corporation) C:\Users\*****\Desktop\jre-8u20-windows-i586.exe
2014-10-21 14:02 - 2014-10-21 15:09 - 00000000 ____D () C:\Users\*****\Desktop\Gramatik
2014-10-20 17:27 - 2014-10-21 15:45 - 00018988 _____ () C:\Users\*****\Desktop\FRST.txt
2014-10-20 17:27 - 2014-10-21 15:34 - 00000000 ____D () C:\Users\*****\Desktop\FRST-OlderVersion
2014-10-20 17:25 - 2014-10-20 17:25 - 00000976 _____ () C:\Users\*****\Desktop\checkup.txt
2014-10-20 17:19 - 2014-10-20 17:19 - 00854417 _____ () C:\Users\*****\Desktop\SecurityCheck.exe
2014-10-20 17:01 - 2014-10-20 17:01 - 00003408 ____N () C:\bootsqm.dat
2014-10-20 03:28 - 2014-10-20 03:28 - 02347384 _____ (ESET) C:\Users\*****\Desktop\esetsmartinstaller_deu.exe
2014-10-19 13:47 - 2014-10-10 03:44 - 00396288 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-19 13:47 - 2014-10-10 03:44 - 00230912 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-19 13:47 - 2014-10-10 03:39 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-19 13:47 - 2014-10-07 04:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-19 13:47 - 2014-09-29 02:41 - 02379264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-19 13:47 - 2014-09-26 00:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-19 13:47 - 2014-09-26 00:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-19 13:47 - 2014-09-26 00:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-19 13:47 - 2014-09-26 00:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-19 13:47 - 2014-09-26 00:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-19 13:47 - 2014-09-19 03:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-19 13:47 - 2014-09-19 03:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-19 13:47 - 2014-09-19 03:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-19 13:47 - 2014-09-19 03:14 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-19 13:47 - 2014-09-19 03:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-19 13:47 - 2014-09-19 03:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-19 13:47 - 2014-09-19 03:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-19 13:47 - 2014-09-19 02:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-19 13:47 - 2014-09-19 02:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-19 13:47 - 2014-09-19 02:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-19 13:47 - 2014-09-19 02:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-19 13:47 - 2014-09-19 02:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-19 13:47 - 2014-09-19 02:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-19 13:47 - 2014-09-19 02:50 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-19 13:47 - 2014-09-19 02:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-19 13:47 - 2014-09-19 02:44 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-19 13:47 - 2014-09-19 02:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-19 13:47 - 2014-09-19 02:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-19 13:47 - 2014-09-19 02:20 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-19 13:47 - 2014-09-19 02:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-19 13:47 - 2014-09-19 02:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-19 13:47 - 2014-09-19 01:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-19 13:47 - 2014-09-19 01:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-19 13:47 - 2014-09-19 01:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-19 13:47 - 2014-09-04 07:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-19 13:47 - 2014-06-19 00:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-19 13:47 - 2014-06-19 00:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-19 13:47 - 2014-06-19 00:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-19 13:46 - 2014-08-29 03:44 - 04922368 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-19 13:46 - 2014-08-29 03:44 - 02744320 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-10-19 13:46 - 2014-08-29 03:44 - 01050112 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-19 13:46 - 2014-08-29 03:44 - 00269312 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2014-10-19 13:46 - 2014-08-29 03:44 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-10-19 13:46 - 2014-07-17 03:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-19 13:46 - 2014-07-17 03:39 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-19 13:46 - 2014-07-17 03:39 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-19 13:46 - 2014-07-17 03:39 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-19 13:46 - 2014-07-17 03:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-19 13:46 - 2014-07-17 03:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-19 13:46 - 2014-07-17 03:03 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-19 13:46 - 2014-07-17 03:02 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-19 13:44 - 2014-09-18 03:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-19 13:44 - 2014-09-13 03:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-19 01:30 - 2014-10-19 01:30 - 00001027 _____ () C:\Users\*****\Desktop\JRT.txt
2014-10-19 01:03 - 2014-10-19 01:03 - 00001199 _____ () C:\Users\*****\Desktop\mbam.txt
2014-10-17 20:42 - 2014-10-17 20:43 - 00046103 _____ () C:\Users\*****\Desktop\Addition.txt
2014-10-16 21:30 - 2014-10-16 21:30 - 00026638 _____ () C:\Users\*****\.recently-used.xbel
2014-10-16 19:49 - 2014-10-16 19:49 - 00000000 ___SD () C:\ComboFix
2014-10-16 19:43 - 2014-10-16 19:49 - 00000000 ____D () C:\Qoobox
2014-10-16 19:42 - 2014-10-16 19:42 - 00000000 ____D () C:\Windows\erdnt
2014-10-16 19:35 - 2014-10-16 19:35 - 05583559 ____R (Swearware) C:\Users\*****\Desktop\ComboFix.exe
2014-10-15 20:07 - 2014-10-20 03:21 - 00000000 ____D () C:\Users\*****\Desktop\aktuelle Dokumente
2014-10-15 20:04 - 2014-10-21 15:46 - 00000000 ____D () C:\FRST
2014-10-15 20:04 - 2014-10-21 15:34 - 01102336 _____ (Farbar) C:\Users\*****\Desktop\FRST.exe
2014-10-15 16:03 - 2014-10-15 17:57 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-14 23:15 - 2014-10-19 14:25 - 00000000 ____D () C:\AdwCleaner
2014-10-14 23:13 - 2014-10-14 23:14 - 01976320 _____ () C:\Users\*****\Downloads\adwcleaner_4.000.exe
2014-10-14 00:29 - 2014-10-14 00:29 - 00131072 _____ () C:\Windows\Minidump\101414-33945-01.dmp
2014-10-14 00:25 - 2014-10-21 15:40 - 00001330 _____ () C:\Windows\Tasks\BIXK.job
2014-10-14 00:23 - 2014-10-21 15:40 - 00001330 _____ () C:\Windows\Tasks\VPOY.job
2014-10-13 02:06 - 2014-10-13 02:07 - 00000000 ____D () C:\Users\*****\Desktop\Wasen 11 10 14
2014-10-13 01:49 - 2014-10-15 23:10 - 00000000 ____D () C:\Users\*****\Desktop\NIS
2014-10-13 01:49 - 2014-10-13 03:00 - 00000000 ____D () C:\Users\*****\Desktop\GM
2014-10-12 01:48 - 2014-07-23 11:15 - 00967685 _____ () C:\Users\*****\Downloads\adblock_plus-2.6.4-fx+an+sm+tb.xpi
2014-10-12 01:47 - 2014-10-12 01:48 - 00919582 _____ () C:\Users\*****\Downloads\adblock_plus-2.6.4-fx_an_sm_tb.xpi.zip
2014-10-09 16:05 - 2014-10-19 14:28 - 00000000 ____D () C:\Users\*****\AppData\Roaming\systweak
2014-10-09 16:03 - 2014-10-19 14:28 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SmootherWeb
2014-10-09 16:03 - 2014-10-19 14:28 - 00000000 ____D () C:\SmootherWeb
2014-10-09 16:02 - 2014-10-19 14:28 - 00000000 ____D () C:\Users\*****\AppData\Roaming\LookThisUp
2014-10-09 15:45 - 2014-10-19 14:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InetStat
2014-10-09 15:36 - 2014-09-01 20:29 - 00020480 _____ () C:\Windows\system32\Drivers\pcwatch.sys
2014-10-09 15:35 - 2014-10-09 15:38 - 00009784 _____ () C:\Windows\system32\MyOSProtect.ini
2014-10-09 15:34 - 2014-10-09 15:34 - 00000000 ____D () C:\Users\*****\AppData\Roaming\TuneUp Software
2014-10-09 15:34 - 2014-10-09 15:34 - 00000000 ____D () C:\Users\*****\AppData\Local\TuneUp Software
2014-10-09 15:33 - 2014-10-19 14:27 - 00000000 ____D () C:\ProgramData\IePluginServices
2014-10-09 15:33 - 2014-10-19 14:27 - 00000000 ____D () C:\Program Files\SupTab
2014-10-09 15:33 - 2014-10-14 00:32 - 00000000 ___HD () C:\Users\Public\Temp
2014-10-09 15:32 - 2014-10-09 15:38 - 00000000 ____D () C:\ProgramData\TuneUp Software
2014-10-09 15:32 - 2014-10-09 15:32 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2014-10-09 15:31 - 2014-10-19 14:28 - 00000000 ____D () C:\Users\*****\AppData\Local\Genesis_10091331
2014-10-09 15:31 - 2014-10-19 14:27 - 00000000 ____D () C:\Program Files\Optimizer Pro
2014-10-09 15:30 - 2014-10-19 14:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PepperZip
2014-10-09 15:30 - 2014-10-19 14:27 - 00000000 ____D () C:\Program Files\XTRM Group
2014-10-09 15:29 - 2014-10-19 14:28 - 00000000 ____D () C:\Users\*****\AppData\Local\Genesis_10091329
2014-10-09 15:21 - 2014-10-19 14:28 - 00000000 ____D () C:\Users\*****\AppData\Roaming\RHEng
2014-10-09 15:19 - 2014-10-09 15:20 - 29840688 _____ (DVDVideoSoft Ltd. ) C:\Users\*****\Downloads\FreeYouTubeDownload.exe
2014-10-01 21:58 - 2014-10-01 21:58 - 00000048 _____ () C:\Users\*****\.gtk-bookmarks
2014-10-01 12:33 - 2014-09-25 03:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-09-25 23:49 - 2014-09-25 23:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-09-25 23:49 - 2014-09-25 23:49 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-09-25 17:50 - 2014-09-25 17:50 - 00000000 ____D () C:\Users\**********\AppData\Local\Skype
2014-09-25 16:14 - 2014-09-26 16:29 - 00000000 ____D () C:\Users\**********\Desktop\Qualität Medienempfehlung
2014-09-24 17:27 - 2014-09-09 23:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-24 12:22 - 2014-09-24 12:22 - 00000000 ____D () C:\Users\**********\Documents\IBM
2014-09-23 14:05 - 2014-09-26 11:03 - 00000000 ____D () C:\Users\**********\Documents\Citavi 4
2014-09-23 14:05 - 2014-09-23 14:05 - 00000000 ____D () C:\Users\**********\AppData\Roaming\Swiss Academic Software
2014-09-23 13:11 - 2014-09-23 13:12 - 00323672 _____ (Dropbox, Inc.) C:\Users\**********\Downloads\DropboxInstaller.exe
2014-09-23 13:05 - 2014-09-23 13:05 - 00000000 ____D () C:\Users\**********\Downloads\Amos22
2014-09-23 13:01 - 2014-09-23 13:04 - 65286173 _____ (ALTAP) C:\Users\**********\Downloads\Amos_22_Win.exe
2014-09-23 12:59 - 2014-09-23 13:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IBM SPSS Statistics
2014-09-23 12:59 - 2014-09-23 12:59 - 00000000 ____D () C:\ProgramData\SPSS
2014-09-23 12:47 - 2014-09-23 12:48 - 00000000 ____D () C:\Users\**********\Downloads\SPSS22_win32
2014-09-23 12:16 - 2014-09-23 12:44 - 728491088 _____ (ALTAP) C:\Users\**********\Downloads\SPSS22_win32.exe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-21 15:43 - 2011-02-02 17:50 - 00000000 ___RD () C:\Users\*****\Dropbox
2014-10-21 15:43 - 2011-02-02 17:49 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Dropbox
2014-10-21 15:43 - 2010-05-01 15:08 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Skype
2014-10-21 15:40 - 2010-08-13 13:08 - 00001090 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-21 15:40 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-21 15:39 - 2010-03-02 08:06 - 00714092 _____ () C:\Windows\PFRO.log
2014-10-21 15:39 - 2009-07-14 06:39 - 00212783 _____ () C:\Windows\setupact.log
2014-10-21 15:38 - 2010-04-29 22:16 - 02020646 _____ () C:\Windows\WindowsUpdate.log
2014-10-21 15:31 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-10-21 15:21 - 2010-08-13 13:08 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-21 15:10 - 2011-12-21 16:55 - 00001116 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3931753103-4279822412-3289483211-1000UA.job
2014-10-21 14:52 - 2012-06-09 13:25 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-21 14:46 - 2014-01-06 12:52 - 00000000 ____D () C:\ProgramData\Oracle
2014-10-21 14:44 - 2010-03-02 07:55 - 00000000 ____D () C:\Program Files\Java
2014-10-21 14:40 - 2014-06-01 21:55 - 00272296 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-10-21 14:40 - 2014-06-01 21:55 - 00176552 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-10-21 14:40 - 2014-06-01 21:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-10-21 14:39 - 2014-06-01 21:55 - 00176552 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-10-21 14:33 - 2011-10-27 02:23 - 00001134 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3931753103-4279822412-3289483211-1000UA.job
2014-10-21 14:10 - 2011-12-21 16:55 - 00001064 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3931753103-4279822412-3289483211-1000Core.job
2014-10-21 13:29 - 2009-07-14 06:34 - 00018928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-21 13:29 - 2009-07-14 06:34 - 00018928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-21 13:21 - 2011-10-27 02:23 - 00001112 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3931753103-4279822412-3289483211-1000Core.job
2014-10-21 13:15 - 2010-03-02 07:02 - 01748740 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-20 17:05 - 2009-07-14 04:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-10-20 17:04 - 2009-07-14 06:33 - 00481128 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-20 17:02 - 2014-05-06 21:41 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-20 17:02 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-10-20 11:26 - 2010-03-02 07:45 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-20 11:24 - 2013-08-30 11:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-20 11:16 - 2010-03-02 08:25 - 100290944 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-19 14:28 - 2013-02-02 22:07 - 00000000 ____D () C:\Users\DefaultAppPool
2014-10-19 14:28 - 2012-09-05 11:01 - 00000000 ____D () C:\Users\**********
2014-10-19 14:28 - 2010-04-29 22:16 - 00000000 ____D () C:\Users\*****
2014-10-19 14:28 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\wfp
2014-10-19 14:27 - 2014-07-10 03:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-10-19 14:27 - 2014-07-10 03:37 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware
2014-10-19 14:27 - 2014-03-13 05:14 - 00000000 ____D () C:\Program Files\NCH Software
2014-10-19 14:27 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\registration
2014-10-19 14:27 - 2009-07-14 04:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-10-19 14:26 - 2009-07-14 10:56 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-10-19 14:25 - 2011-05-19 23:05 - 00000000 ____D () C:\ProgramData\Real
2014-10-19 14:02 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\LogFiles
2014-10-17 15:42 - 2010-07-12 02:35 - 00000000 ____D () C:\Users\*****\Rezepte
2014-10-17 01:33 - 2011-04-12 00:11 - 00000000 ____D () C:\Users\*****\.gimp-2.6
2014-10-16 21:30 - 2011-04-12 00:19 - 00000000 ____D () C:\Users\*****\AppData\Roaming\gtk-2.0
2014-10-14 19:01 - 2011-11-01 22:25 - 00000000 ____D () C:\Users\*****\AppData\Roaming\DVDVideoSoft
2014-10-14 00:29 - 2010-11-08 13:57 - 00000000 ____D () C:\Windows\Minidump
2014-10-14 00:28 - 2010-11-08 13:57 - 592307826 _____ () C:\Windows\MEMORY.DMP
2014-10-09 20:20 - 2013-04-05 04:08 - 00002125 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-09 20:20 - 2010-04-29 22:17 - 00001417 _____ () C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-10-09 15:33 - 2009-07-14 04:37 - 00000000 ___RD () C:\Users\Public
2014-10-08 01:35 - 2014-03-02 22:33 - 00000000 ____D () C:\Users\*****\Desktop\Privatsphäre
2014-10-07 17:28 - 2014-06-06 15:07 - 00000000 ____D () C:\Users\*****\Documents\Citavi 4
2014-10-06 21:54 - 2014-07-07 00:36 - 00000000 ____D () C:\Users\*****\Desktop\Poliskop
2014-10-06 17:39 - 2014-08-21 16:14 - 00000000 ____D () C:\Users\*****\Desktop\Bewerbungsfoto
2014-10-01 20:09 - 2011-01-05 02:17 - 00034816 _____ () C:\Users\*****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-09-30 22:04 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-09-26 16:29 - 2013-01-13 22:06 - 00000000 ___RD () C:\Users\**********\Dropbox
2014-09-26 16:28 - 2013-02-24 12:54 - 00000000 ____D () C:\Users\**********\AppData\Roaming\NetSpeedMonitor
2014-09-26 10:51 - 2013-01-13 22:03 - 00000000 ____D () C:\Users\**********\AppData\Roaming\Dropbox
2014-09-25 23:49 - 2010-05-01 15:06 - 00000000 ___RD () C:\Program Files\Skype
2014-09-25 23:49 - 2010-05-01 15:06 - 00000000 ____D () C:\ProgramData\Skype
2014-09-25 23:31 - 2012-09-07 14:52 - 00000000 ____D () C:\Users\**********\AppData\Roaming\Skype
2014-09-24 22:25 - 2013-02-24 13:25 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-24 12:22 - 2013-02-12 10:31 - 00000000 ____D () C:\Users\**********\Desktop\Erasmus
2014-09-24 12:15 - 2012-09-07 14:27 - 00000000 ____D () C:\Users\**********\AppData\Local\javasharedresources
2014-09-23 14:07 - 2010-04-30 00:41 - 00141248 _____ () C:\Users\*****\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-23 13:14 - 2013-01-13 22:06 - 00001029 _____ () C:\Users\**********\Desktop\Dropbox.lnk
2014-09-23 13:14 - 2013-01-13 22:05 - 00000000 ____D () C:\Users\**********\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-09-23 13:09 - 2012-09-07 14:45 - 00141248 _____ () C:\Users\**********\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-23 13:05 - 2013-01-12 02:12 - 00000014 _____ () C:\Windows\system32\ssprs.tgz
2014-09-23 13:05 - 2012-09-07 14:20 - 00000219 _____ () C:\Windows\system32\lsprst7.tgz
2014-09-23 13:05 - 2012-09-07 14:20 - 00000205 _____ () C:\Windows\system32\lsprst7.dll
2014-09-23 13:05 - 2012-09-07 14:20 - 00000016 ____H () C:\Windows\system32\servdat.slm
2014-09-23 12:11 - 2012-09-05 11:04 - 00000000 ____D () C:\Users\**********\AppData\Local\Mozilla
2014-09-22 08:41 - 2010-03-02 08:22 - 00231568 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
Some content of TEMP:
====================
C:\Users\*****\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp5cpx5f.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-10-19 02:19
==================== End Of Log ============================
--- --- --- |
|
22.10.2014, 10:12
| #14 |
| /// the machine /// TB-Ausbilder | Ads by CinPl-2.5c Virus und Folgeschäden Sieht gut aus. Bemerkst Du noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
22.10.2014, 22:21
| #15 |
| | Ads by CinPl-2.5c Virus und Folgeschäden Nein, scheint alles in Ordung zu sein Sind wir dann fertig? Danke! |
|
WARNUNG an die MITLESER: 
Linear-Darstellung
