| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Browser-Virus lässt sich nicht entfernenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
30.10.2014, 01:01
| #1 |
| |  Browser-Virus lässt sich nicht entfernen Hallo, habe mir vor 2 Tagen den omiga plus-Virus eingefangen und ihn mittels adwcleaner und Malwarebytes Anti-Malware entfernen können. jedoch erscheinen weiterhin ständig die ADS by info Pop-ups im Browser, sämtliche Versuche (Browser-Neuinstallation, Verknüpfungen überprüft, unbekannte Programme deinstalliert und erneuter Scan mit Anti-Malware und adwcleaner) schlagen fehl. Könnt ihr mir helfen? Meine Scans habe ich nachfolgend gepostet und angehangen. Danke im Voraus Gruß Sven Nachtrag: Scan mit SuperAntiSpyware-Scan durchgeführt, scheint jetzt behoben zu sein, oder? adwcleaner Code:
ATTFilter # AdwCleaner v4.002 - Report created 30/10/2014 at 00:01:49
# DB v2014-10-26.6
# Updated 27/10/2014 by Xplode
# Operating System : Windows 7 Enterprise Service Pack 1 (64 bits)
# Username : john - JOHN-PC
# Running from : C:\Users\john\Downloads\adwcleaner_4.002_CB-DL-Manager [1].exe
# Option : Clean
***** [ Services ] *****
[#] Service Deleted : KMService
***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InetStat
Folder Deleted : C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj
Folder Deleted : C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
***** [ Scheduled Tasks ] *****
Task Deleted : fsupdate
Task Deleted : LaunchSignup
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_hattrick-organizer(1)_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_hattrick-organizer(1)_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_hattrick-organizer_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_hattrick-organizer_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{059EACC2-1ABE-49E8-928D-DC8BD355B7A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220022502260}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D782BB2-F2A5-11D3-BF4C-000000000000}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066506660}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{26B19FA4-E8A1-4A1B-A163-1A1E46F830DD}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{25A3A431-30BB-47C8-AD6A-E1063801134F}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3D782BB2-F2A5-11D3-BF4C-000000000000}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066506660}
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\distromatic
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\InetStat
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\MyBestOffersToday
Key Deleted : HKCU\Software\OCS
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\performersoft llc
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\StartSearch
Key Deleted : HKCU\Software\vShare.tv
Key Deleted : HKCU\Software\WebEnhance
Key Deleted : HKCU\Software\StormWatch
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\Driver-Soft
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\InstalledBrowserExtensions
Key Deleted : HKLM\SOFTWARE\Tutorials
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Driver Genius_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Key Deleted : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
***** [ Browsers ] *****
-\\ Internet Explorer v9.0.8112.16421
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
-\\ Mozilla Firefox v33.0.1 (x86 de)
-\\ Google Chrome v
*************************
AdwCleaner[R0].txt - [17124 octets] - [29/10/2014 23:59:26]
AdwCleaner[S0].txt - [16517 octets] - [30/10/2014 00:01:49]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [16578 octets] ##########
Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 29.10.2014 Suchlauf-Zeit: 01:10:47 Logdatei: malwarebytes Scan.txt Administrator: Ja Version: 2.00.3.1025 Malware Datenbank: v2014.10.28.07 Rootkit Datenbank: v2014.10.22.01 Lizenz: Testversion Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: john Suchlauf-Art: Benutzerdefinierter Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 507459 Verstrichene Zeit: 1 Std, 21 Min, 16 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente erkannt) Module: 0 (Keine schädliche Elemente erkannt) Registrierungsschlüssel: 0 (Keine schädliche Elemente erkannt) Registrierungswerte: 0 (Keine schädliche Elemente erkannt) Registrierungsdaten: 0 (Keine schädliche Elemente erkannt) Ordner: 0 (Keine schädliche Elemente erkannt) Dateien: 13 PUP.Optional.LiMo, C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9VE7JIFR\lly_omiga-plus[1].exe, In Quarantäne, [a27578a2423ad462f4406fb44cb9c13f], PUP.Optional.CrossRider, C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9VE7JIFR\setup[1].exe, In Quarantäne, [d74068b2156775c1bbf9dbf5be43f30d], PUP.Optional.StormWatch.A, C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9VE7JIFR\Setup[2].exe, In Quarantäne, [41d6af6badcf88ae5a2f3b1aaf514bb5], PUP.Optional.Conduit, C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V32J9REX\OrbiterInstaller[1].exe, In Quarantäne, [31e6e7330379f244926b83317e8314ec], PUP.Optional.StormWatch.A, C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V32J9REX\stormwatch1_5[1].exe, In Quarantäne, [48cf48d22953f640fe8bf65fac54dd23], PUP.Optional.KrabWeb.A, C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VBIXSO83\KrabWeb[1].dll, In Quarantäne, [0c0bc85229531422351a9323926fa25e], PUP.Optional.Conduit.A, C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VBIXSO83\spstub[1].exe, In Quarantäne, [b562e832a9d340f663091e7fe02116ea], PUP.Optional.StormWatch.A, C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YLSJRZJB\1410451168_cbsetup[1].pkg, In Quarantäne, [898ea07a4636a0964b3e3d186e92ac54], PUP.Optional.SearchProtect.A, C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YLSJRZJB\SPSetup[1].exe, In Quarantäne, [6bacd842ccb00f2751d3fba8b8494fb1], PUP.Optional.StormWatch.A, C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YLSJRZJB\StormWatchSetup[1].exe, In Quarantäne, [3ed98793fc8095a12b5eaaabe020f907], PUP.Optional.Wajam, C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YLSJRZJB\WajamChecker[1].exe, In Quarantäne, [9e798199532992a487442477ca3820e0], PUP.Optional.DomaIQ, C:\Users\john\Downloads\Setup.exe, In Quarantäne, [b067ac6e92ea320469f28dcef30d2cd4], PUP.Optional.OutBrowse, C:\Users\Public\Temp\6FAC5756259E4D2B8DEDA81B27DD3A3E\setup.exe, In Quarantäne, [5eb9f4268def3501716823a554add030], Physische Sektoren: 0 (Keine schädliche Elemente erkannt) (end) Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 29.10.2014 Suchlauf-Zeit: 00:47:02 Logdatei: malwarebytes Scan2.txt Administrator: Ja Version: 2.00.3.1025 Malware Datenbank: v2014.10.28.07 Rootkit Datenbank: v2014.10.22.01 Lizenz: Testversion Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: john Suchlauf-Art: Hyper-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 312710 Verstrichene Zeit: 13 Min, 32 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Deaktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente erkannt) Module: 0 (Keine schädliche Elemente erkannt) Registrierungsschlüssel: 0 (Keine schädliche Elemente erkannt) Registrierungswerte: 0 (Keine schädliche Elemente erkannt) Registrierungsdaten: 0 (Keine schädliche Elemente erkannt) Ordner: 0 (Keine schädliche Elemente erkannt) Dateien: 3 PUP.Optional.SnapDo.A, C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\t94n2g8m.default-1414098093328\prefs.js, Gut: (), Schlecht: (user_pref("keyword.URL", "hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJ_CN_Cx0CEU-cMTeldOutkMRjeh3ONSaZtnPZ-WqavUI5QrNZcaCfqJLtQBOtALryk_tuXoAqmszcjhyTw1wX2aXE0rdKolsXjMRKNzUMkKkYKo-6oXdl2ZbPkbnxgOEBB69oaMzTnxNwrrmDCek8Vw,,&q=");), Ersetzt,[1dfae139304c81b593db3a2afa0b4fb1] PUP.Optional.SnapDo.A, C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\t94n2g8m.default-1414098093328\prefs.js, Gut: (), Schlecht: (user_pref("browser.startup.homepage", "hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJ_CN_Cx0CEU-cMTeldOutkMRjeh3ONSaZtnPZ-WqavUI5QrNZcaCfqJLtQBOtALryk_tuXoAqmszcjhyTw1wX2aXIAxbMCBmYoqtoSL-RUiZNczEcHkKx8okCLUZc0k_p3c-D2P36IW-Y4BfAKyRBBQ,,");), Ersetzt,[ab6c7e9c3745d95d71fe7ee6d62f11ef] PUP.Optional.CrossRider.A, C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\t94n2g8m.default-1414098093328\prefs.js, Gut: (), Schlecht: (user_pref("extensions.crossrider.bic", "14958d35369640855f5104cb10340acb");), Ersetzt,[061177a3b7c555e11e933036dc29c838] Physische Sektoren: 0 (Keine schädliche Elemente erkannt) (end) Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 10/30/2014 at 01:20 AM
Application Version : 6.0.1158
Database Version : 11581
Scan type : Quick Scan
Total Scan Time : 00:01:47
Operating System Information
Windows 7 Enterprise 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Administrator
Memory items scanned : 553
Memory threats detected : 0
Registry items scanned : 64292
Registry threats detected : 1
File items scanned : 8637
File threats detected : 233
PUP.PepperZip
(x86) HKU\S-1-5-21-763759145-3361092453-3005493021-1001\Software\PepperZip
Adware.Tracking Cookie
server.adform.net [ C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T94N2G8M.DEFAULT-1414098093328\COOKIES.SQLITE ]
C:\Users\john\AppData\Roaming\Microsoft\Windows\Cookies\john@ad.mlnadvertising[1].txtC:\Users\john\AppData\Roaming\Microsoft\Windows\Cookies\john@ad.mlnadvertising[1].txt [ /ad.mlnadvertising ]
.ad.mlnadvertising.com [ C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T94N2G8M.DEFAULT-1414098093328\COOKIES.SQLITE ]
c1.adform.net [ C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T94N2G8M.DEFAULT-1414098093328\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T94N2G8M.DEFAULT-1414098093328\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T94N2G8M.DEFAULT-1414098093328\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T94N2G8M.DEFAULT-1414098093328\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T94N2G8M.DEFAULT-1414098093328\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T94N2G8M.DEFAULT-1414098093328\COOKIES.SQLITE ]
.doubleclick.net [ C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T94N2G8M.DEFAULT-1414098093328\COOKIES.SQLITE ]
C:\Users\john\AppData\Roaming\Microsoft\Windows\Cookies\john@ad3.adfarm1.adition[1].txtC:\Users\john\AppData\Roaming\Microsoft\Windows\Cookies\john@ad3.adfarm1.adition[1].txt [ /ad3.adfarm1.adition ]
C:\Users\john\AppData\Roaming\Microsoft\Windows\Cookies\john@adfarm1.adition[2].txtC:\Users\john\AppData\Roaming\Microsoft\Windows\Cookies\john@adfarm1.adition[2].txt [ /adfarm1.adition ]
C:\Users\john\AppData\Roaming\Microsoft\Windows\Cookies\john@adformdsp[1].txtC:\Users\john\AppData\Roaming\Microsoft\Windows\Cookies\john@adformdsp[1].txt [ /adformdsp ]
C:\Users\john\AppData\Roaming\Microsoft\Windows\Cookies\john@adform[2].txtC:\Users\john\AppData\Roaming\Microsoft\Windows\Cookies\john@adform[2].txt [ /adform ]
.zedo.com [ C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T94N2G8M.DEFAULT-1414098093328\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T94N2G8M.DEFAULT-1414098093328\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T94N2G8M.DEFAULT-1414098093328\COOKIES.SQLITE ]
tracking-stvde.adsafety.net [ C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T94N2G8M.DEFAULT-1414098093328\COOKIES.SQLITE ]
C:\Users\john\AppData\Roaming\Microsoft\Windows\Cookies\john@ads.creative-serving[1].txtC:\Users\john\AppData\Roaming\Microsoft\Windows\Cookies\john@ads.creative-serving[1].txt [ /ads.creative-serving ]
track.adform.net [ C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T94N2G8M.DEFAULT-1414098093328\COOKIES.SQLITE ]
server.adformdsp.net [ C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T94N2G8M.DEFAULT-1414098093328\COOKIES.SQLITE ]
.adformdsp.net [ C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T94N2G8M.DEFAULT-1414098093328\COOKIES.SQLITE ]
.adform.net [ C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T94N2G8M.DEFAULT-1414098093328\COOKIES.SQLITE ]
coreclickhoo.com [ C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T94N2G8M.DEFAULT-1414098093328\COOKIES.SQLITE ]
C:\Users\john\AppData\Roaming\Microsoft\Windows\Cookies\john@ads.smartstream[2].txtC:\Users\john\AppData\Roaming\Microsoft\Windows\Cookies\john@ads.smartstream[2].txt [ /ads.smartstream ]
.advpixeltrack.com [ C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T94N2G8M.DEFAULT-1414098093328\COOKIES.SQLITE ]
C:\Users\john\AppData\Roaming\Microsoft\Windows\Cookies\john@ads.yahoo[1].txtC:\Users\john\AppData\Roaming\Microsoft\Windows\Cookies\john@ads.yahoo[1].txt [ /ads.yahoo ]
C:\Users\john\AppData\Roaming\Microsoft\Windows\Cookies\john@adtech[1].txtC:\Users\john\AppData\Roaming\Microsoft\Windows\Cookies\john@adtech[1].txt [ /adtech ]
C:\Users\john\AppData\Roaming\Microsoft\Windows\Cookies\john@advertising[2].txtC:\Users\john\AppData\Roaming\Microsoft\Windows\Cookies\john@advertising[2].txt [ /advertising ]
.adtech.de [ C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T94N2G8M.DEFAULT-1414098093328\COOKIES.SQLITE ]
.doubleclick.net [ C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T94N2G8M.DEFAULT-1414098093328\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T94N2G8M.DEFAULT-1414098093328\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T94N2G8M.DEFAULT-1414098093328\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T94N2G8M.DEFAULT-1414098093328\COOKIES.SQLITE ]
C:\Users\john\AppData\Roaming\Microsoft\Windows\Cookies\john@burstnet[1].txtC:\Users\john\AppData\Roaming\Microsoft\Windows\Cookies\john@burstnet[1].txt [ /burstnet ]
C:\Users\john\AppData\Roaming\Microsoft\Windows\Cookies\john@c1.adform[1].txtC:\Users\john\AppData\Roaming\Microsoft\Windows\Cookies\john@c1.adform[1].txt [ /c1.adform ]
.adfarm1.adition.com [ C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T94N2G8M.DEFAULT-1414098093328\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T94N2G8M.DEFAULT-1414098093328\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T94N2G8M.DEFAULT-1414098093328\COOKIES.SQLITE ]
C:\Users\john\AppData\Roaming\Microsoft\Windows\Cookies\john@casalemedia[1].txtC:\Users\john\AppData\Roaming\Microsoft\Windows\Cookies\john@casalemedia[1].txt [ /casalemedia ]
C:\Users\john\AppData\Roaming\Microsoft\Windows\Cookies\john@coreclickhoo[1].txtC:\Users\john\AppData\Roaming\Microsoft\Windows\Cookies\john@coreclickhoo[1].txt [ /coreclickhoo ]
.adform.net [ C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T94N2G8M.DEFAULT-1414098093328\COOKIES.SQLITE ]
c1.adform.net [ C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T94N2G8M.DEFAULT-1414098093328\COOKIES.SQLITE ]
C:\Users\john\AppData\Roaming\Microsoft\Windows\Cookies\john@doubleclick[2].txtC:\Users\john\AppData\Roaming\Microsoft\Windows\Cookies\john@doubleclick[2].txt [ /doubleclick ]
track.adform.net [ C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T94N2G8M.DEFAULT-1414098093328\COOKIES.SQLITE ]
C:\Users\john\AppData\Roaming\Microsoft\Windows\Cookies\john@imrworldwide[1].txtC:\Users\john\AppData\Roaming\Microsoft\Windows\Cookies\john@imrworldwide[1].txt [ /imrworldwide ]
.advertising.com [ C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T94N2G8M.DEFAULT-1414098093328\COOKIES.SQLITE ]
www.usenext.de [ C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T94N2G8M.DEFAULT-1414098093328\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T94N2G8M.DEFAULT-1414098093328\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T94N2G8M.DEFAULT-1414098093328\COOKIES.SQLITE ]
.advpixeltrack.com [ C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T94N2G8M.DEFAULT-1414098093328\COOKIES.SQLITE ]
.advpixeltrack.com [ C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T94N2G8M.DEFAULT-1414098093328\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T94N2G8M.DEFAULT-1414098093328\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T94N2G8M.DEFAULT-1414098093328\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T94N2G8M.DEFAULT-1414098093328\COOKIES.SQLITE ]
.eyeviewads.com [ C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T94N2G8M.DEFAULT-1414098093328\COOKIES.SQLITE ]
track.adform.net [ C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T94N2G8M.DEFAULT-1414098093328\COOKIES.SQLITE ]
tracking.mlsat02.de [ C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T94N2G8M.DEFAULT-1414098093328\COOKIES.SQLITE ]
C:\Users\john\AppData\Roaming\Microsoft\Windows\Cookies\john@revsci[2].txtC:\Users\john\AppData\Roaming\Microsoft\Windows\Cookies\john@revsci[2].txt [ /revsci ]
.zedo.com [ C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T94N2G8M.DEFAULT-1414098093328\COOKIES.SQLITE ]
C:\Users\john\AppData\Roaming\Microsoft\Windows\Cookies\john@ru4[1].txtC:\Users\john\AppData\Roaming\Microsoft\Windows\Cookies\john@ru4[1].txt [ /ru4 ]
m1.webstats.motigo.com [ C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T94N2G8M.DEFAULT-1414098093328\COOKIES.SQLITE ]
.weborama.fr [ C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T94N2G8M.DEFAULT-1414098093328\COOKIES.SQLITE ]
adfarm1.adition.com [ C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T94N2G8M.DEFAULT-1414098093328\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T94N2G8M.DEFAULT-1414098093328\COOKIES.SQLITE ]
cstatic.weborama.fr [ C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T94N2G8M.DEFAULT-1414098093328\COOKIES.SQLITE ]
.weborama.fr [ C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T94N2G8M.DEFAULT-1414098093328\COOKIES.SQLITE ]
C:\Users\john\AppData\Roaming\Microsoft\Windows\Cookies\john@server.adformdsp[1].txtC:\Users\john\AppData\Roaming\Microsoft\Windows\Cookies\john@server.adformdsp[1].txt [ /server.adformdsp ]
.adfarm1.adition.com [ C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T94N2G8M.DEFAULT-1414098093328\COOKIES.SQLITE ]
.fastclick.net [ C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T94N2G8M.DEFAULT-1414098093328\COOKIES.SQLITE ]
.fastclick.net [ C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T94N2G8M.DEFAULT-1414098093328\COOKIES.SQLITE ]
C:\Users\john\AppData\Roaming\Microsoft\Windows\Cookies\john@server.adform[1].txtC:\Users\john\AppData\Roaming\Microsoft\Windows\Cookies\john@server.adform[1].txt [ /server.adform ]
.adfarm1.adition.com [ C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T94N2G8M.DEFAULT-1414098093328\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T94N2G8M.DEFAULT-1414098093328\COOKIES.SQLITE ]
.burstnet.com [ C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T94N2G8M.DEFAULT-1414098093328\COOKIES.SQLITE ]
C:\Users\john\AppData\Roaming\Microsoft\Windows\Cookies\john@serving-sys[1].txtC:\Users\john\AppData\Roaming\Microsoft\Windows\Cookies\john@serving-sys[1].txt [ /serving-sys ]
www.burstnet.com [ C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T94N2G8M.DEFAULT-1414098093328\COOKIES.SQLITE ]
.tribalfusion.com [ C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T94N2G8M.DEFAULT-1414098093328\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T94N2G8M.DEFAULT-1414098093328\COOKIES.SQLITE ]
C:\Users\john\AppData\Roaming\Microsoft\Windows\Cookies\john@track.adform[2].txtC:\Users\john\AppData\Roaming\Microsoft\Windows\Cookies\john@track.adform[2].txt [ /track.adform ]
.smartadserver.com [ C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T94N2G8M.DEFAULT-1414098093328\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T94N2G8M.DEFAULT-1414098093328\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T94N2G8M.DEFAULT-1414098093328\COOKIES.SQLITE ]
C:\Users\john\AppData\Roaming\Microsoft\Windows\Cookies\john@tracking-stvde.adsafety[1].txtC:\Users\john\AppData\Roaming\Microsoft\Windows\Cookies\john@tracking-stvde.adsafety[1].txt [ /tracking-stvde.adsafety ]
.smartadserver.com [ C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T94N2G8M.DEFAULT-1414098093328\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T94N2G8M.DEFAULT-1414098093328\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T94N2G8M.DEFAULT-1414098093328\COOKIES.SQLITE ]
.adition.com [ C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T94N2G8M.DEFAULT-1414098093328\COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T94N2G8M.DEFAULT-1414098093328\COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T94N2G8M.DEFAULT-1414098093328\COOKIES.SQLITE ]
C:\Users\john\AppData\Roaming\Microsoft\Windows\Cookies\john@interstat[1].txtC:\Users\john\AppData\Roaming\Microsoft\Windows\Cookies\john@interstat[1].txt [ /interstat.eu ]
.pro-market.net [ C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T94N2G8M.DEFAULT-1414098093328\COOKIES.SQLITE ]
ww251.smartadserver.com [ C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T94N2G8M.DEFAULT-1414098093328\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T94N2G8M.DEFAULT-1414098093328\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T94N2G8M.DEFAULT-1414098093328\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T94N2G8M.DEFAULT-1414098093328\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T94N2G8M.DEFAULT-1414098093328\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T94N2G8M.DEFAULT-1414098093328\COOKIES.SQLITE ]
.mmotraffic.com [ C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T94N2G8M.DEFAULT-1414098093328\COOKIES.SQLITE ]
.mmotraffic.com [ C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T94N2G8M.DEFAULT-1414098093328\COOKIES.SQLITE ]
.mmotraffic.com [ C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T94N2G8M.DEFAULT-1414098093328\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T94N2G8M.DEFAULT-1414098093328\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T94N2G8M.DEFAULT-1414098093328\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T94N2G8M.DEFAULT-1414098093328\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T94N2G8M.DEFAULT-1414098093328\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T94N2G8M.DEFAULT-1414098093328\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T94N2G8M.DEFAULT-1414098093328\COOKIES.SQLITE ]
ad1.adfarm1.adition.com [ C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T94N2G8M.DEFAULT-1414098093328\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T94N2G8M.DEFAULT-1414098093328\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T94N2G8M.DEFAULT-1414098093328\COOKIES.SQLITE ]
.adtechus.com [ C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T94N2G8M.DEFAULT-1414098093328\COOKIES.SQLITE ]
.ad.adnet.de [ C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T94N2G8M.DEFAULT-1414098093328\COOKIES.SQLITE ]
tomtailor.dyntracker.com [ C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T94N2G8M.DEFAULT-1414098093328\COOKIES.SQLITE ]
.burstnet.com [ C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T94N2G8M.DEFAULT-1414098093328\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T94N2G8M.DEFAULT-1414098093328\COOKIES.SQLITE ]
ad3.adfarm1.adition.com [ C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T94N2G8M.DEFAULT-1414098093328\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T94N2G8M.DEFAULT-1414098093328\COOKIES.SQLITE ]
.at.atwola.com [ C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T94N2G8M.DEFAULT-1414098093328\COOKIES.SQLITE ]
.ru4.com [ C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T94N2G8M.DEFAULT-1414098093328\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T94N2G8M.DEFAULT-1414098093328\COOKIES.SQLITE ]
track.effiliation.com [ C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T94N2G8M.DEFAULT-1414098093328\COOKIES.SQLITE ]
track.effiliation.com [ C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T94N2G8M.DEFAULT-1414098093328\COOKIES.SQLITE ]
track.effiliation.com [ C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T94N2G8M.DEFAULT-1414098093328\COOKIES.SQLITE ]
track.effiliation.com [ C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T94N2G8M.DEFAULT-1414098093328\COOKIES.SQLITE ]
track.effiliation.com [ C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T94N2G8M.DEFAULT-1414098093328\COOKIES.SQLITE ]
track.effiliation.com [ C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T94N2G8M.DEFAULT-1414098093328\COOKIES.SQLITE ]
track.effiliation.com [ C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T94N2G8M.DEFAULT-1414098093328\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T94N2G8M.DEFAULT-1414098093328\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T94N2G8M.DEFAULT-1414098093328\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T94N2G8M.DEFAULT-1414098093328\COOKIES.SQLITE ]
ad3.adserver01.de [ C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T94N2G8M.DEFAULT-1414098093328\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T94N2G8M.DEFAULT-1414098093328\COOKIES.SQLITE ]
track.adform.net [ C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T94N2G8M.DEFAULT-1414098093328\COOKIES.SQLITE ]
track.adform.net [ C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T94N2G8M.DEFAULT-1414098093328\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T94N2G8M.DEFAULT-1414098093328\COOKIES.SQLITE ]
.ad.adnet.de [ C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T94N2G8M.DEFAULT-1414098093328\COOKIES.SQLITE ]
.ad.adnet.de [ C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T94N2G8M.DEFAULT-1414098093328\COOKIES.SQLITE ]
C:\USERS\JOHN\Cookies\john@revsci[2].txtC:\USERS\JOHN\Cookies\john@revsci[2].txt [ Cookie:john@revsci.net/ ]
.zanox.com [ C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T94N2G8M.DEFAULT-1414098093328\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T94N2G8M.DEFAULT-1414098093328\COOKIES.SQLITE ]
C:\USERS\JOHN\Cookies\john@coreclickhoo[1].txtC:\USERS\JOHN\Cookies\john@coreclickhoo[1].txt [ Cookie:john@coreclickhoo.com/ ]
ad4.adfarm1.adition.com [ C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T94N2G8M.DEFAULT-1414098093328\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T94N2G8M.DEFAULT-1414098093328\COOKIES.SQLITE ]
C:\USERS\JOHN\Cookies\john@server.adformdsp[1].txtC:\USERS\JOHN\Cookies\john@server.adformdsp[1].txt [ Cookie:john@server.adformdsp.net/ ]
server.adform.net [ C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T94N2G8M.DEFAULT-1414098093328\COOKIES.SQLITE ]
.adform.net [ C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T94N2G8M.DEFAULT-1414098093328\COOKIES.SQLITE ]
C:\USERS\JOHN\Cookies\john@interstat[1].txtC:\USERS\JOHN\Cookies\john@interstat[1].txt [ Cookie:john@interstat.eu/ ]
.tradedoubler.com [ C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T94N2G8M.DEFAULT-1414098093328\COOKIES.SQLITE ]
.tradedoubler.com [ C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T94N2G8M.DEFAULT-1414098093328\COOKIES.SQLITE ]
.tradedoubler.com [ C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T94N2G8M.DEFAULT-1414098093328\COOKIES.SQLITE ]
C:\USERS\JOHN\Cookies\john@advertising[2].txtC:\USERS\JOHN\Cookies\john@advertising[2].txt [ Cookie:john@advertising.com/ ]
.adfarm1.adition.com [ C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T94N2G8M.DEFAULT-1414098093328\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T94N2G8M.DEFAULT-1414098093328\COOKIES.SQLITE ]
C:\USERS\JOHN\Cookies\john@casalemedia[1].txtC:\USERS\JOHN\Cookies\john@casalemedia[1].txt [ Cookie:john@casalemedia.com/ ]
C:\USERS\JOHN\Cookies\john@ru4[1].txtC:\USERS\JOHN\Cookies\john@ru4[1].txt [ Cookie:john@ru4.com/ ]
.zedo.com [ C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T94N2G8M.DEFAULT-1414098093328\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T94N2G8M.DEFAULT-1414098093328\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T94N2G8M.DEFAULT-1414098093328\COOKIES.SQLITE ]
C:\USERS\JOHN\Cookies\john@imrworldwide[1].txtC:\USERS\JOHN\Cookies\john@imrworldwide[1].txt [ Cookie:john@imrworldwide.com/cgi-bin ]
.zedo.com [ C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T94N2G8M.DEFAULT-1414098093328\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T94N2G8M.DEFAULT-1414098093328\COOKIES.SQLITE ]
C:\USERS\JOHN\Cookies\john@tracking-stvde.adsafety[1].txtC:\USERS\JOHN\Cookies\john@tracking-stvde.adsafety[1].txt [ Cookie:john@tracking-stvde.adsafety.net/ ]
C:\USERS\JOHN\Cookies\john@ad.mlnadvertising[1].txtC:\USERS\JOHN\Cookies\john@ad.mlnadvertising[1].txt [ Cookie:john@ad.mlnadvertising.com/ ]
ad.zanox.com [ C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T94N2G8M.DEFAULT-1414098093328\COOKIES.SQLITE ]
C:\USERS\JOHN\Cookies\john@c1.adform[1].txtC:\USERS\JOHN\Cookies\john@c1.adform[1].txt [ Cookie:john@c1.adform.net/ ]
.serving-sys.com [ C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T94N2G8M.DEFAULT-1414098093328\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T94N2G8M.DEFAULT-1414098093328\COOKIES.SQLITE ]
C:\USERS\JOHN\Cookies\john@adform[2].txtC:\USERS\JOHN\Cookies\john@adform[2].txt [ Cookie:john@adform.net/ ]
C:\USERS\JOHN\Cookies\john@track.adform[2].txtC:\USERS\JOHN\Cookies\john@track.adform[2].txt [ Cookie:john@track.adform.net/ ]
C:\USERS\JOHN\Cookies\john@adformdsp[1].txtC:\USERS\JOHN\Cookies\john@adformdsp[1].txt [ Cookie:john@adformdsp.net/ ]
.casalemedia.com [ C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T94N2G8M.DEFAULT-1414098093328\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T94N2G8M.DEFAULT-1414098093328\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T94N2G8M.DEFAULT-1414098093328\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T94N2G8M.DEFAULT-1414098093328\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T94N2G8M.DEFAULT-1414098093328\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T94N2G8M.DEFAULT-1414098093328\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T94N2G8M.DEFAULT-1414098093328\COOKIES.SQLITE ]
ad2.adfarm1.adition.com [ C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T94N2G8M.DEFAULT-1414098093328\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T94N2G8M.DEFAULT-1414098093328\COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T94N2G8M.DEFAULT-1414098093328\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T94N2G8M.DEFAULT-1414098093328\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T94N2G8M.DEFAULT-1414098093328\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T94N2G8M.DEFAULT-1414098093328\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T94N2G8M.DEFAULT-1414098093328\COOKIES.SQLITE ]
adx.chip.de [ C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T94N2G8M.DEFAULT-1414098093328\COOKIES.SQLITE ]
adx.chip.de [ C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T94N2G8M.DEFAULT-1414098093328\COOKIES.SQLITE ]
.ad.mlnadvertising.com [ C:\USERS\JOHN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ C:\USERS\JOHN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\JOHN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\JOHN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\JOHN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\JOHN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\JOHN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\JOHN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
adx.chip.de [ C:\USERS\JOHN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
adx.chip.de [ C:\USERS\JOHN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adfarm1.adition.com [ C:\USERS\JOHN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ C:\USERS\JOHN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
bs.serving-sys.com [ C:\USERS\JOHN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tradedoubler.com [ C:\USERS\JOHN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\JOHN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zanox.com [ C:\USERS\JOHN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.zanox.com [ C:\USERS\JOHN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.usenext.de [ C:\USERS\JOHN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.webmasterplan.com [ C:\USERS\JOHN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.adform.net [ C:\USERS\JOHN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
bs.serving-sys.com [ C:\USERS\JOHN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\JOHN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
adx.chip.de [ C:\USERS\JOHN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.webmasterplan.com [ C:\USERS\JOHN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adfarm1.adition.com [ C:\USERS\JOHN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.adform.net [ C:\USERS\JOHN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adform.net [ C:\USERS\JOHN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.adform.net [ C:\USERS\JOHN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\JOHN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\JOHN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\JOHN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adfarm1.adition.com [ C:\USERS\JOHN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adfarm1.adition.com [ C:\USERS\JOHN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad2.adfarm1.adition.com [ C:\USERS\JOHN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adfarm1.adition.com [ C:\USERS\JOHN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zanox.com [ C:\USERS\JOHN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
adx.chip.de [ C:\USERS\JOHN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
adx.chip.de [ C:\USERS\JOHN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.zanox.com [ C:\USERS\JOHN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediaplex.com [ C:\USERS\JOHN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediaplex.com [ C:\USERS\JOHN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediaplex.com [ C:\USERS\JOHN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tradedoubler.com [ C:\USERS\JOHN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tradedoubler.com [ C:\USERS\JOHN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.webmasterplan.com [ C:\USERS\JOHN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.webmasterplan.com [ C:\USERS\JOHN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
Trojan.Agent/Gen-Dropper
C:\USERS\JOHN\DESKTOP\USB-STICK\FREELANCER_V1.1_MINI-ISO\CRCCHECK.EXE
============
End of Log
============
Geändert von loc (30.10.2014 um 01:26 Uhr) |
|
30.10.2014, 07:03
| #2 |
| /// the machine /// TB-Ausbilder    | Browser-Virus lässt sich nicht entfernen hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
30.10.2014, 14:51
| #3 |
| | Browser-Virus lässt sich nicht entfernen hier die Scans
__________________FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-10-2014 Ran by john (administrator) on JOHN-PC on 30-10-2014 08:06:17 Running from C:\Users\john\Desktop Loaded Profiles: john & UpdatusUser & (Available profiles: john & UpdatusUser) Platform: Windows 7 Enterprise Service Pack 1 (X64) OS Language: Englisch (USA) Internet Explorer Version 9 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe (Juniper Networks) C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe (pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Dropbox, Inc.) C:\Users\john\AppData\Roaming\Dropbox\bin\Dropbox.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [324096 2010-08-11] (Alcor Micro Corp.) HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [6806144 2010-06-24] (ASUS) HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-05-03] (ASUS) HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [281768 2011-03-04] (Avira GmbH) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-10-01] (Apple Inc.) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-763759145-3361092453-3005493021-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7767832 2014-10-01] (SUPERAntiSpyware) HKU\S-1-5-21-763759145-3361092453-3005493021-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7767832 2014-10-01] (SUPERAntiSpyware) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) Startup: C:\Users\john\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\john\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\john\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) Startup: C:\Users\john\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x263E71A4DD01CC01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKCU - {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms} BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: PDF Architect Helper -> {3A2D5EBA-F86D-4BD3-A177-019765996711} -> C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GmbH) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKCU - No Name - {A13C2648-91D4-4BF3-BC6D-0079707C4389} - No File DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF ProfilePath: C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\t94n2g8m.default-1414098093328 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Windows\SysWOW64\npdeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.) FF SearchPlugin: C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\t94n2g8m.default-1414098093328\searchplugins\google-images.xml FF SearchPlugin: C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\t94n2g8m.default-1414098093328\searchplugins\google-maps.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Cliqz Beta - C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\t94n2g8m.default-1414098093328\Extensions\cliqz@cliqz.com [2014-10-30] FF Extension: Adblock Plus Pop-up Addon - C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\t94n2g8m.default-1414098093328\Extensions\adblockpopups@jessehakanen.net.xpi [2014-10-29] FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-09-15] FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-09-15] FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-09-15] FF HKCU\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\t94n2g8m.default-1414098093328\extensions\cliqz@cliqz.com Chrome: ======= CHR Profile: C:\Users\john\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-23] CHR Extension: (No Name) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj [2012-06-11] CHR Extension: (No Name) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2012-06-11] CHR Extension: (Google Wallet) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-21] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-23] (SUPERAntiSpyware.com) S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [136360 2011-05-13] (Avira GmbH) S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [269480 2011-07-02] (Avira GmbH) R2 LMS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [262144 2009-09-30] (Intel Corporation) [File not signed] R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation) R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH) R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH) R2 UNS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2314240 2009-09-30] (Intel Corporation) [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2011-04-23] () R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [88288 2011-07-02] (Avira GmbH) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [123784 2011-07-02] (Avira GmbH) S3 cmnsusbser; C:\Windows\System32\DRIVERS\cmnsusbser.sys [117888 2011-06-11] (Mobile Connector) [File not signed] R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] () R3 FLxHCIh; C:\Windows\System32\DRIVERS\FLxHCIh.sys [81984 2010-10-28] (Fresco Logic) R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( ) R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2011-04-23] () R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-10-30] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation) R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com) S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.) S3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1806400 2009-06-05] () S4 sptd; C:\Windows\System32\Drivers\sptd.sys [513080 2011-04-23] (Duplex Secure Ltd.) S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed] S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-30 08:06 - 2014-10-30 08:06 - 00016153 _____ () C:\Users\john\Desktop\FRST.txt 2014-10-30 08:06 - 2014-10-30 08:06 - 00000000 ____D () C:\FRST 2014-10-30 08:04 - 2014-10-30 08:04 - 02113536 _____ (Farbar) C:\Users\john\Desktop\FRST64.exe 2014-10-30 01:43 - 2014-10-30 01:43 - 00560984 _____ () C:\Windows\Minidump\103014-28392-01.dmp 2014-10-30 01:17 - 2014-10-30 02:00 - 00000508 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 393ed3ec-65cd-4f04-af7c-9d0ff1463f3e.job 2014-10-30 01:17 - 2014-10-30 01:46 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware 2014-10-30 01:17 - 2014-10-30 01:44 - 00000508 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 53aae92c-16a9-4e88-b255-61639cc7764b.job 2014-10-30 01:17 - 2014-10-30 01:17 - 00003582 _____ () C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 393ed3ec-65cd-4f04-af7c-9d0ff1463f3e 2014-10-30 01:17 - 2014-10-30 01:17 - 00003508 _____ () C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 53aae92c-16a9-4e88-b255-61639cc7764b 2014-10-30 01:17 - 2014-10-30 01:17 - 00001812 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk 2014-10-30 01:17 - 2014-10-30 01:17 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com 2014-10-30 01:17 - 2014-10-30 01:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware 2014-10-30 01:15 - 2014-10-30 01:15 - 01125200 _____ () C:\Users\john\Downloads\SuperAntiSpyware - CHIP-Installer.exe 2014-10-30 00:55 - 2014-10-30 00:55 - 00002329 _____ () C:\Users\john\Desktop\malwarebytes Scan2.txt 2014-10-30 00:54 - 2014-10-30 00:54 - 00003528 _____ () C:\Users\john\Desktop\malwarebytes Scan.txt 2014-10-30 00:37 - 2014-10-30 00:37 - 00010484 _____ () C:\Users\john\Downloads\hijackthis.log 2014-10-30 00:36 - 2014-10-30 00:36 - 00388608 _____ (Trend Micro Inc.) C:\Users\john\Downloads\HijackThis.exe 2014-10-29 23:59 - 2014-10-30 00:01 - 00000000 ____D () C:\AdwCleaner 2014-10-29 23:59 - 2014-10-29 23:59 - 00003448 _____ () C:\Windows\System32\Tasks\WOT WWED1 2014-10-29 23:59 - 2014-10-29 23:59 - 00003448 _____ () C:\Windows\System32\Tasks\WOT WW2 2014-10-29 23:59 - 2014-10-29 23:59 - 00003448 _____ () C:\Windows\System32\Tasks\WOT WW1 2014-10-29 23:59 - 2014-10-29 23:59 - 00003448 _____ () C:\Windows\System32\Tasks\WOT WTUE1 2014-10-29 23:59 - 2014-10-29 23:59 - 00003448 _____ () C:\Windows\System32\Tasks\WOT WTHUR1 2014-10-29 23:59 - 2014-10-29 23:59 - 00003448 _____ () C:\Windows\System32\Tasks\WOT WMON1 2014-10-29 23:59 - 2014-10-29 23:59 - 00003448 _____ () C:\Windows\System32\Tasks\WOT WFRI1 2014-10-29 23:59 - 2014-10-29 23:59 - 00003448 _____ () C:\Windows\System32\Tasks\WOT W2 2014-10-29 23:59 - 2014-10-29 23:59 - 00003448 _____ () C:\Windows\System32\Tasks\WOT W1 2014-10-29 23:59 - 2014-10-29 23:59 - 00003448 _____ () C:\Windows\System32\Tasks\WOT T 2014-10-29 23:59 - 2014-10-29 23:59 - 00000000 ____D () C:\Users\john\AppData\Roaming\WorldofTanks 2014-10-29 23:59 - 2014-10-29 23:59 - 00000000 ____D () C:\Users\john\AppData\Local\WorldofTanks 2014-10-29 23:59 - 2014-10-29 23:58 - 01998336 _____ () C:\Users\john\Downloads\adwcleaner_4.002_CB-DL-Manager [1].exe 2014-10-29 23:57 - 2014-10-29 23:57 - 00847040 _____ ( ) C:\Users\john\Downloads\adwcleaner_4.002_CB-DL-Manager.exe 2014-10-29 23:22 - 2014-10-29 22:56 - 00024064 _____ () C:\Windows\zoek-delete.exe 2014-10-29 23:01 - 2014-10-29 23:23 - 00087985 _____ () C:\zoek-results.log 2014-10-29 22:56 - 2014-10-29 23:17 - 00000000 ____D () C:\zoek_backup 2014-10-29 22:54 - 2014-10-29 21:27 - 00883624 _____ (Oracle Corporation) C:\Windows\SysWOW64\npdeployJava1.dll 2014-10-29 22:54 - 2014-10-29 21:27 - 00806824 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll 2014-10-29 22:50 - 2014-10-29 22:50 - 01290752 _____ () C:\Users\john\Downloads\zoek.exe 2014-10-29 22:05 - 2014-10-29 22:05 - 00003124 _____ () C:\Windows\System32\Tasks\{70004B79-32FC-4327-B7C1-6C541EF975C0} 2014-10-29 21:27 - 2014-10-29 21:27 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-10-29 21:27 - 2014-10-29 21:27 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-10-29 00:04 - 2014-10-30 02:07 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-10-29 00:04 - 2014-10-29 00:04 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-10-29 00:04 - 2014-10-29 00:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-10-29 00:04 - 2014-10-29 00:04 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-10-29 00:04 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-10-29 00:04 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-10-29 00:04 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-10-29 00:03 - 2011-05-13 12:16 - 00493056 _____ ( datenhaus GmbH) C:\Windows\SysWOW64\dhRichClient3.dll 2014-10-29 00:03 - 2011-03-25 20:42 - 00338432 _____ () C:\Windows\SysWOW64\sqlite36_engine.dll 2014-10-28 23:59 - 2014-10-28 23:59 - 01125200 _____ () C:\Users\john\Downloads\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe 2014-10-28 23:11 - 2014-10-28 23:11 - 00001164 _____ () C:\Users\john\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-10-25 14:36 - 2014-10-25 14:36 - 00001163 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-10-25 14:36 - 2014-10-25 14:36 - 00001151 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-10-25 14:35 - 2014-10-25 14:35 - 36248896 _____ () C:\Users\john\Downloads\Firefox_Setup_33.0.1 (1).exe 2014-10-23 21:49 - 2014-10-23 21:49 - 00021976 _____ () C:\Windows\system32\Drivers\SPPD.sys 2014-10-23 21:26 - 2014-10-23 21:26 - 00003142 _____ () C:\Windows\System32\Tasks\{70F21E93-92DB-4FEF-8E49-198A5D232B7A} 2014-10-21 21:08 - 2014-10-28 23:12 - 00000000 ___HD () C:\Users\Public\Temp 2014-10-13 07:35 - 2014-10-21 21:06 - 00000000 ____D () C:\Users\john\Desktop\Katja ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-30 07:57 - 2012-06-08 12:38 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-10-30 07:57 - 2011-04-23 18:17 - 02047212 _____ () C:\Windows\WindowsUpdate.log 2014-10-30 01:57 - 2009-07-14 05:45 - 00019104 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-10-30 01:57 - 2009-07-14 05:45 - 00019104 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-10-30 01:52 - 2011-04-23 19:14 - 00652006 _____ () C:\Windows\system32\perfh007.dat 2014-10-30 01:52 - 2011-04-23 19:14 - 00129674 _____ () C:\Windows\system32\perfc007.dat 2014-10-30 01:52 - 2009-07-14 06:13 - 01498506 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-10-30 01:46 - 2013-02-26 21:05 - 00000000 ___RD () C:\Users\john\Dropbox 2014-10-30 01:46 - 2013-02-26 21:00 - 00000000 ____D () C:\Users\john\AppData\Roaming\Dropbox 2014-10-30 01:44 - 2014-05-18 18:29 - 00002362 _____ () C:\Windows\setupact.log 2014-10-30 01:44 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-10-30 01:43 - 2011-06-11 17:48 - 00000000 ____D () C:\Windows\Minidump 2014-10-30 00:37 - 2011-04-23 18:17 - 00000000 ____D () C:\Users\john\AppData\Local\VirtualStore 2014-10-30 00:02 - 2014-08-13 23:02 - 00964948 _____ () C:\Windows\PFRO.log 2014-10-29 23:15 - 2014-06-27 01:23 - 00000000 ____D () C:\Users\john\AppData\Local\CrashDumps 2014-10-29 23:14 - 2013-02-09 10:30 - 00000000 ____D () C:\Users\john\Documents\Outlook-Dateien 2014-10-29 22:55 - 2011-04-23 20:15 - 00000000 ____D () C:\Program Files (x86)\Java 2014-10-29 22:52 - 2012-12-16 10:40 - 00000000 ____D () C:\Program Files (x86)\CEWE COLOR 2014-10-29 22:10 - 2014-01-02 12:50 - 00000000 ____D () C:\Users\john\AppData\Roaming\DVDVideoSoft 2014-10-29 22:08 - 2011-04-26 18:47 - 00000000 ____D () C:\Users\john\Documents\Anno 1404 2014-10-29 22:08 - 2011-04-23 19:42 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-10-29 22:08 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2014-10-29 21:28 - 2014-04-30 21:01 - 00000000 ____D () C:\ProgramData\Oracle 2014-10-29 21:27 - 2014-08-08 07:20 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-10-29 21:27 - 2014-08-08 07:20 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-10-29 02:42 - 2013-01-10 22:57 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2014-10-29 00:39 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system 2014-10-29 00:04 - 2012-06-10 17:19 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-10-28 23:13 - 2011-06-13 13:44 - 00000000 ____D () C:\Program Files (x86)\Google 2014-10-25 14:37 - 2011-06-13 13:44 - 00000000 ____D () C:\Users\john\AppData\Local\Google 2014-10-25 14:36 - 2014-09-15 16:57 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-10-25 14:27 - 2012-12-22 23:17 - 00000000 ____D () C:\ProgramData\Norton 2014-10-23 21:46 - 2011-04-23 18:17 - 00001443 _____ () C:\Users\john\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-10-23 21:46 - 2011-04-23 18:17 - 00001409 _____ () C:\Users\john\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk 2014-10-23 21:33 - 2014-04-30 20:05 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-10-23 21:33 - 2014-04-30 20:05 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight 2014-10-14 23:36 - 2012-12-26 14:10 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Identity Safe 2014-10-10 22:38 - 2014-04-30 20:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2014-10-07 10:01 - 2013-02-26 21:05 - 00001017 _____ () C:\Users\john\Desktop\Dropbox.lnk 2014-10-07 10:01 - 2013-02-26 21:01 - 00000000 ____D () C:\Users\john\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox Some content of TEMP: ==================== C:\Users\john\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpjhrwx9.dll C:\Users\john\AppData\Local\Temp\Quarantine.exe C:\Users\john\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-10-23 23:01 ==================== End Of Log ============================ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-10-2014
Ran by john at 2014-10-30 08:08:40
Running from C:\Users\john\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: AntiVir Desktop (Disabled - Up to date) {090F9C29-64CE-6C6F-379C-5901B49A85B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AntiVir Desktop (Disabled - Up to date) {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
ACD/Labs Software in C:\ACDFREE12\ (HKLM-x32\...\ACDLabs in C__ACDFREE12_) (Version: v12.00, FREE - ACD/Labs)
Adobe Digital Editions 2.0 (HKLM-x32\...\Adobe Digital Editions 2.0) (Version: 2.0.1 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader (HKLM-x32\...\InstallShield_{878CADF7-5BD6-4A29-A6F4-AC51C0CE8068}) (Version: 1.8.17.26026 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.8.17.26026 - Alcor Micro Corp.) Hidden
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0005 - ASUS)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Cisco Systems VPN Client 5.0.07.0290 (HKLM\...\{467D5E81-8349-4892-9E81-C3674ED8E451}) (Version: 5.0.7 - Cisco Systems, Inc.)
Cliqz (HKLM-x32\...\{5A0C0737-6AFE-4DC6-A8B4-6DFE509ACD75}_is1) (Version: 0.5.22 - Cliqz.com)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.40.2.0131 - DT Soft Ltd)
Dropbox (HKCU\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)
Fresco Logic USB3.0 Host Controller (HKLM\...\{EA2EFBF6-7CFD-47A0-BECE-AFCB98428CFE}) (Version: 3.0.108.16 - Fresco Logic Inc.)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
iTunes (HKLM\...\{A535111D-95C8-487F-869E-CE4C239972D2}) (Version: 11.1.1.11 - Apple Inc.)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Juniper Networks Network Connect 7.1.0 (HKLM-x32\...\Juniper Network Connect 7.1.0) (Version: 7.1.0.19243 - Juniper Networks)
Juniper Networks, Inc. Setup Client (HKCU\...\Juniper_Setup_Client) (Version: 7.1.4.13103 - Juniper Networks, Inc.)
Juniper Networks, Inc. Setup Client Activex Control (HKLM-x32\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks, Inc.)
Malwarebytes Anti-Malware Version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 33.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 33.0.1 (x86 de)) (Version: 33.0.1 - Mozilla)
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5964 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation)
OpenOffice.org 3.3 (HKLM-x32\...\{4286716B-1287-48E7-9078-3DC8248DBA96}) (Version: 3.3.9567 - OpenOffice.org)
PDF Architect (HKLM-x32\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.2 - pdfforge)
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.21.531.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6225 - Realtek Semiconductor Corp.)
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.9.12585 - Skype Technologies S.A.)
Skype™ 6.6 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.6.106 - Skype Technologies S.A.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1158 - SUPERAntiSpyware.com)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.1.8.0 - Synaptics Incorporated)
USB 2.0 VGA UVC WebCam (HKLM\...\USB 2.0 VGA UVC WebCam) (Version: - )
VLC media player 1.1.9 (HKLM-x32\...\VLC media player) (Version: 1.1.9 - VideoLAN)
WIDCOMM Bluetooth Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.5.600 - Broadcom Corporation)
Winamp (HKLM-x32\...\Winamp) (Version: 5.61 - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Driver Package - Broadcom (BTHUSB) Bluetooth (02/25/2010 6.2.0.9419) (HKLM\...\85CE3A3657FAE5FD305B143E90E6FC89BA53001C) (Version: 02/25/2010 6.2.0.9419 - Broadcom)
Windows Driver Package - Broadcom Bluetooth (01/19/2010 6.2.0.1417) (HKLM\...\7341A1B43E7FE58942EB1E820A17C18305DFBCE6) (Version: 01/19/2010 6.2.0.1417 - Broadcom)
Windows Driver Package - Broadcom Bluetooth (07/29/2009 6.1.7100.0) (HKLM\...\2AA10AB519DC7432D599A0E860206A7DDCC27764) (Version: 07/29/2009 6.1.7100.0 - Broadcom)
Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405) (HKLM\...\6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1) (Version: 07/30/2009 6.2.0.9405 - Broadcom)
Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
WinRAR 4.00 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-763759145-3361092453-3005493021-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\john\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-763759145-3361092453-3005493021-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\john\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-763759145-3361092453-3005493021-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\john\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-763759145-3361092453-3005493021-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\john\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-763759145-3361092453-3005493021-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\john\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-763759145-3361092453-3005493021-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\john\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-763759145-3361092453-3005493021-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\john\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-763759145-3361092453-3005493021-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\john\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-763759145-3361092453-3005493021-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\john\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-763759145-3361092453-3005493021-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\john\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-763759145-3361092453-3005493021-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\john\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
==================== Restore Points =========================
09-10-2014 21:24:07 Scheduled Checkpoint
10-10-2014 21:35:20 Windows Update
23-10-2014 20:27:19 Removed Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
29-10-2014 20:26:42 Installed Java 7 Update 71
29-10-2014 21:07:16 Removed Ubisoft Game Launcher
29-10-2014 21:12:19 Removed Apple Application Support
29-10-2014 21:13:52 Removed Apple Mobile Device Support
29-10-2014 21:54:24 Removed Java(TM) 6 Update 37
29-10-2014 22:01:03 zoek.exe restore point
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2012-06-10 17:12 - 00000027 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {2820FA97-6D5F-4136-804E-5DBDD658DB8E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-27] (Adobe Systems Incorporated)
Task: {2A5ADDB4-BB87-43B4-9584-A26C6D1E27A5} - System32\Tasks\WOT WTUE1 => Firefox.exe hxxp://mmotraffic.com/catalog/goplay/1327/MTE3NjYvLy8xMzI3/
Task: {3038761C-4CFA-4B85-BADC-BF5CE1CC8037} - System32\Tasks\WOT W2 => Firefox.exe hxxp://mmotraffic.com/catalog/goplay/1327/MTE3NjYvLy8xMzI3/
Task: {7233C411-B21A-4C7A-A5F3-F2B0A74255C6} - System32\Tasks\WOT WWED1 => Firefox.exe hxxp://mmotraffic.com/catalog/goplay/1327/MTE3NjYvLy8xMzI3/
Task: {7B08A821-236A-4BCC-A5B1-2B0FDDA210D9} - System32\Tasks\WOT WW1 => Firefox.exe hxxp://mmotraffic.com/catalog/goplay/1327/MTE3NjYvLy8xMzI3/
Task: {81EC4BE1-6B06-4A00-9424-8833739267D2} - System32\Tasks\WOT WMON1 => Firefox.exe hxxp://mmotraffic.com/catalog/goplay/1327/MTE3NjYvLy8xMzI3/
Task: {8930C265-2D84-4887-A602-33DB252A7BA5} - System32\Tasks\WOT WFRI1 => Firefox.exe hxxp://mmotraffic.com/catalog/goplay/1327/MTE3NjYvLy8xMzI3/
Task: {8B3C0CE2-9811-437F-8582-937C86BF24FA} - System32\Tasks\SUPERAntiSpyware Scheduled Task 53aae92c-16a9-4e88-b255-61639cc7764b => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {8EB104E8-8EC4-45B5-9F89-2FEDD6B43190} - System32\Tasks\WOT WW2 => Firefox.exe hxxp://mmotraffic.com/catalog/goplay/1327/MTE3NjYvLy8xMzI3/
Task: {99E16E98-06E7-4CDE-8096-C5054A9426B4} - System32\Tasks\ASUS Patch 10430001 => C:\Windows\AsPatch10430001.exe
Task: {9BE8FCC5-A8D8-4ACC-B630-DDB30C36D083} - System32\Tasks\{CAF2DEE2-0D38-4BCB-A058-1EE03E98ECEE} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2013-06-21] (Skype Technologies S.A.)
Task: {E077EDD8-B0D6-4663-9B3B-DE4138EB6753} - System32\Tasks\SUPERAntiSpyware Scheduled Task 393ed3ec-65cd-4f04-af7c-9d0ff1463f3e => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {E43D64A0-B1F3-497F-BF9D-742DEE305B9F} - System32\Tasks\WOT WTHUR1 => Firefox.exe hxxp://mmotraffic.com/catalog/goplay/1327/MTE3NjYvLy8xMzI3/
Task: {E5BB72B8-BCE1-4466-A4C7-ABA5D7EFF917} - System32\Tasks\WOT W1 => Firefox.exe hxxp://mmotraffic.com/catalog/goplay/1327/MTE3NjYvLy8xMzI3/
Task: {EB02381F-D652-4B1C-894A-712498C62C51} - \Microsoft\Windows\MUI\LPRemove No Task File <==== ATTENTION
Task: {ED7B1CAF-D4E0-48EB-A22A-EEF8F82D0137} - System32\Tasks\WOT T => Firefox.exe hxxp://mmotraffic.com/catalog/goplay/1327/MTE3NjYvLy8xMzI3/
Task: {EF88BF68-D9C0-42F2-8A77-C52B60578D5E} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\SymErr.exe
Task: {FA1245EF-7B8F-40B3-83B1-5F12A1316D91} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\SymErr.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 393ed3ec-65cd-4f04-af7c-9d0ff1463f3e.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 53aae92c-16a9-4e88-b255-61639cc7764b.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
==================== Loaded Modules (whitelisted) =============
2010-01-30 01:40 - 2010-01-30 01:40 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-03-11 19:14 - 2010-03-11 19:14 - 00173344 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
2011-04-23 20:04 - 2011-03-02 11:40 - 00164864 _____ () C:\Program Files\WinRAR\rarext.dll
2010-03-23 12:26 - 2010-03-23 12:26 - 00201512 _____ () C:\Program Files (x86)\Cisco Systems\VPN Client\vpnapi.dll
2010-01-30 01:41 - 2010-01-30 01:41 - 04254560 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2014-10-30 01:46 - 2014-10-30 01:46 - 00043008 _____ () c:\users\john\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpjhrwx9.dll
2013-08-23 20:01 - 2013-08-23 20:01 - 25100288 _____ () C:\Users\john\AppData\Roaming\Dropbox\bin\libcef.dll
2011-01-17 15:19 - 2011-04-23 20:16 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
2014-10-25 14:36 - 2014-10-24 08:00 - 03649648 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^Users^john^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk => C:\Windows\pss\OpenOffice.org 3.3.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SynAsusAcpi => %ProgramFiles%\Synaptics\SynTP\SynAsusAcpi.exe
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
========================= Accounts: ==========================
Administrator (S-1-5-21-763759145-3361092453-3005493021-500 - Administrator - Disabled)
Guest (S-1-5-21-763759145-3361092453-3005493021-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-763759145-3361092453-3005493021-1003 - Limited - Enabled)
john (S-1-5-21-763759145-3361092453-3005493021-1000 - Administrator - Enabled) => C:\Users\john
UpdatusUser (S-1-5-21-763759145-3361092453-3005493021-1001 - Limited - Enabled) => C:\Users\UpdatusUser
==================== Faulty Device Manager Devices =============
Name: BT-270
Description: BT-270
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Broadcom
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Cisco Systems VPN Adapter for 64-bit Windows
Description: Cisco Systems VPN Adapter for 64-bit Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (10/30/2014 02:24:32 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15553
Error: (10/30/2014 02:24:32 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15553
Error: (10/30/2014 02:24:32 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (10/30/2014 01:45:45 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/30/2014 01:44:57 AM) (Source: Avira AntiVir) (EventID: 4122) (User: NT AUTHORITY)
Description: Die Datei AVPREF.DLL konnte nicht geladen werden.
Fehlercode: 0x45a
Error: (10/30/2014 00:02:51 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/30/2014 00:02:39 AM) (Source: Avira AntiVir) (EventID: 4122) (User: NT AUTHORITY)
Description: Die Datei AVPREF.DLL konnte nicht geladen werden.
Fehlercode: 0x45a
Error: (10/29/2014 11:23:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/29/2014 11:23:14 PM) (Source: Avira AntiVir) (EventID: 4122) (User: NT AUTHORITY)
Description: Die Datei AVPREF.DLL konnte nicht geladen werden.
Fehlercode: 0x45a
Error: (10/29/2014 11:15:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 33.0.1.5409, Zeitstempel: 0x5449f51c
Name des fehlerhaften Moduls: mozalloc.dll, Version: 33.0.1.5409, Zeitstempel: 0x5449d001
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001425
ID des fehlerhaften Prozesses: 0x1020
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
System errors:
=============
Error: (10/30/2014 07:57:40 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst ShellHWDetection erreicht.
Error: (10/30/2014 07:57:40 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst HomeGroupListener erreicht.
Error: (10/30/2014 07:57:40 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "DNS Client" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (10/30/2014 07:57:40 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst DNS Client erreicht.
Error: (10/30/2014 07:57:10 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Wlansvc erreicht.
Error: (10/30/2014 07:56:30 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "DNS Client" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (10/30/2014 07:56:30 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst DNS Client erreicht.
Error: (10/30/2014 01:45:03 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error: (10/30/2014 01:44:08 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Network List Service" ist vom Dienst "Network Location Awareness" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (10/30/2014 01:44:08 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Network List Service" ist vom Dienst "Network Location Awareness" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Microsoft Office Sessions:
=========================
Error: (10/30/2014 02:24:32 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15553
Error: (10/30/2014 02:24:32 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15553
Error: (10/30/2014 02:24:32 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (10/30/2014 01:45:45 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/30/2014 01:44:57 AM) (Source: Avira AntiVir) (EventID: 4122) (User: NT AUTHORITY)
Description: AVPREF.DLL0x45a
Error: (10/30/2014 00:02:51 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/30/2014 00:02:39 AM) (Source: Avira AntiVir) (EventID: 4122) (User: NT AUTHORITY)
Description: AVPREF.DLL0x45a
Error: (10/29/2014 11:23:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/29/2014 11:23:14 PM) (Source: Avira AntiVir) (EventID: 4122) (User: NT AUTHORITY)
Description: AVPREF.DLL0x45a
Error: (10/29/2014 11:15:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe33.0.1.54095449f51cmozalloc.dll33.0.1.54095449d0018000000300001425102001cff3c36c3f9f6aC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll1bbf41bc-5fb9-11e4-846d-14dae90d7044
CodeIntegrity Errors:
===================================
Date: 2012-06-10 18:11:33.838
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2012-06-10 18:11:33.822
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2012-06-07 20:27:13.721
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2012-06-07 20:27:13.721
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5 CPU M 480 @ 2.67GHz
Percentage of memory in use: 50%
Total physical RAM: 3884.29 MB
Available physical RAM: 1930.21 MB
Total Pagefile: 7766.77 MB
Available Pagefile: 5637.68 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
==================== Drives ================================
Drive c: (win7) (Fixed) (Total:74.52 GB) (Free:18.12 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (data) (Fixed) (Total:202.08 GB) (Free:155.75 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: E0C5913D)
Partition 1: (Not Active) - (Size=21.5 GB) - (Type=1C)
Partition 2: (Active) - (Size=74.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=202.1 GB) - (Type=OF Extended)
==================== End Of Log ============================
|
|
31.10.2014, 10:00
| #4 |
| /// the machine /// TB-Ausbilder | Browser-Virus lässt sich nicht entfernen In welchem Browser?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
31.10.2014, 17:43
| #5 |
| | Browser-Virus lässt sich nicht entfernen hatte die Werbung sowohl in Mozilla als auch in Chrome, nutze jedoch eigentlich nur Mozilla, und Chrome habe ich deinstalliert und nicht wieder neu installiert gruß sven |
|
01.11.2014, 12:24
| #6 |
| /// the machine /// TB-Ausbilder | Browser-Virus lässt sich nicht entfernen Revo Uninstaller - Download - Filepony damit Firefox deinstallieren, keine Daten behalten, Reste entfernen lassen, neu installieren. Dann: https://support.mozilla.org/de/kb/fi...einfach-loesen Frisches FRST log bitte.
__________________ --> Browser-Virus lässt sich nicht entfernen |
|
03.11.2014, 01:03
| #7 |
| | Browser-Virus lässt sich nicht entfernen hier die neuen frst logs gruß sven FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-11-2014 Ran by john (administrator) on JOHN-PC on 03-11-2014 00:56:35 Running from C:\Users\john\Desktop Loaded Profiles: john & UpdatusUser (Available profiles: john & UpdatusUser) Platform: Windows 7 Enterprise Service Pack 1 (X64) OS Language: Englisch (USA) Internet Explorer Version 9 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe (Juniper Networks) C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe (pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe () C:\Windows\rcore.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Dropbox, Inc.) C:\Users\john\AppData\Roaming\Dropbox\bin\Dropbox.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [324096 2010-08-11] (Alcor Micro Corp.) HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [6806144 2010-06-24] (ASUS) HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-05-03] (ASUS) HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [281768 2011-03-04] (Avira GmbH) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-10-01] (Apple Inc.) HKLM-x32\...\Run: [mbot_de_222] => "C:\Program Files (x86)\mbot_de_222\mbot_de_222.exe" Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-763759145-3361092453-3005493021-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7767832 2014-10-01] (SUPERAntiSpyware) HKU\S-1-5-21-763759145-3361092453-3005493021-1000\...\Run: [BRS] => C:\Program Files (x86)\WSE_Astromenda\BRS\brs.exe -runBRS HKU\S-1-5-21-763759145-3361092453-3005493021-1000\...\Run: [Gameo] => C:\Users\john\AppData\Roaming\Gameo\gameo.exe "C:\Users\john\AppData\Roaming\Gameo\gameo.dat" mode:minimized Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) Startup: C:\Users\john\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\john\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\john\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) Startup: C:\Users\john\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1414831980&from=tugs&uid=WDCXWD3200BEVT-80A0RT1_WD-WXR1EA0CCLY5CCLY5&q={searchTerms} HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://astromenda.com/?f=1&a=ast_ggfc_14_44_ff&cd=2XzuyEtN2Y1L1QzuyE0EyD0DyCtDzy0A0BtByB0B0DyB0B0BtN0D0Tzu0StCtDtAyCtN1L2XzutAtFyDtFtCtFyEtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyCtD0A0EtC0CyE0FtGtBtCtDyBtG0F0EyCyBtGyEzz0A0FtGyD0FyDtAtAyE0DyD0C0BtB0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0D0DtDyEtB0CyCtGzyzzyCtBtGyE0ByEzytG0AtCtC0AtGtAtByD0AtAyDtDtA0C0BtB0E2Q&cr=129159965&ir= HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x263E71A4DD01CC01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://isearch.omiga-plus.com/?type=hp&ts=1414831980&from=tugs&uid=WDCXWD3200BEVT-80A0RT1_WD-WXR1EA0CCLY5CCLY5 HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1414831980&from=tugs&uid=WDCXWD3200BEVT-80A0RT1_WD-WXR1EA0CCLY5CCLY5&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://isearch.omiga-plus.com/?type=hp&ts=1414831980&from=tugs&uid=WDCXWD3200BEVT-80A0RT1_WD-WXR1EA0CCLY5CCLY5 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://isearch.omiga-plus.com/?type=hp&ts=1414831980&from=tugs&uid=WDCXWD3200BEVT-80A0RT1_WD-WXR1EA0CCLY5CCLY5 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1414831980&from=tugs&uid=WDCXWD3200BEVT-80A0RT1_WD-WXR1EA0CCLY5CCLY5&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://isearch.omiga-plus.com/?type=hp&ts=1414831980&from=tugs&uid=WDCXWD3200BEVT-80A0RT1_WD-WXR1EA0CCLY5CCLY5 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://isearch.omiga-plus.com/?type=hp&ts=1414831980&from=tugs&uid=WDCXWD3200BEVT-80A0RT1_WD-WXR1EA0CCLY5CCLY5 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1414831980&from=tugs&uid=WDCXWD3200BEVT-80A0RT1_WD-WXR1EA0CCLY5CCLY5&q={searchTerms} HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-763759145-3361092453-3005493021-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_ggfc_14_44_ff&cd=2XzuyEtN2Y1L1QzuyE0EyD0DyCtDzy0A0BtByB0B0DyB0B0BtN0D0Tzu0StCtDtAyCtN1L2XzutAtFyDtFtCtFyEtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyCtD0A0EtC0CyE0FtGtBtCtDyBtG0F0EyCyBtGyEzz0A0FtGyD0FyDtAtAyE0DyD0C0BtB0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0D0DtDyEtB0CyCtGzyzzyCtBtGyE0ByEzytG0AtCtC0AtGtAtByD0AtAyDtDtA0C0BtB0E2Q&cr=129159965&ir= SearchScopes: HKLM - {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_ggfc_14_44_ff&cd=2XzuyEtN2Y1L1QzuyE0EyD0DyCtDzy0A0BtByB0B0DyB0B0BtN0D0Tzu0StCtDtAyCtN1L2XzutAtFyDtFtCtFyEtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StD0FtB0AtCyBtD0CtGyEtDtA0AtG0D0D0ByCtG0D0F0A0CtGyDtAyBzztDtAtD0A0C0BtB0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0D0DtDyEtB0CyCtGzyzzyCtBtGyE0ByEzytG0AtCtC0AtGtAtByD0AtAyDtDtA0C0BtB0E2Q&cr=896564037&ir= SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_ggfc_14_44_ff&cd=2XzuyEtN2Y1L1QzuyE0EyD0DyCtDzy0A0BtByB0B0DyB0B0BtN0D0Tzu0StCtDtAyCtN1L2XzutAtFyDtFtCtFyEtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyCtD0A0EtC0CyE0FtGtBtCtDyBtG0F0EyCyBtGyEzz0A0FtGyD0FyDtAtAyE0DyD0C0BtB0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0D0DtDyEtB0CyCtGzyzzyCtBtGyE0ByEzytG0AtCtC0AtGtAtByD0AtAyDtDtA0C0BtB0E2Q&cr=129159965&ir= SearchScopes: HKCU - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_ggfc_14_44_ff&cd=2XzuyEtN2Y1L1QzuyE0EyD0DyCtDzy0A0BtByB0B0DyB0B0BtN0D0Tzu0StCtDtAyCtN1L2XzutAtFyDtFtCtFyEtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyCtD0A0EtC0CyE0FtGtBtCtDyBtG0F0EyCyBtGyEzz0A0FtGyD0FyDtAtAyE0DyD0C0BtB0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0D0DtDyEtB0CyCtGzyzzyCtBtGyE0ByEzytG0AtCtC0AtGtAtByD0AtAyDtDtA0C0BtB0E2Q&cr=129159965&ir= SearchScopes: HKCU - {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms} SearchScopes: HKCU - {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_ggfc_14_44_ff&cd=2XzuyEtN2Y1L1QzuyE0EyD0DyCtDzy0A0BtByB0B0DyB0B0BtN0D0Tzu0StCtDtAyCtN1L2XzutAtFyDtFtCtFyEtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StD0FtB0AtCyBtD0CtGyEtDtA0AtG0D0D0ByCtG0D0F0A0CtGyDtAyBzztDtAtD0A0C0BtB0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0D0DtDyEtB0CyCtGzyzzyCtBtGyE0ByEzytG0AtCtC0AtGtAtByD0AtAyDtDtA0C0BtB0E2Q&cr=896564037&ir= SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_ggfc_14_44_ff&cd=2XzuyEtN2Y1L1QzuyE0EyD0DyCtDzy0A0BtByB0B0DyB0B0BtN0D0Tzu0StCtDtAyCtN1L2XzutAtFyDtFtCtFyEtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyCtD0A0EtC0CyE0FtGtBtCtDyBtG0F0EyCyBtGyEzz0A0FtGyD0FyDtAtAyE0DyD0C0BtB0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0D0DtDyEtB0CyCtGzyzzyCtBtGyE0ByEzytG0AtCtC0AtGtAtByD0AtAyDtDtA0C0BtB0E2Q&cr=129159965&ir= BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: PDF Architect Helper -> {3A2D5EBA-F86D-4BD3-A177-019765996711} -> C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GmbH) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKCU - No Name - {A13C2648-91D4-4BF3-BC6D-0079707C4389} - No File DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF ProfilePath: C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\t94n2g8m.default-1414098093328 FF NewTab: chrome://quick_start/content/index.html FF DefaultSearchEngine: Astromenda FF SelectedSearchEngine: Astromenda FF Homepage: hxxp://astromenda.com/?f=1&a=ast_ggfc_14_44_ff&cd=2XzuyEtN2Y1L1QzuyE0EyD0DyCtDzy0A0BtByB0B0DyB0B0BtN0D0Tzu0StCtDtAyCtN1L2XzutAtFyDtFtCtFyEtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyCtD0A0EtC0CyE0FtGtBtCtDyBtG0F0EyCyBtGyEzz0A0FtGyD0FyDtAtAyE0DyD0C0BtB0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0D0DtDyEtB0CyCtGzyzzyCtBtGyE0ByEzytG0AtCtC0AtGtAtByD0AtAyDtDtA0C0BtB0E2Q&cr=129159965&ir= FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Windows\SysWOW64\npdeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF user.js: detected! => C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\t94n2g8m.default-1414098093328\user.js FF SearchPlugin: C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\t94n2g8m.default-1414098093328\searchplugins\Astromenda.xml FF SearchPlugin: C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\t94n2g8m.default-1414098093328\searchplugins\google-images.xml FF SearchPlugin: C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\t94n2g8m.default-1414098093328\searchplugins\google-maps.xml FF Extension: Fast Start - C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\t94n2g8m.default-1414098093328\Extensions\faststartff@gmail.com [2014-11-01] FF Extension: Astrmenda Search - C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\t94n2g8m.default-1414098093328\Extensions\{8dc5c42e-9204-2a64-8b97-fa94ff8a241f} [2014-11-02] FF Extension: DownloadHelper - C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\t94n2g8m.default-1414098093328\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-11-01] FF Extension: Adblock Plus Pop-up Addon - C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\t94n2g8m.default-1414098093328\Extensions\adblockpopups@jessehakanen.net.xpi [2014-10-29] FF Extension: Astro New Tab - C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\t94n2g8m.default-1414098093328\Extensions\{f2548724-373f-45fe-be6a-3a85e87b7711}.xpi [2014-11-02] FF HKLM-x32\...\Firefox\Extensions: [{6e7f6f9f-8ce6-4611-add2-05f0f7049ee6}] - C:\Program Files (x86)\Mozilla Firefox\extensions\{6e7f6f9f-8ce6-4611-add2-05f0f7049ee6} FF HKLM-x32\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\t94n2g8m.default-1414098093328\extensions\faststartff@gmail.com FF HKLM-x32\...\Firefox\Extensions: [termtutor@termtutor.com] - C:\Program Files (x86)\Mozilla Firefox\extensions\termtutor@termtutor.com FF HKCU\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\t94n2g8m.default-1414098093328\extensions\cliqz@cliqz.com FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\{6e7f6f9f-8ce6-4611-add2-05f0f7049ee6} [Not Found] FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found] FF Extension: No Name - {6e7f6f9f-8ce6-4611-add2-05f0f7049ee6} [Not Found] Chrome: ======= CHR Profile: C:\Users\john\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-23] CHR Extension: (No Name) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj [2012-06-11] CHR Extension: (No Name) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2012-06-11] CHR Extension: (Google Wallet) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-21] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-23] (SUPERAntiSpyware.com) S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [136360 2011-05-13] (Avira GmbH) S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [269480 2011-07-02] (Avira GmbH) R2 LMS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [262144 2009-09-30] (Intel Corporation) [File not signed] R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation) R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH) R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH) R2 rcores; C:\Windows\rcore.exe [4959744 2014-11-01] () [File not signed] R2 UNS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2314240 2009-09-30] (Intel Corporation) [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2011-04-23] () R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [88288 2011-07-02] (Avira GmbH) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [123784 2011-07-02] (Avira GmbH) S3 cmnsusbser; C:\Windows\System32\DRIVERS\cmnsusbser.sys [117888 2011-06-11] (Mobile Connector) [File not signed] R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] () R3 FLxHCIh; C:\Windows\System32\DRIVERS\FLxHCIh.sys [81984 2010-10-28] (Fresco Logic) R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( ) R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2011-04-23] () R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-03] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation) R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com) S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.) S3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1806400 2009-06-05] () S4 sptd; C:\Windows\System32\Drivers\sptd.sys [513080 2011-04-23] (Duplex Secure Ltd.) S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed] S3 catchme; \??\C:\ComboFix\catchme.sys [X] S1 ttnfd; system32\drivers\ttnfd.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-03 00:56 - 2014-11-03 00:56 - 00022703 _____ () C:\Users\john\Desktop\FRST.txt 2014-11-03 00:56 - 2014-11-03 00:56 - 00000000 ____D () C:\Users\john\Desktop\FRST-OlderVersion 2014-11-03 00:48 - 2014-11-03 00:48 - 00000000 ____D () C:\Users\john\AppData\Local\node-webkit 2014-11-02 11:24 - 2014-11-02 11:24 - 00000000 ____D () C:\ProgramData\374311380 2014-11-02 11:09 - 2014-11-02 11:09 - 00001268 _____ () C:\Users\john\Desktop\Revo Uninstaller.lnk 2014-11-02 11:09 - 2014-11-02 11:09 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2014-11-02 11:07 - 2014-11-02 11:07 - 01125200 _____ () C:\Users\john\Downloads\Revo Uninstaller - CHIP-Installer.exe 2014-11-02 11:02 - 2014-11-03 00:51 - 00000000 ____D () C:\Users\john\AppData\Roaming\Gameo 2014-11-02 11:02 - 2014-11-03 00:51 - 00000000 ____D () C:\Users\john\AppData\Local\Gameo 2014-11-02 11:02 - 2014-11-02 11:02 - 00000170 _____ () C:\Users\john\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Play Games Online.url 2014-11-02 11:02 - 2014-11-02 11:02 - 00000000 ___HD () C:\Users\john\AppData\Roaming\GoldenGate 2014-11-02 11:01 - 2014-11-03 00:35 - 00000000 ____D () C:\Users\john\AppData\Roaming\1H1Q1V1N1N1O1R 2014-11-02 11:01 - 2014-11-03 00:33 - 00000288 _____ () C:\Windows\Tasks\Digital Sites.job 2014-11-02 11:01 - 2014-11-02 11:02 - 00003224 _____ () C:\Windows\System32\Tasks\Digital Sites 2014-11-02 11:01 - 2014-11-02 11:01 - 00000000 ____D () C:\Users\john\AppData\Roaming\DigitalSites 2014-11-02 01:41 - 2014-11-03 00:34 - 00000000 ____D () C:\Program Files (x86)\WSE_Astromenda 2014-11-02 01:41 - 2014-11-03 00:33 - 00000288 _____ () C:\Windows\Tasks\WSE_Astromenda.job 2014-11-02 01:39 - 2014-11-02 01:39 - 00812904 _____ ( ) C:\Users\john\Downloads\FileOpenerSetup.exe 2014-11-01 09:59 - 2014-11-02 01:54 - 00000000 ____D () C:\SUPERDelete 2014-11-01 09:58 - 2014-11-01 09:58 - 00003242 _____ () C:\Windows\System32\Tasks\Super Optimizer Schedule 2014-11-01 09:55 - 2014-11-01 09:55 - 00000000 ____D () C:\Users\john\AppData\Roaming\VOPackage 2014-11-01 09:54 - 2014-11-01 09:58 - 00000000 ____D () C:\Program Files (x86)\SupTab 2014-11-01 09:53 - 2014-11-01 10:07 - 00000000 ____D () C:\Program Files (x86)\mbot_de_222 2014-11-01 09:53 - 2014-11-01 09:53 - 00004022 _____ () C:\Windows\System32\Tasks\LaunchSignup 2014-11-01 09:53 - 2014-11-01 09:53 - 00000000 ____D () C:\Users\john\AppData\Local\mbot_de_222 2014-11-01 09:53 - 2014-11-01 08:52 - 04959744 _____ () C:\Windows\rcore.exe 2014-11-01 09:52 - 2014-11-02 01:50 - 00000000 ____D () C:\Program Files (x86)\WordProser_1.10.0.1 2014-11-01 09:52 - 2014-11-01 09:52 - 00000000 ____D () C:\Users\john\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\InetStat 2014-11-01 09:52 - 2014-11-01 09:52 - 00000000 ____D () C:\Users\john\AppData\Roaming\InetStat 2014-11-01 09:52 - 2014-11-01 09:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InetStat 2014-10-30 08:06 - 2014-11-03 00:56 - 00000000 ____D () C:\FRST 2014-10-30 08:04 - 2014-11-03 00:56 - 02114560 _____ (Farbar) C:\Users\john\Desktop\FRST64.exe 2014-10-30 01:43 - 2014-10-30 01:43 - 00560984 _____ () C:\Windows\Minidump\103014-28392-01.dmp 2014-10-30 01:17 - 2014-11-03 00:52 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware 2014-10-30 01:17 - 2014-11-03 00:51 - 00000508 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 53aae92c-16a9-4e88-b255-61639cc7764b.job 2014-10-30 01:17 - 2014-11-02 02:00 - 00000508 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 393ed3ec-65cd-4f04-af7c-9d0ff1463f3e.job 2014-10-30 01:17 - 2014-10-30 01:17 - 00003582 _____ () C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 393ed3ec-65cd-4f04-af7c-9d0ff1463f3e 2014-10-30 01:17 - 2014-10-30 01:17 - 00003508 _____ () C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 53aae92c-16a9-4e88-b255-61639cc7764b 2014-10-30 01:17 - 2014-10-30 01:17 - 00001812 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk 2014-10-30 01:17 - 2014-10-30 01:17 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com 2014-10-30 01:17 - 2014-10-30 01:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware 2014-10-30 01:15 - 2014-10-30 01:15 - 01125200 _____ () C:\Users\john\Downloads\SuperAntiSpyware - CHIP-Installer.exe 2014-10-30 00:55 - 2014-10-30 00:55 - 00002329 _____ () C:\Users\john\Desktop\malwarebytes Scan2.txt 2014-10-30 00:54 - 2014-10-30 00:54 - 00003528 _____ () C:\Users\john\Desktop\malwarebytes Scan.txt 2014-10-30 00:37 - 2014-10-30 00:37 - 00010484 _____ () C:\Users\john\Downloads\hijackthis.log 2014-10-30 00:36 - 2014-10-30 00:36 - 00388608 _____ (Trend Micro Inc.) C:\Users\john\Downloads\HijackThis.exe 2014-10-29 23:59 - 2014-10-30 00:01 - 00000000 ____D () C:\AdwCleaner 2014-10-29 23:59 - 2014-10-29 23:59 - 00003448 _____ () C:\Windows\System32\Tasks\WOT WWED1 2014-10-29 23:59 - 2014-10-29 23:59 - 00003448 _____ () C:\Windows\System32\Tasks\WOT WW2 2014-10-29 23:59 - 2014-10-29 23:59 - 00003448 _____ () C:\Windows\System32\Tasks\WOT WW1 2014-10-29 23:59 - 2014-10-29 23:59 - 00003448 _____ () C:\Windows\System32\Tasks\WOT WTUE1 2014-10-29 23:59 - 2014-10-29 23:59 - 00003448 _____ () C:\Windows\System32\Tasks\WOT WTHUR1 2014-10-29 23:59 - 2014-10-29 23:59 - 00003448 _____ () C:\Windows\System32\Tasks\WOT WMON1 2014-10-29 23:59 - 2014-10-29 23:59 - 00003448 _____ () C:\Windows\System32\Tasks\WOT WFRI1 2014-10-29 23:59 - 2014-10-29 23:59 - 00000000 ____D () C:\Users\john\AppData\Roaming\WorldofTanks 2014-10-29 23:59 - 2014-10-29 23:59 - 00000000 ____D () C:\Users\john\AppData\Local\WorldofTanks 2014-10-29 23:59 - 2014-10-29 23:58 - 01998336 _____ () C:\Users\john\Downloads\adwcleaner_4.002_CB-DL-Manager [1].exe 2014-10-29 23:57 - 2014-10-29 23:57 - 00847040 _____ ( ) C:\Users\john\Downloads\adwcleaner_4.002_CB-DL-Manager.exe 2014-10-29 23:22 - 2014-10-29 22:56 - 00024064 _____ () C:\Windows\zoek-delete.exe 2014-10-29 23:01 - 2014-10-29 23:23 - 00087985 _____ () C:\zoek-results.log 2014-10-29 22:56 - 2014-10-29 23:17 - 00000000 ____D () C:\zoek_backup 2014-10-29 22:54 - 2014-10-29 21:27 - 00883624 _____ (Oracle Corporation) C:\Windows\SysWOW64\npdeployJava1.dll 2014-10-29 22:54 - 2014-10-29 21:27 - 00806824 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll 2014-10-29 22:50 - 2014-10-29 22:50 - 01290752 _____ () C:\Users\john\Downloads\zoek.exe 2014-10-29 22:05 - 2014-10-29 22:05 - 00003124 _____ () C:\Windows\System32\Tasks\{70004B79-32FC-4327-B7C1-6C541EF975C0} 2014-10-29 21:27 - 2014-10-29 21:27 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-10-29 21:27 - 2014-10-29 21:27 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-10-29 00:04 - 2014-11-03 00:56 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-10-29 00:04 - 2014-10-29 00:04 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-10-29 00:04 - 2014-10-29 00:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-10-29 00:04 - 2014-10-29 00:04 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-10-29 00:04 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-10-29 00:04 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-10-29 00:04 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-10-29 00:03 - 2011-05-13 12:16 - 00493056 _____ ( datenhaus GmbH) C:\Windows\SysWOW64\dhRichClient3.dll 2014-10-29 00:03 - 2011-03-25 20:42 - 00338432 _____ () C:\Windows\SysWOW64\sqlite36_engine.dll 2014-10-28 23:59 - 2014-10-28 23:59 - 01125200 _____ () C:\Users\john\Downloads\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe 2014-10-25 14:35 - 2014-10-25 14:35 - 36248896 _____ () C:\Users\john\Downloads\Firefox_Setup_33.0.1 (1).exe 2014-10-23 21:49 - 2014-10-23 21:49 - 00021976 _____ () C:\Windows\system32\Drivers\SPPD.sys 2014-10-23 21:26 - 2014-10-23 21:26 - 00003142 _____ () C:\Windows\System32\Tasks\{70F21E93-92DB-4FEF-8E49-198A5D232B7A} 2014-10-21 21:08 - 2014-11-01 09:55 - 00000000 ___HD () C:\Users\Public\Temp 2014-10-14 22:46 - 2014-10-14 22:46 - 00058240 _____ (Word Proser) C:\Windows\system32\Drivers\wpnfd_1_10_0_1.sys 2014-10-13 07:35 - 2014-10-21 21:06 - 00000000 ____D () C:\Users\john\Desktop\Katja ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-03 00:55 - 2011-04-23 19:14 - 00652006 _____ () C:\Windows\system32\perfh007.dat 2014-11-03 00:55 - 2011-04-23 19:14 - 00129674 _____ () C:\Windows\system32\perfc007.dat 2014-11-03 00:55 - 2009-07-14 06:13 - 01498506 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-11-03 00:54 - 2011-04-23 18:17 - 02065609 _____ () C:\Windows\WindowsUpdate.log 2014-11-03 00:52 - 2013-02-26 21:05 - 00000000 ___RD () C:\Users\john\Dropbox 2014-11-03 00:52 - 2013-02-26 21:00 - 00000000 ____D () C:\Users\john\AppData\Roaming\Dropbox 2014-11-03 00:51 - 2014-08-13 23:02 - 00981266 _____ () C:\Windows\PFRO.log 2014-11-03 00:51 - 2014-05-18 18:29 - 00002530 _____ () C:\Windows\setupact.log 2014-11-03 00:51 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-11-03 00:33 - 2012-06-08 12:38 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-11-02 11:08 - 2009-07-14 05:45 - 00019104 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-11-02 11:08 - 2009-07-14 05:45 - 00019104 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-11-02 01:57 - 2013-02-09 10:30 - 00000000 ____D () C:\Users\john\Documents\Outlook-Dateien 2014-11-01 10:05 - 2011-04-23 18:17 - 00001443 _____ () C:\Users\john\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-11-01 10:05 - 2011-04-23 18:17 - 00001409 _____ () C:\Users\john\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk 2014-10-30 01:43 - 2011-06-11 17:48 - 00000000 ____D () C:\Windows\Minidump 2014-10-30 00:37 - 2011-04-23 18:17 - 00000000 ____D () C:\Users\john\AppData\Local\VirtualStore 2014-10-29 23:15 - 2014-06-27 01:23 - 00000000 ____D () C:\Users\john\AppData\Local\CrashDumps 2014-10-29 22:55 - 2011-04-23 20:15 - 00000000 ____D () C:\Program Files (x86)\Java 2014-10-29 22:52 - 2012-12-16 10:40 - 00000000 ____D () C:\Program Files (x86)\CEWE COLOR 2014-10-29 22:10 - 2014-01-02 12:50 - 00000000 ____D () C:\Users\john\AppData\Roaming\DVDVideoSoft 2014-10-29 22:08 - 2011-04-26 18:47 - 00000000 ____D () C:\Users\john\Documents\Anno 1404 2014-10-29 22:08 - 2011-04-23 19:42 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-10-29 22:08 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2014-10-29 21:28 - 2014-04-30 21:01 - 00000000 ____D () C:\ProgramData\Oracle 2014-10-29 21:27 - 2014-08-08 07:20 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-10-29 21:27 - 2014-08-08 07:20 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-10-29 02:42 - 2013-01-10 22:57 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2014-10-29 00:39 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system 2014-10-29 00:04 - 2012-06-10 17:19 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-10-28 23:13 - 2011-06-13 13:44 - 00000000 ____D () C:\Program Files (x86)\Google 2014-10-25 14:37 - 2011-06-13 13:44 - 00000000 ____D () C:\Users\john\AppData\Local\Google 2014-10-25 14:27 - 2012-12-22 23:17 - 00000000 ____D () C:\ProgramData\Norton 2014-10-23 21:33 - 2014-04-30 20:05 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-10-23 21:33 - 2014-04-30 20:05 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight 2014-10-14 23:36 - 2012-12-26 14:10 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Identity Safe 2014-10-10 22:38 - 2014-04-30 20:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2014-10-07 10:01 - 2013-02-26 21:05 - 00001017 _____ () C:\Users\john\Desktop\Dropbox.lnk 2014-10-07 10:01 - 2013-02-26 21:01 - 00000000 ____D () C:\Users\john\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox Some content of TEMP: ==================== C:\Users\john\AppData\Local\Temp\780.5953268547964_Update.exe C:\Users\john\AppData\Local\Temp\BackupSetup.exe C:\Users\john\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpxsluld.dll C:\Users\john\AppData\Local\Temp\Quarantine.exe C:\Users\john\AppData\Local\Temp\sqlite3.dll C:\Users\john\AppData\Local\Temp\vcredist_x64.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-10-30 15:55 ==================== End Of Log ============================ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-11-2014
Ran by john at 2014-11-03 00:57:41
Running from C:\Users\john\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: AntiVir Desktop (Disabled - Up to date) {090F9C29-64CE-6C6F-379C-5901B49A85B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AntiVir Desktop (Disabled - Up to date) {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
ACD/Labs Software in C:\ACDFREE12\ (HKLM-x32\...\ACDLabs in C__ACDFREE12_) (Version: v12.00, FREE - ACD/Labs)
Adobe Digital Editions 2.0 (HKLM-x32\...\Adobe Digital Editions 2.0) (Version: 2.0.1 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader (HKLM-x32\...\InstallShield_{878CADF7-5BD6-4A29-A6F4-AC51C0CE8068}) (Version: 1.8.17.26026 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.8.17.26026 - Alcor Micro Corp.) Hidden
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0005 - ASUS)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Cisco Systems VPN Client 5.0.07.0290 (HKLM\...\{467D5E81-8349-4892-9E81-C3674ED8E451}) (Version: 5.0.7 - Cisco Systems, Inc.)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.40.2.0131 - DT Soft Ltd)
Dropbox (HKCU\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)
Fresco Logic USB3.0 Host Controller (HKLM\...\{EA2EFBF6-7CFD-47A0-BECE-AFCB98428CFE}) (Version: 3.0.108.16 - Fresco Logic Inc.)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
iTunes (HKLM\...\{A535111D-95C8-487F-869E-CE4C239972D2}) (Version: 11.1.1.11 - Apple Inc.)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Juniper Networks Network Connect 7.1.0 (HKLM-x32\...\Juniper Network Connect 7.1.0) (Version: 7.1.0.19243 - Juniper Networks)
Juniper Networks, Inc. Setup Client (HKCU\...\Juniper_Setup_Client) (Version: 7.1.4.13103 - Juniper Networks, Inc.)
Juniper Networks, Inc. Setup Client Activex Control (HKLM-x32\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks, Inc.)
Malwarebytes Anti-Malware Version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5964 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation)
OpenOffice.org 3.3 (HKLM-x32\...\{4286716B-1287-48E7-9078-3DC8248DBA96}) (Version: 3.3.9567 - OpenOffice.org)
PDF Architect (HKLM-x32\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.2 - pdfforge)
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.21.531.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6225 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.9.12585 - Skype Technologies S.A.)
Skype™ 6.6 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.6.106 - Skype Technologies S.A.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1158 - SUPERAntiSpyware.com)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.1.8.0 - Synaptics Incorporated)
USB 2.0 VGA UVC WebCam (HKLM\...\USB 2.0 VGA UVC WebCam) (Version: - )
VLC media player 1.1.9 (HKLM-x32\...\VLC media player) (Version: 1.1.9 - VideoLAN)
WIDCOMM Bluetooth Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.5.600 - Broadcom Corporation)
Winamp (HKLM-x32\...\Winamp) (Version: 5.61 - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Driver Package - Broadcom (BTHUSB) Bluetooth (02/25/2010 6.2.0.9419) (HKLM\...\85CE3A3657FAE5FD305B143E90E6FC89BA53001C) (Version: 02/25/2010 6.2.0.9419 - Broadcom)
Windows Driver Package - Broadcom Bluetooth (01/19/2010 6.2.0.1417) (HKLM\...\7341A1B43E7FE58942EB1E820A17C18305DFBCE6) (Version: 01/19/2010 6.2.0.1417 - Broadcom)
Windows Driver Package - Broadcom Bluetooth (07/29/2009 6.1.7100.0) (HKLM\...\2AA10AB519DC7432D599A0E860206A7DDCC27764) (Version: 07/29/2009 6.1.7100.0 - Broadcom)
Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405) (HKLM\...\6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1) (Version: 07/30/2009 6.2.0.9405 - Broadcom)
Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
WinRAR 4.00 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-763759145-3361092453-3005493021-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\john\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-763759145-3361092453-3005493021-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\john\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-763759145-3361092453-3005493021-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\john\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-763759145-3361092453-3005493021-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\john\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-763759145-3361092453-3005493021-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\john\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-763759145-3361092453-3005493021-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\john\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-763759145-3361092453-3005493021-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\john\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-763759145-3361092453-3005493021-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\john\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-763759145-3361092453-3005493021-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\john\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-763759145-3361092453-3005493021-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\john\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-763759145-3361092453-3005493021-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\john\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
==================== Restore Points =========================
23-10-2014 20:27:19 Removed Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
29-10-2014 20:26:42 Installed Java 7 Update 71
29-10-2014 21:07:16 Removed Ubisoft Game Launcher
29-10-2014 21:12:19 Removed Apple Application Support
29-10-2014 21:13:52 Removed Apple Mobile Device Support
29-10-2014 21:54:24 Removed Java(TM) 6 Update 37
29-10-2014 22:01:03 zoek.exe restore point
02-11-2014 10:11:31 Revo Uninstaller's restore point - File Opener Packages
02-11-2014 23:36:35 Revo Uninstaller's restore point - Gameo
02-11-2014 23:39:55 Revo Uninstaller's restore point - WSE_Astromenda
02-11-2014 23:42:43 Revo Uninstaller's restore point - Term Tutor
02-11-2014 23:45:05 Revo Uninstaller's restore point - Mozilla Firefox 33.0.2 (x86 de)
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2012-06-10 17:12 - 00000027 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {2820FA97-6D5F-4136-804E-5DBDD658DB8E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-27] (Adobe Systems Incorporated)
Task: {2A5ADDB4-BB87-43B4-9584-A26C6D1E27A5} - System32\Tasks\WOT WTUE1 => Firefox.exe hxxp://mmotraffic.com/catalog/goplay/1327/MTE3NjYvLy8xMzI3/
Task: {63012B9F-D546-4DA2-8B53-4A3B1893EC90} - System32\Tasks\Super Optimizer Schedule => C:\Program Files (x86)\Super Optimizer\SupOptLauncher.exe
Task: {65350B0F-1C23-45C7-9D5B-14C1D50E11F9} - System32\Tasks\Digital Sites => C:\Users\john\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {7233C411-B21A-4C7A-A5F3-F2B0A74255C6} - System32\Tasks\WOT WWED1 => Firefox.exe hxxp://mmotraffic.com/catalog/goplay/1327/MTE3NjYvLy8xMzI3/
Task: {7B08A821-236A-4BCC-A5B1-2B0FDDA210D9} - System32\Tasks\WOT WW1 => Firefox.exe hxxp://mmotraffic.com/catalog/goplay/1327/MTE3NjYvLy8xMzI3/
Task: {81EC4BE1-6B06-4A00-9424-8833739267D2} - System32\Tasks\WOT WMON1 => Firefox.exe hxxp://mmotraffic.com/catalog/goplay/1327/MTE3NjYvLy8xMzI3/
Task: {8930C265-2D84-4887-A602-33DB252A7BA5} - System32\Tasks\WOT WFRI1 => Firefox.exe hxxp://mmotraffic.com/catalog/goplay/1327/MTE3NjYvLy8xMzI3/
Task: {8B3C0CE2-9811-437F-8582-937C86BF24FA} - System32\Tasks\SUPERAntiSpyware Scheduled Task 53aae92c-16a9-4e88-b255-61639cc7764b => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {8EB104E8-8EC4-45B5-9F89-2FEDD6B43190} - System32\Tasks\WOT WW2 => Firefox.exe hxxp://mmotraffic.com/catalog/goplay/1327/MTE3NjYvLy8xMzI3/
Task: {99E16E98-06E7-4CDE-8096-C5054A9426B4} - System32\Tasks\ASUS Patch 10430001 => C:\Windows\AsPatch10430001.exe
Task: {9BE8FCC5-A8D8-4ACC-B630-DDB30C36D083} - System32\Tasks\{CAF2DEE2-0D38-4BCB-A058-1EE03E98ECEE} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2013-06-21] (Skype Technologies S.A.)
Task: {B08BD0D5-1D45-47E1-BF01-A256B4AB6EB8} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {DAEEEC5E-DE88-499C-931F-0EB63270937C} - \WSE_Astromenda No Task File <==== ATTENTION
Task: {E077EDD8-B0D6-4663-9B3B-DE4138EB6753} - System32\Tasks\SUPERAntiSpyware Scheduled Task 393ed3ec-65cd-4f04-af7c-9d0ff1463f3e => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {E43D64A0-B1F3-497F-BF9D-742DEE305B9F} - System32\Tasks\WOT WTHUR1 => Firefox.exe hxxp://mmotraffic.com/catalog/goplay/1327/MTE3NjYvLy8xMzI3/
Task: {EB02381F-D652-4B1C-894A-712498C62C51} - \Microsoft\Windows\MUI\LPRemove No Task File <==== ATTENTION
Task: {EF88BF68-D9C0-42F2-8A77-C52B60578D5E} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\SymErr.exe
Task: {FA1245EF-7B8F-40B3-83B1-5F12A1316D91} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\SymErr.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Digital Sites.job => C:\Users\john\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 393ed3ec-65cd-4f04-af7c-9d0ff1463f3e.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 53aae92c-16a9-4e88-b255-61639cc7764b.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\Windows\Tasks\WSE_Astromenda.job => C:\Users\john\AppData\Roaming\WSE_AS~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
==================== Loaded Modules (whitelisted) =============
2014-11-01 09:53 - 2014-11-01 08:52 - 04959744 _____ () C:\Windows\rcore.exe
2010-01-30 01:40 - 2010-01-30 01:40 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-03-11 19:14 - 2010-03-11 19:14 - 00173344 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
2010-03-23 12:26 - 2010-03-23 12:26 - 00201512 _____ () C:\Program Files (x86)\Cisco Systems\VPN Client\vpnapi.dll
2010-01-30 01:41 - 2010-01-30 01:41 - 04254560 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2014-11-03 00:52 - 2014-11-03 00:52 - 00043008 _____ () c:\users\john\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpxsluld.dll
2013-08-23 20:01 - 2013-08-23 20:01 - 25100288 _____ () C:\Users\john\AppData\Roaming\Dropbox\bin\libcef.dll
2011-01-17 15:19 - 2011-04-23 20:16 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^Users^john^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk => C:\Windows\pss\OpenOffice.org 3.3.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SynAsusAcpi => %ProgramFiles%\Synaptics\SynTP\SynAsusAcpi.exe
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
========================= Accounts: ==========================
Administrator (S-1-5-21-763759145-3361092453-3005493021-500 - Administrator - Disabled)
Guest (S-1-5-21-763759145-3361092453-3005493021-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-763759145-3361092453-3005493021-1003 - Limited - Enabled)
john (S-1-5-21-763759145-3361092453-3005493021-1000 - Administrator - Enabled) => C:\Users\john
UpdatusUser (S-1-5-21-763759145-3361092453-3005493021-1001 - Limited - Enabled) => C:\Users\UpdatusUser
==================== Faulty Device Manager Devices =============
Name: BT-270
Description: BT-270
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Broadcom
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Cisco Systems VPN Adapter for 64-bit Windows
Description: Cisco Systems VPN Adapter for 64-bit Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (11/03/2014 00:51:43 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/03/2014 00:51:29 AM) (Source: Avira AntiVir) (EventID: 4122) (User: NT AUTHORITY)
Description: Die Datei AVPREF.DLL konnte nicht geladen werden.
Fehlercode: 0x45a
Error: (11/02/2014 05:25:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 12308
Error: (11/02/2014 05:25:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 12308
Error: (11/02/2014 05:25:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (11/02/2014 05:25:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 11310
Error: (11/02/2014 05:25:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 11310
Error: (11/02/2014 05:25:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (11/02/2014 05:25:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10296
Error: (11/02/2014 05:25:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10296
System errors:
=============
Error: (11/03/2014 00:51:33 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
ttnfd
Error: (11/02/2014 11:00:58 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "ttnfd" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275
Error: (11/02/2014 11:00:58 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\system32\drivers\ttnfd.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
Error: (11/02/2014 02:29:22 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
ttnfd
Error: (11/02/2014 02:29:22 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "ttnfd" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (11/02/2014 02:29:20 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Optimizer Pro Crash Monitor erreicht.
Error: (11/02/2014 01:55:39 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
ttnfd
Error: (11/02/2014 01:55:39 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "ttnfd" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (11/02/2014 01:55:32 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Optimizer Pro Crash Monitor erreicht.
Error: (11/02/2014 01:41:42 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "ttnfd" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275
Microsoft Office Sessions:
=========================
Error: (11/03/2014 00:51:43 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/03/2014 00:51:29 AM) (Source: Avira AntiVir) (EventID: 4122) (User: NT AUTHORITY)
Description: AVPREF.DLL0x45a
Error: (11/02/2014 05:25:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 12308
Error: (11/02/2014 05:25:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 12308
Error: (11/02/2014 05:25:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (11/02/2014 05:25:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 11310
Error: (11/02/2014 05:25:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 11310
Error: (11/02/2014 05:25:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (11/02/2014 05:25:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10296
Error: (11/02/2014 05:25:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10296
CodeIntegrity Errors:
===================================
Date: 2014-11-02 11:00:58.570
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\ Malwarebytes Anti-Malware \mbampt.exe" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-11-02 11:00:58.508
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\ Malwarebytes Anti-Malware \mbampt.exe" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-11-02 01:41:42.263
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\ Malwarebytes Anti-Malware \mbampt.exe" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-11-02 01:41:41.997
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\ Malwarebytes Anti-Malware \mbampt.exe" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2012-06-10 18:11:33.838
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2012-06-10 18:11:33.822
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2012-06-07 20:27:13.721
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2012-06-07 20:27:13.721
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5 CPU M 480 @ 2.67GHz
Percentage of memory in use: 39%
Total physical RAM: 3884.29 MB
Available physical RAM: 2355.7 MB
Total Pagefile: 7766.77 MB
Available Pagefile: 6196.96 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
==================== Drives ================================
Drive c: (win7) (Fixed) (Total:74.52 GB) (Free:17.92 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (data) (Fixed) (Total:202.08 GB) (Free:155.75 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: E0C5913D)
Partition 1: (Not Active) - (Size=21.5 GB) - (Type=1C)
Partition 2: (Active) - (Size=74.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=202.1 GB) - (Type=OF Extended)
==================== End Of Log ============================
|
|
03.11.2014, 16:56
| #8 |
| /// the machine /// TB-Ausbilder | Browser-Virus lässt sich nicht entfernen Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter Task: {65350B0F-1C23-45C7-9D5B-14C1D50E11F9} - System32\Tasks\Digital Sites => C:\Users\john\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {B08BD0D5-1D45-47E1-BF01-A256B4AB6EB8} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {DAEEEC5E-DE88-499C-931F-0EB63270937C} - \WSE_Astromenda No Task File <==== ATTENTION
Task: {EB02381F-D652-4B1C-894A-712498C62C51} - \Microsoft\Windows\MUI\LPRemove No Task File <==== ATTENTION
Task: C:\Windows\Tasks\Digital Sites.job => C:\Users\john\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\WSE_Astromenda.job => C:\Users\john\AppData\Roaming\WSE_AS~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
HKLM-x32\...\Run: [mbot_de_222] => "C:\Program Files (x86)\mbot_de_222\mbot_de_222.exe"
C:\Program Files (x86)\mbot_de_222
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1414831980&from=tugs&uid=WDCXWD3200BEVT-80A0RT1_WD-WXR1EA0CCLY5CCLY5&q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://astromenda.com/?f=1&a=ast_ggfc_14_44_ff&cd=2XzuyEtN2Y1L1QzuyE0EyD0DyCtDzy0A0BtByB0B0DyB0B0BtN0D0Tzu0StCtDtAyCtN1L2XzutAtFyDtFtCtFyEtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyCtD0A0EtC0CyE0FtGtBtCtDyBtG0F0EyCyBtGyEzz0A0FtGyD0FyDtAtAyE0DyD0C0BtB0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0D0DtDyEtB0CyCtGzyzzyCtBtGyE0ByEzytG0AtCtC0AtGtAtByD0AtAyDtDtA0C0BtB0E2Q&cr=129159965&ir=
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x263E71A4DD01CC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://isearch.omiga-plus.com/?type=hp&ts=1414831980&from=tugs&uid=WDCXWD3200BEVT-80A0RT1_WD-WXR1EA0CCLY5CCLY5
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1414831980&from=tugs&uid=WDCXWD3200BEVT-80A0RT1_WD-WXR1EA0CCLY5CCLY5&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://isearch.omiga-plus.com/?type=hp&ts=1414831980&from=tugs&uid=WDCXWD3200BEVT-80A0RT1_WD-WXR1EA0CCLY5CCLY5
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://isearch.omiga-plus.com/?type=hp&ts=1414831980&from=tugs&uid=WDCXWD3200BEVT-80A0RT1_WD-WXR1EA0CCLY5CCLY5
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1414831980&from=tugs&uid=WDCXWD3200BEVT-80A0RT1_WD-WXR1EA0CCLY5CCLY5&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://isearch.omiga-plus.com/?type=hp&ts=1414831980&from=tugs&uid=WDCXWD3200BEVT-80A0RT1_WD-WXR1EA0CCLY5CCLY5
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://isearch.omiga-plus.com/?type=hp&ts=1414831980&from=tugs&uid=WDCXWD3200BEVT-80A0RT1_WD-WXR1EA0CCLY5CCLY5
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1414831980&from=tugs&uid=WDCXWD3200BEVT-80A0RT1_WD-WXR1EA0CCLY5CCLY5&q={searchTerms}
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-763759145-3361092453-3005493021-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_ggfc_14_44_ff&cd=2XzuyEtN2Y1L1QzuyE0EyD0DyCtDzy0A0BtByB0B0DyB0B0BtN0D0Tzu0StCtDtAyCtN1L2XzutAtFyDtFtCtFyEtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyCtD0A0EtC0CyE0FtGtBtCtDyBtG0F0EyCyBtGyEzz0A0FtGyD0FyDtAtAyE0DyD0C0BtB0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0D0DtDyEtB0CyCtGzyzzyCtBtGyE0ByEzytG0AtCtC0AtGtAtByD0AtAyDtDtA0C0BtB0E2Q&cr=129159965&ir=
SearchScopes: HKLM - {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_ggfc_14_44_ff&cd=2XzuyEtN2Y1L1QzuyE0EyD0DyCtDzy0A0BtByB0B0DyB0B0BtN0D0Tzu0StCtDtAyCtN1L2XzutAtFyDtFtCtFyEtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StD0FtB0AtCyBtD0CtGyEtDtA0AtG0D0D0ByCtG0D0F0A0CtGyDtAyBzztDtAtD0A0C0BtB0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0D0DtDyEtB0CyCtGzyzzyCtBtGyE0ByEzytG0AtCtC0AtGtAtByD0AtAyDtDtA0C0BtB0E2Q&cr=896564037&ir=
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_ggfc_14_44_ff&cd=2XzuyEtN2Y1L1QzuyE0EyD0DyCtDzy0A0BtByB0B0DyB0B0BtN0D0Tzu0StCtDtAyCtN1L2XzutAtFyDtFtCtFyEtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyCtD0A0EtC0CyE0FtGtBtCtDyBtG0F0EyCyBtGyEzz0A0FtGyD0FyDtAtAyE0DyD0C0BtB0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0D0DtDyEtB0CyCtGzyzzyCtBtGyE0ByEzytG0AtCtC0AtGtAtByD0AtAyDtDtA0C0BtB0E2Q&cr=129159965&ir=
SearchScopes: HKCU - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_ggfc_14_44_ff&cd=2XzuyEtN2Y1L1QzuyE0EyD0DyCtDzy0A0BtByB0B0DyB0B0BtN0D0Tzu0StCtDtAyCtN1L2XzutAtFyDtFtCtFyEtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyCtD0A0EtC0CyE0FtGtBtCtDyBtG0F0EyCyBtGyEzz0A0FtGyD0FyDtAtAyE0DyD0C0BtB0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0D0DtDyEtB0CyCtGzyzzyCtBtGyE0ByEzytG0AtCtC0AtGtAtByD0AtAyDtDtA0C0BtB0E2Q&cr=129159965&ir=
SearchScopes: HKCU - {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_ggfc_14_44_ff&cd=2XzuyEtN2Y1L1QzuyE0EyD0DyCtDzy0A0BtByB0B0DyB0B0BtN0D0Tzu0StCtDtAyCtN1L2XzutAtFyDtFtCtFyEtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StD0FtB0AtCyBtD0CtGyEtDtA0AtG0D0D0ByCtG0D0F0A0CtGyDtAyBzztDtAtD0A0C0BtB0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0D0DtDyEtB0CyCtGzyzzyCtBtGyE0ByEzytG0AtCtC0AtGtAtByD0AtAyDtDtA0C0BtB0E2Q&cr=896564037&ir=
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_ggfc_14_44_ff&cd=2XzuyEtN2Y1L1QzuyE0EyD0DyCtDzy0A0BtByB0B0DyB0B0BtN0D0Tzu0StCtDtAyCtN1L2XzutAtFyDtFtCtFyEtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyCtD0A0EtC0CyE0FtGtBtCtDyBtG0F0EyCyBtGyEzz0A0FtGyD0FyDtAtAyE0DyD0C0BtB0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0D0DtDyEtB0CyCtGzyzzyCtBtGyE0ByEzytG0AtCtC0AtGtAtByD0AtAyDtDtA0C0BtB0E2Q&cr=129159965&ir=
FF NewTab: chrome://quick_start/content/index.html
FF DefaultSearchEngine: Astromenda
FF SelectedSearchEngine: Astromenda
FF Homepage: hxxp://astromenda.com/?f=1&a=ast_ggfc_14_44_ff&cd=2XzuyEtN2Y1L1QzuyE0EyD0DyCtDzy0A0BtByB0B0DyB0B0BtN0D0Tzu0StCtDtAyCtN1L2XzutAtFyDtFtCtFyEtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyCtD0A0EtC0CyE0FtGtBtCtDyBtG0F0EyCyBtGyEzz0A0FtGyD0FyDtAtAyE0DyD0C0BtB0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0D0DtDyEtB0CyCtGzyzzyCtBtGyE0ByEzytG0AtCtC0AtGtAtByD0AtAyDtDtA0C0BtB0E2Q&cr=129159965&ir=
FF SearchPlugin: C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\t94n2g8m.default-1414098093328\searchplugins\Astromenda.xml
FF SearchPlugin: C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\t94n2g8m.default-1414098093328\searchplugins\google-images.xml
FF SearchPlugin: C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\t94n2g8m.default-1414098093328\searchplugins\google-maps.xml
FF Extension: Fast Start - C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\t94n2g8m.default-1414098093328\Extensions\faststartff@gmail.com [2014-11-01]
FF Extension: Astrmenda Search - C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\t94n2g8m.default-1414098093328\Extensions\{8dc5c42e-9204-2a64-8b97-fa94ff8a241f} [2014-11-02]
FF Extension: DownloadHelper - C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\t94n2g8m.default-1414098093328\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-11-01]
FF Extension: Astro New Tab - C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\t94n2g8m.default-1414098093328\Extensions\{f2548724-373f-45fe-be6a-3a85e87b7711}.xpi [2014-11-02]
FF HKLM-x32\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\t94n2g8m.default-1414098093328\extensions\faststartff@gmail.com
FF HKLM-x32\...\Firefox\Extensions: [termtutor@termtutor.com] - C:\Program Files (x86)\Mozilla Firefox\extensions\termtutor@termtutor.com
FF HKCU\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\t94n2g8m.default-1414098093328\extensions\cliqz@cliqz.com
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\{6e7f6f9f-8ce6-4611-add2-05f0f7049ee6} [Not Found]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
FF Extension: No Name - {6e7f6f9f-8ce6-4611-add2-05f0f7049ee6} [Not Found]
R2 rcores; C:\Windows\rcore.exe [4959744 2014-11-01] () [File not signed]
C:\Windows\rcore.exe
2014-11-02 11:24 - 2014-11-02 11:24 - 00000000 ____D () C:\ProgramData\374311380
2014-11-02 11:02 - 2014-11-03 00:51 - 00000000 ____D () C:\Users\john\AppData\Roaming\Gameo
2014-11-02 11:02 - 2014-11-03 00:51 - 00000000 ____D () C:\Users\john\AppData\Local\Gameo
2014-11-02 11:02 - 2014-11-02 11:02 - 00000170 _____ () C:\Users\john\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Play Games Online.url
2014-11-02 11:02 - 2014-11-02 11:02 - 00000000 ___HD () C:\Users\john\AppData\Roaming\GoldenGate
2014-11-02 11:01 - 2014-11-03 00:35 - 00000000 ____D () C:\Users\john\AppData\Roaming\1H1Q1V1N1N1O1R
2014-11-02 11:01 - 2014-11-03 00:33 - 00000288 _____ () C:\Windows\Tasks\Digital Sites.job
2014-11-02 11:01 - 2014-11-02 11:02 - 00003224 _____ () C:\Windows\System32\Tasks\Digital Sites
2014-11-02 11:01 - 2014-11-02 11:01 - 00000000 ____D () C:\Users\john\AppData\Roaming\DigitalSites
2014-11-02 01:41 - 2014-11-03 00:34 - 00000000 ____D () C:\Program Files (x86)\WSE_Astromenda
2014-11-02 01:41 - 2014-11-03 00:33 - 00000288 _____ () C:\Windows\Tasks\WSE_Astromenda.job
2014-11-02 01:39 - 2014-11-02 01:39 - 00812904 _____ ( ) C:\Users\john\Downloads\FileOpenerSetup.exe
2014-11-01 09:59 - 2014-11-02 01:54 - 00000000 ____D () C:\SUPERDelete
2014-11-01 09:58 - 2014-11-01 09:58 - 00003242 _____ () C:\Windows\System32\Tasks\Super Optimizer Schedule
2014-11-01 09:55 - 2014-11-01 09:55 - 00000000 ____D () C:\Users\john\AppData\Roaming\VOPackage
2014-11-01 09:54 - 2014-11-01 09:58 - 00000000 ____D () C:\Program Files (x86)\SupTab
2014-11-01 09:53 - 2014-11-01 10:07 - 00000000 ____D () C:\Program Files (x86)\mbot_de_222
2014-11-01 09:53 - 2014-11-01 09:53 - 00004022 _____ () C:\Windows\System32\Tasks\LaunchSignup
2014-11-01 09:53 - 2014-11-01 09:53 - 00000000 ____D () C:\Users\john\AppData\Local\mbot_de_222
2014-11-01 09:53 - 2014-11-01 08:52 - 04959744 _____ () C:\Windows\rcore.exe
2014-11-01 09:52 - 2014-11-02 01:50 - 00000000 ____D () C:\Program Files (x86)\WordProser_1.10.0.1
2014-11-01 09:52 - 2014-11-01 09:52 - 00000000 ____D () C:\Users\john\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\InetStat
2014-11-01 09:52 - 2014-11-01 09:52 - 00000000 ____D () C:\Users\john\AppData\Roaming\InetStat
2014-11-01 09:52 - 2014-11-01 09:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InetStat
Emptytemp:
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
04.11.2014, 16:49
| #9 |
| | Browser-Virus lässt sich nicht entfernen hier das fixlog... Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-11-2014
Ran by john at 2014-11-04 16:38:42 Run:1
Running from C:\Users\john\Desktop
Loaded Profiles: john & UpdatusUser & (Available profiles: john & UpdatusUser)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
Task: {65350B0F-1C23-45C7-9D5B-14C1D50E11F9} - System32\Tasks\Digital Sites => C:\Users\john\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {B08BD0D5-1D45-47E1-BF01-A256B4AB6EB8} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {DAEEEC5E-DE88-499C-931F-0EB63270937C} - \WSE_Astromenda No Task File <==== ATTENTION
Task: {EB02381F-D652-4B1C-894A-712498C62C51} - \Microsoft\Windows\MUI\LPRemove No Task File <==== ATTENTION
Task: C:\Windows\Tasks\Digital Sites.job => C:\Users\john\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\WSE_Astromenda.job => C:\Users\john\AppData\Roaming\WSE_AS~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
HKLM-x32\...\Run: [mbot_de_222] => "C:\Program Files (x86)\mbot_de_222\mbot_de_222.exe"
C:\Program Files (x86)\mbot_de_222
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1414831980&from=tugs&uid=WDCXWD3200BEVT-80A0RT1_WD-WXR1EA0CCLY5CCLY5&q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://astromenda.com/?f=1&a=ast_ggfc_14_44_ff&cd=2XzuyEtN2Y1L1QzuyE0EyD0DyCtDzy0A0BtByB0B0DyB0B0BtN0D0Tzu0StCtDtAyCtN1L2XzutAtFyDtFtCtFyEtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyCtD0A0EtC0CyE0FtGtBtCtDyBtG0F0EyCyBtGyEzz0A0FtGyD0FyDtAtAyE0DyD0C0BtB0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0D0DtDyEtB0CyCtGzyzzyCtBtGyE0ByEzytG0AtCtC0AtGtAtByD0AtAyDtDtA0C0BtB0E2Q&cr=129159965&ir=
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x263E71A4DD01CC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://isearch.omiga-plus.com/?type=hp&ts=1414831980&from=tugs&uid=WDCXWD3200BEVT-80A0RT1_WD-WXR1EA0CCLY5CCLY5
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1414831980&from=tugs&uid=WDCXWD3200BEVT-80A0RT1_WD-WXR1EA0CCLY5CCLY5&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://isearch.omiga-plus.com/?type=hp&ts=1414831980&from=tugs&uid=WDCXWD3200BEVT-80A0RT1_WD-WXR1EA0CCLY5CCLY5
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://isearch.omiga-plus.com/?type=hp&ts=1414831980&from=tugs&uid=WDCXWD3200BEVT-80A0RT1_WD-WXR1EA0CCLY5CCLY5
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1414831980&from=tugs&uid=WDCXWD3200BEVT-80A0RT1_WD-WXR1EA0CCLY5CCLY5&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://isearch.omiga-plus.com/?type=hp&ts=1414831980&from=tugs&uid=WDCXWD3200BEVT-80A0RT1_WD-WXR1EA0CCLY5CCLY5
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://isearch.omiga-plus.com/?type=hp&ts=1414831980&from=tugs&uid=WDCXWD3200BEVT-80A0RT1_WD-WXR1EA0CCLY5CCLY5
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1414831980&from=tugs&uid=WDCXWD3200BEVT-80A0RT1_WD-WXR1EA0CCLY5CCLY5&q={searchTerms}
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-763759145-3361092453-3005493021-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_ggfc_14_44_ff&cd=2XzuyEtN2Y1L1QzuyE0EyD0DyCtDzy0A0BtByB0B0DyB0B0BtN0D0Tzu0StCtDtAyCtN1L2XzutAtFyDtFtCtFyEtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyCtD0A0EtC0CyE0FtGtBtCtDyBtG0F0EyCyBtGyEzz0A0FtGyD0FyDtAtAyE0DyD0C0BtB0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0D0DtDyEtB0CyCtGzyzzyCtBtGyE0ByEzytG0AtCtC0AtGtAtByD0AtAyDtDtA0C0BtB0E2Q&cr=129159965&ir=
SearchScopes: HKLM - {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_ggfc_14_44_ff&cd=2XzuyEtN2Y1L1QzuyE0EyD0DyCtDzy0A0BtByB0B0DyB0B0BtN0D0Tzu0StCtDtAyCtN1L2XzutAtFyDtFtCtFyEtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StD0FtB0AtCyBtD0CtGyEtDtA0AtG0D0D0ByCtG0D0F0A0CtGyDtAyBzztDtAtD0A0C0BtB0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0D0DtDyEtB0CyCtGzyzzyCtBtGyE0ByEzytG0AtCtC0AtGtAtByD0AtAyDtDtA0C0BtB0E2Q&cr=896564037&ir=
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_ggfc_14_44_ff&cd=2XzuyEtN2Y1L1QzuyE0EyD0DyCtDzy0A0BtByB0B0DyB0B0BtN0D0Tzu0StCtDtAyCtN1L2XzutAtFyDtFtCtFyEtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyCtD0A0EtC0CyE0FtGtBtCtDyBtG0F0EyCyBtGyEzz0A0FtGyD0FyDtAtAyE0DyD0C0BtB0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0D0DtDyEtB0CyCtGzyzzyCtBtGyE0ByEzytG0AtCtC0AtGtAtByD0AtAyDtDtA0C0BtB0E2Q&cr=129159965&ir=
SearchScopes: HKCU - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_ggfc_14_44_ff&cd=2XzuyEtN2Y1L1QzuyE0EyD0DyCtDzy0A0BtByB0B0DyB0B0BtN0D0Tzu0StCtDtAyCtN1L2XzutAtFyDtFtCtFyEtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyCtD0A0EtC0CyE0FtGtBtCtDyBtG0F0EyCyBtGyEzz0A0FtGyD0FyDtAtAyE0DyD0C0BtB0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0D0DtDyEtB0CyCtGzyzzyCtBtGyE0ByEzytG0AtCtC0AtGtAtByD0AtAyDtDtA0C0BtB0E2Q&cr=129159965&ir=
SearchScopes: HKCU - {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_ggfc_14_44_ff&cd=2XzuyEtN2Y1L1QzuyE0EyD0DyCtDzy0A0BtByB0B0DyB0B0BtN0D0Tzu0StCtDtAyCtN1L2XzutAtFyDtFtCtFyEtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StD0FtB0AtCyBtD0CtGyEtDtA0AtG0D0D0ByCtG0D0F0A0CtGyDtAyBzztDtAtD0A0C0BtB0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0D0DtDyEtB0CyCtGzyzzyCtBtGyE0ByEzytG0AtCtC0AtGtAtByD0AtAyDtDtA0C0BtB0E2Q&cr=896564037&ir=
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_ggfc_14_44_ff&cd=2XzuyEtN2Y1L1QzuyE0EyD0DyCtDzy0A0BtByB0B0DyB0B0BtN0D0Tzu0StCtDtAyCtN1L2XzutAtFyDtFtCtFyEtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyCtD0A0EtC0CyE0FtGtBtCtDyBtG0F0EyCyBtGyEzz0A0FtGyD0FyDtAtAyE0DyD0C0BtB0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0D0DtDyEtB0CyCtGzyzzyCtBtGyE0ByEzytG0AtCtC0AtGtAtByD0AtAyDtDtA0C0BtB0E2Q&cr=129159965&ir=
FF NewTab: chrome://quick_start/content/index.html
FF DefaultSearchEngine: Astromenda
FF SelectedSearchEngine: Astromenda
FF Homepage: hxxp://astromenda.com/?f=1&a=ast_ggfc_14_44_ff&cd=2XzuyEtN2Y1L1QzuyE0EyD0DyCtDzy0A0BtByB0B0DyB0B0BtN0D0Tzu0StCtDtAyCtN1L2XzutAtFyDtFtCtFyEtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyCtD0A0EtC0CyE0FtGtBtCtDyBtG0F0EyCyBtGyEzz0A0FtGyD0FyDtAtAyE0DyD0C0BtB0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0D0DtDyEtB0CyCtGzyzzyCtBtGyE0ByEzytG0AtCtC0AtGtAtByD0AtAyDtDtA0C0BtB0E2Q&cr=129159965&ir=
FF SearchPlugin: C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\t94n2g8m.default-1414098093328\searchplugins\Astromenda.xml
FF SearchPlugin: C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\t94n2g8m.default-1414098093328\searchplugins\google-images.xml
FF SearchPlugin: C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\t94n2g8m.default-1414098093328\searchplugins\google-maps.xml
FF Extension: Fast Start - C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\t94n2g8m.default-1414098093328\Extensions\faststartff@gmail.com [2014-11-01]
FF Extension: Astrmenda Search - C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\t94n2g8m.default-1414098093328\Extensions\{8dc5c42e-9204-2a64-8b97-fa94ff8a241f} [2014-11-02]
FF Extension: DownloadHelper - C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\t94n2g8m.default-1414098093328\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-11-01]
FF Extension: Astro New Tab - C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\t94n2g8m.default-1414098093328\Extensions\{f2548724-373f-45fe-be6a-3a85e87b7711}.xpi [2014-11-02]
FF HKLM-x32\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\t94n2g8m.default-1414098093328\extensions\faststartff@gmail.com
FF HKLM-x32\...\Firefox\Extensions: [termtutor@termtutor.com] - C:\Program Files (x86)\Mozilla Firefox\extensions\termtutor@termtutor.com
FF HKCU\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\t94n2g8m.default-1414098093328\extensions\cliqz@cliqz.com
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\{6e7f6f9f-8ce6-4611-add2-05f0f7049ee6} [Not Found]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
FF Extension: No Name - {6e7f6f9f-8ce6-4611-add2-05f0f7049ee6} [Not Found]
R2 rcores; C:\Windows\rcore.exe [4959744 2014-11-01] () [File not signed]
C:\Windows\rcore.exe
2014-11-02 11:24 - 2014-11-02 11:24 - 00000000 ____D () C:\ProgramData\374311380
2014-11-02 11:02 - 2014-11-03 00:51 - 00000000 ____D () C:\Users\john\AppData\Roaming\Gameo
2014-11-02 11:02 - 2014-11-03 00:51 - 00000000 ____D () C:\Users\john\AppData\Local\Gameo
2014-11-02 11:02 - 2014-11-02 11:02 - 00000170 _____ () C:\Users\john\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Play Games Online.url
2014-11-02 11:02 - 2014-11-02 11:02 - 00000000 ___HD () C:\Users\john\AppData\Roaming\GoldenGate
2014-11-02 11:01 - 2014-11-03 00:35 - 00000000 ____D () C:\Users\john\AppData\Roaming\1H1Q1V1N1N1O1R
2014-11-02 11:01 - 2014-11-03 00:33 - 00000288 _____ () C:\Windows\Tasks\Digital Sites.job
2014-11-02 11:01 - 2014-11-02 11:02 - 00003224 _____ () C:\Windows\System32\Tasks\Digital Sites
2014-11-02 11:01 - 2014-11-02 11:01 - 00000000 ____D () C:\Users\john\AppData\Roaming\DigitalSites
2014-11-02 01:41 - 2014-11-03 00:34 - 00000000 ____D () C:\Program Files (x86)\WSE_Astromenda
2014-11-02 01:41 - 2014-11-03 00:33 - 00000288 _____ () C:\Windows\Tasks\WSE_Astromenda.job
2014-11-02 01:39 - 2014-11-02 01:39 - 00812904 _____ ( ) C:\Users\john\Downloads\FileOpenerSetup.exe
2014-11-01 09:59 - 2014-11-02 01:54 - 00000000 ____D () C:\SUPERDelete
2014-11-01 09:58 - 2014-11-01 09:58 - 00003242 _____ () C:\Windows\System32\Tasks\Super Optimizer Schedule
2014-11-01 09:55 - 2014-11-01 09:55 - 00000000 ____D () C:\Users\john\AppData\Roaming\VOPackage
2014-11-01 09:54 - 2014-11-01 09:58 - 00000000 ____D () C:\Program Files (x86)\SupTab
2014-11-01 09:53 - 2014-11-01 10:07 - 00000000 ____D () C:\Program Files (x86)\mbot_de_222
2014-11-01 09:53 - 2014-11-01 09:53 - 00004022 _____ () C:\Windows\System32\Tasks\LaunchSignup
2014-11-01 09:53 - 2014-11-01 09:53 - 00000000 ____D () C:\Users\john\AppData\Local\mbot_de_222
2014-11-01 09:53 - 2014-11-01 08:52 - 04959744 _____ () C:\Windows\rcore.exe
2014-11-01 09:52 - 2014-11-02 01:50 - 00000000 ____D () C:\Program Files (x86)\WordProser_1.10.0.1
2014-11-01 09:52 - 2014-11-01 09:52 - 00000000 ____D () C:\Users\john\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\InetStat
2014-11-01 09:52 - 2014-11-01 09:52 - 00000000 ____D () C:\Users\john\AppData\Roaming\InetStat
2014-11-01 09:52 - 2014-11-01 09:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InetStat
Emptytemp:
*****************
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{65350B0F-1C23-45C7-9D5B-14C1D50E11F9}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{65350B0F-1C23-45C7-9D5B-14C1D50E11F9}" => Key deleted successfully.
C:\Windows\System32\Tasks\Digital Sites => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Digital Sites" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B08BD0D5-1D45-47E1-BF01-A256B4AB6EB8}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B08BD0D5-1D45-47E1-BF01-A256B4AB6EB8}" => Key deleted successfully.
C:\Windows\System32\Tasks\LaunchSignup => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchSignup" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DAEEEC5E-DE88-499C-931F-0EB63270937C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DAEEEC5E-DE88-499C-931F-0EB63270937C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WSE_Astromenda" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{EB02381F-D652-4B1C-894A-712498C62C51}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EB02381F-D652-4B1C-894A-712498C62C51}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MUI\LPRemove" => Key deleted successfully.
C:\Windows\Tasks\Digital Sites.job => Moved successfully.
C:\Windows\Tasks\WSE_Astromenda.job => Moved successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\mbot_de_222 => value deleted successfully.
C:\Program Files (x86)\mbot_de_222 => Moved successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP => value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache AcceptLangs => value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-763759145-3361092453-3005493021-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}" => Key deleted successfully.
"HKCR\CLSID\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key deleted successfully.
"HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66}" => Key deleted successfully.
"HKCR\CLSID\{012E1000-F331-11DB-8314-0800200C9A66}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}" => Key deleted successfully.
"HKCR\CLSID\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key deleted successfully.
"HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key not found.
Firefox newtab deleted successfully.
Firefox DefaultSearchEngine deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
Firefox homepage deleted successfully.
"C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\t94n2g8m.default-1414098093328\searchplugins\Astromenda.xml" => not found.
"C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\t94n2g8m.default-1414098093328\searchplugins\google-images.xml" => not found.
"C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\t94n2g8m.default-1414098093328\searchplugins\google-maps.xml" => not found.
C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\t94n2g8m.default-1414098093328\Extensions\faststartff@gmail.com => Moved successfully.
C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\t94n2g8m.default-1414098093328\Extensions\{8dc5c42e-9204-2a64-8b97-fa94ff8a241f} not found.
C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\t94n2g8m.default-1414098093328\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} not found.
C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\t94n2g8m.default-1414098093328\Extensions\{f2548724-373f-45fe-be6a-3a85e87b7711}.xpi not found.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\faststartff@gmail.com => value deleted successfully.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\termtutor@termtutor.com => value deleted successfully.
HKCU\Software\Mozilla\Firefox\Extensions\\cliqz@cliqz.com => value deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{6e7f6f9f-8ce6-4611-add2-05f0f7049ee6} not found.
C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} => Moved successfully.
FF Extension: No Name - {6e7f6f9f-8ce6-4611-add2-05f0f7049ee6} [Not Found] not found.
rcores => Unable to stop service
rcores => Service deleted successfully.
C:\Windows\rcore.exe => Moved successfully.
C:\ProgramData\374311380 => Moved successfully.
C:\Users\john\AppData\Roaming\Gameo => Moved successfully.
C:\Users\john\AppData\Local\Gameo => Moved successfully.
C:\Users\john\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Play Games Online.url => Moved successfully.
C:\Users\john\AppData\Roaming\GoldenGate => Moved successfully.
C:\Users\john\AppData\Roaming\1H1Q1V1N1N1O1R => Moved successfully.
"C:\Windows\Tasks\Digital Sites.job" => File/Directory not found.
"C:\Windows\System32\Tasks\Digital Sites" => File/Directory not found.
C:\Users\john\AppData\Roaming\DigitalSites => Moved successfully.
C:\Program Files (x86)\WSE_Astromenda => Moved successfully.
"C:\Windows\Tasks\WSE_Astromenda.job" => File/Directory not found.
"C:\Users\john\Downloads\FileOpenerSetup.exe" => File/Directory not found.
C:\SUPERDelete => Moved successfully.
C:\Windows\System32\Tasks\Super Optimizer Schedule => Moved successfully.
C:\Users\john\AppData\Roaming\VOPackage => Moved successfully.
C:\Program Files (x86)\SupTab => Moved successfully.
"C:\Program Files (x86)\mbot_de_222" => File/Directory not found.
"C:\Windows\System32\Tasks\LaunchSignup" => File/Directory not found.
C:\Users\john\AppData\Local\mbot_de_222 => Moved successfully.
"C:\Windows\rcore.exe" => File/Directory not found.
C:\Program Files (x86)\WordProser_1.10.0.1 => Moved successfully.
C:\Users\john\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\InetStat => Moved successfully.
C:\Users\john\AppData\Roaming\InetStat => Moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InetStat => Moved successfully.
EmptyTemp: => Removed 282.2 MB temporary data.
The system needed a reboot.
==== End of Fixlog ====
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-11-2014 Ran by john (administrator) on JOHN-PC on 04-11-2014 16:46:24 Running from C:\Users\john\Desktop Loaded Profiles: john & UpdatusUser (Available profiles: john & UpdatusUser) Platform: Windows 7 Enterprise Service Pack 1 (X64) OS Language: Englisch (USA) Internet Explorer Version 9 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe (Juniper Networks) C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe (pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Dropbox, Inc.) C:\Users\john\AppData\Roaming\Dropbox\bin\Dropbox.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [324096 2010-08-11] (Alcor Micro Corp.) HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [6806144 2010-06-24] (ASUS) HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-05-03] (ASUS) HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [281768 2011-03-04] (Avira GmbH) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-10-01] (Apple Inc.) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-763759145-3361092453-3005493021-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7767832 2014-10-01] (SUPERAntiSpyware) HKU\S-1-5-21-763759145-3361092453-3005493021-1000\...\Run: [BRS] => C:\Program Files (x86)\WSE_Astromenda\BRS\brs.exe -runBRS HKU\S-1-5-21-763759145-3361092453-3005493021-1000\...\Run: [Gameo] => C:\Users\john\AppData\Roaming\Gameo\gameo.exe "C:\Users\john\AppData\Roaming\Gameo\gameo.dat" mode:minimized Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) Startup: C:\Users\john\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\john\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\john\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) Startup: C:\Users\john\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: PDF Architect Helper -> {3A2D5EBA-F86D-4BD3-A177-019765996711} -> C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GmbH) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKCU - No Name - {A13C2648-91D4-4BF3-BC6D-0079707C4389} - No File DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF ProfilePath: C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\t1k7acog.default-1414973110591 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Windows\SysWOW64\npdeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF HKLM-x32\...\Firefox\Extensions: [{6e7f6f9f-8ce6-4611-add2-05f0f7049ee6}] - C:\Program Files (x86)\Mozilla Firefox\extensions\{6e7f6f9f-8ce6-4611-add2-05f0f7049ee6} Chrome: ======= CHR Profile: C:\Users\john\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-23] CHR Extension: (No Name) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj [2012-06-11] CHR Extension: (No Name) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2012-06-11] CHR Extension: (Google Wallet) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-21] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-23] (SUPERAntiSpyware.com) S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [136360 2011-05-13] (Avira GmbH) S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [269480 2011-07-02] (Avira GmbH) R2 LMS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [262144 2009-09-30] (Intel Corporation) [File not signed] R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation) R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH) R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH) R2 UNS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2314240 2009-09-30] (Intel Corporation) [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2011-04-23] () R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [88288 2011-07-02] (Avira GmbH) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [123784 2011-07-02] (Avira GmbH) S3 cmnsusbser; C:\Windows\System32\DRIVERS\cmnsusbser.sys [117888 2011-06-11] (Mobile Connector) [File not signed] R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] () R3 FLxHCIh; C:\Windows\System32\DRIVERS\FLxHCIh.sys [81984 2010-10-28] (Fresco Logic) R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( ) R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2011-04-23] () R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-04] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation) R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com) S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.) S3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1806400 2009-06-05] () S4 sptd; C:\Windows\System32\Drivers\sptd.sys [513080 2011-04-23] (Duplex Secure Ltd.) S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed] S3 catchme; \??\C:\ComboFix\catchme.sys [X] S1 ttnfd; system32\drivers\ttnfd.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-03 01:05 - 2014-11-03 01:05 - 00000000 ____D () C:\Users\john\Desktop\Alte Firefox-Daten 2014-11-03 01:00 - 2014-11-03 01:00 - 00001163 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-11-03 01:00 - 2014-11-03 01:00 - 00001151 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-11-03 01:00 - 2014-11-03 01:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-11-03 01:00 - 2014-11-03 01:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-11-03 00:56 - 2014-11-04 16:46 - 00014747 _____ () C:\Users\john\Desktop\FRST.txt 2014-11-03 00:56 - 2014-11-03 00:56 - 00000000 ____D () C:\Users\john\Desktop\FRST-OlderVersion 2014-11-03 00:48 - 2014-11-03 00:48 - 00000000 ____D () C:\Users\john\AppData\Local\node-webkit 2014-11-02 11:09 - 2014-11-02 11:09 - 00001268 _____ () C:\Users\john\Desktop\Revo Uninstaller.lnk 2014-11-02 11:09 - 2014-11-02 11:09 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2014-11-02 11:07 - 2014-11-02 11:07 - 01125200 _____ () C:\Users\john\Downloads\Revo Uninstaller - CHIP-Installer.exe 2014-10-30 08:06 - 2014-11-04 16:46 - 00000000 ____D () C:\FRST 2014-10-30 08:04 - 2014-11-03 00:56 - 02114560 _____ (Farbar) C:\Users\john\Desktop\FRST64.exe 2014-10-30 01:43 - 2014-10-30 01:43 - 00560984 _____ () C:\Windows\Minidump\103014-28392-01.dmp 2014-10-30 01:17 - 2014-11-04 16:44 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware 2014-10-30 01:17 - 2014-11-04 16:32 - 00000508 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 53aae92c-16a9-4e88-b255-61639cc7764b.job 2014-10-30 01:17 - 2014-11-04 16:32 - 00000508 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 393ed3ec-65cd-4f04-af7c-9d0ff1463f3e.job 2014-10-30 01:17 - 2014-10-30 01:17 - 00003582 _____ () C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 393ed3ec-65cd-4f04-af7c-9d0ff1463f3e 2014-10-30 01:17 - 2014-10-30 01:17 - 00003508 _____ () C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 53aae92c-16a9-4e88-b255-61639cc7764b 2014-10-30 01:17 - 2014-10-30 01:17 - 00001812 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk 2014-10-30 01:17 - 2014-10-30 01:17 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com 2014-10-30 01:17 - 2014-10-30 01:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware 2014-10-30 01:15 - 2014-10-30 01:15 - 01125200 _____ () C:\Users\john\Downloads\SuperAntiSpyware - CHIP-Installer.exe 2014-10-30 00:55 - 2014-10-30 00:55 - 00002329 _____ () C:\Users\john\Desktop\malwarebytes Scan2.txt 2014-10-30 00:54 - 2014-10-30 00:54 - 00003528 _____ () C:\Users\john\Desktop\malwarebytes Scan.txt 2014-10-30 00:37 - 2014-10-30 00:37 - 00010484 _____ () C:\Users\john\Downloads\hijackthis.log 2014-10-30 00:36 - 2014-10-30 00:36 - 00388608 _____ (Trend Micro Inc.) C:\Users\john\Downloads\HijackThis.exe 2014-10-29 23:59 - 2014-10-30 00:01 - 00000000 ____D () C:\AdwCleaner 2014-10-29 23:59 - 2014-10-29 23:59 - 00003448 _____ () C:\Windows\System32\Tasks\WOT WWED1 2014-10-29 23:59 - 2014-10-29 23:59 - 00003448 _____ () C:\Windows\System32\Tasks\WOT WW2 2014-10-29 23:59 - 2014-10-29 23:59 - 00003448 _____ () C:\Windows\System32\Tasks\WOT WW1 2014-10-29 23:59 - 2014-10-29 23:59 - 00003448 _____ () C:\Windows\System32\Tasks\WOT WTUE1 2014-10-29 23:59 - 2014-10-29 23:59 - 00003448 _____ () C:\Windows\System32\Tasks\WOT WTHUR1 2014-10-29 23:59 - 2014-10-29 23:59 - 00003448 _____ () C:\Windows\System32\Tasks\WOT WMON1 2014-10-29 23:59 - 2014-10-29 23:59 - 00003448 _____ () C:\Windows\System32\Tasks\WOT WFRI1 2014-10-29 23:59 - 2014-10-29 23:59 - 00000000 ____D () C:\Users\john\AppData\Roaming\WorldofTanks 2014-10-29 23:59 - 2014-10-29 23:59 - 00000000 ____D () C:\Users\john\AppData\Local\WorldofTanks 2014-10-29 23:59 - 2014-10-29 23:58 - 01998336 _____ () C:\Users\john\Downloads\adwcleaner_4.002_CB-DL-Manager [1].exe 2014-10-29 23:57 - 2014-10-29 23:57 - 00847040 _____ ( ) C:\Users\john\Downloads\adwcleaner_4.002_CB-DL-Manager.exe 2014-10-29 23:22 - 2014-10-29 22:56 - 00024064 _____ () C:\Windows\zoek-delete.exe 2014-10-29 23:01 - 2014-10-29 23:23 - 00087985 _____ () C:\zoek-results.log 2014-10-29 22:56 - 2014-10-29 23:17 - 00000000 ____D () C:\zoek_backup 2014-10-29 22:54 - 2014-10-29 21:27 - 00883624 _____ (Oracle Corporation) C:\Windows\SysWOW64\npdeployJava1.dll 2014-10-29 22:54 - 2014-10-29 21:27 - 00806824 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll 2014-10-29 22:50 - 2014-10-29 22:50 - 01290752 _____ () C:\Users\john\Downloads\zoek.exe 2014-10-29 22:05 - 2014-10-29 22:05 - 00003124 _____ () C:\Windows\System32\Tasks\{70004B79-32FC-4327-B7C1-6C541EF975C0} 2014-10-29 21:27 - 2014-10-29 21:27 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-10-29 21:27 - 2014-10-29 21:27 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-10-29 00:04 - 2014-11-04 16:43 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-10-29 00:04 - 2014-10-29 00:04 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-10-29 00:04 - 2014-10-29 00:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-10-29 00:04 - 2014-10-29 00:04 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-10-29 00:04 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-10-29 00:04 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-10-29 00:04 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-10-29 00:03 - 2011-05-13 12:16 - 00493056 _____ ( datenhaus GmbH) C:\Windows\SysWOW64\dhRichClient3.dll 2014-10-29 00:03 - 2011-03-25 20:42 - 00338432 _____ () C:\Windows\SysWOW64\sqlite36_engine.dll 2014-10-28 23:59 - 2014-10-28 23:59 - 01125200 _____ () C:\Users\john\Downloads\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe 2014-10-25 14:35 - 2014-10-25 14:35 - 36248896 _____ () C:\Users\john\Downloads\Firefox_Setup_33.0.1 (1).exe 2014-10-23 21:49 - 2014-10-23 21:49 - 00021976 _____ () C:\Windows\system32\Drivers\SPPD.sys 2014-10-23 21:26 - 2014-10-23 21:26 - 00003142 _____ () C:\Windows\System32\Tasks\{70F21E93-92DB-4FEF-8E49-198A5D232B7A} 2014-10-21 21:08 - 2014-11-01 09:55 - 00000000 ___HD () C:\Users\Public\Temp 2014-10-14 22:46 - 2014-10-14 22:46 - 00058240 _____ (Word Proser) C:\Windows\system32\Drivers\wpnfd_1_10_0_1.sys 2014-10-13 07:35 - 2014-10-21 21:06 - 00000000 ____D () C:\Users\john\Desktop\Katja ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-04 16:46 - 2011-04-23 18:17 - 02070047 _____ () C:\Windows\WindowsUpdate.log 2014-11-04 16:44 - 2013-02-26 21:05 - 00000000 ___RD () C:\Users\john\Dropbox 2014-11-04 16:44 - 2013-02-26 21:00 - 00000000 ____D () C:\Users\john\AppData\Roaming\Dropbox 2014-11-04 16:43 - 2014-05-18 18:29 - 00002586 _____ () C:\Windows\setupact.log 2014-11-04 16:43 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-11-04 16:39 - 2014-06-27 01:23 - 00000000 ____D () C:\Users\john\AppData\Local\CrashDumps 2014-11-04 16:33 - 2013-02-09 10:30 - 00000000 ____D () C:\Users\john\Documents\Outlook-Dateien 2014-11-04 16:32 - 2012-06-08 12:38 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-11-03 01:04 - 2009-07-14 05:45 - 00019104 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-11-03 01:04 - 2009-07-14 05:45 - 00019104 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-11-03 00:55 - 2011-04-23 19:14 - 00652006 _____ () C:\Windows\system32\perfh007.dat 2014-11-03 00:55 - 2011-04-23 19:14 - 00129674 _____ () C:\Windows\system32\perfc007.dat 2014-11-03 00:55 - 2009-07-14 06:13 - 01498506 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-11-03 00:51 - 2014-08-13 23:02 - 00981266 _____ () C:\Windows\PFRO.log 2014-11-01 10:05 - 2011-04-23 18:17 - 00001443 _____ () C:\Users\john\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-11-01 10:05 - 2011-04-23 18:17 - 00001409 _____ () C:\Users\john\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk 2014-10-30 01:43 - 2011-06-11 17:48 - 00000000 ____D () C:\Windows\Minidump 2014-10-30 00:37 - 2011-04-23 18:17 - 00000000 ____D () C:\Users\john\AppData\Local\VirtualStore 2014-10-29 22:55 - 2011-04-23 20:15 - 00000000 ____D () C:\Program Files (x86)\Java 2014-10-29 22:52 - 2012-12-16 10:40 - 00000000 ____D () C:\Program Files (x86)\CEWE COLOR 2014-10-29 22:10 - 2014-01-02 12:50 - 00000000 ____D () C:\Users\john\AppData\Roaming\DVDVideoSoft 2014-10-29 22:08 - 2011-04-26 18:47 - 00000000 ____D () C:\Users\john\Documents\Anno 1404 2014-10-29 22:08 - 2011-04-23 19:42 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-10-29 22:08 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2014-10-29 21:28 - 2014-04-30 21:01 - 00000000 ____D () C:\ProgramData\Oracle 2014-10-29 21:27 - 2014-08-08 07:20 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-10-29 21:27 - 2014-08-08 07:20 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-10-29 02:42 - 2013-01-10 22:57 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2014-10-29 00:39 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system 2014-10-29 00:04 - 2012-06-10 17:19 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-10-28 23:13 - 2011-06-13 13:44 - 00000000 ____D () C:\Program Files (x86)\Google 2014-10-25 14:37 - 2011-06-13 13:44 - 00000000 ____D () C:\Users\john\AppData\Local\Google 2014-10-25 14:27 - 2012-12-22 23:17 - 00000000 ____D () C:\ProgramData\Norton 2014-10-23 21:33 - 2014-04-30 20:05 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-10-23 21:33 - 2014-04-30 20:05 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight 2014-10-14 23:36 - 2012-12-26 14:10 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Identity Safe 2014-10-10 22:38 - 2014-04-30 20:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2014-10-07 10:01 - 2013-02-26 21:05 - 00001017 _____ () C:\Users\john\Desktop\Dropbox.lnk 2014-10-07 10:01 - 2013-02-26 21:01 - 00000000 ____D () C:\Users\john\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox Some content of TEMP: ==================== C:\Users\john\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpv0wvhq.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-10-30 15:55 ==================== End Of Log ============================ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-11-2014
Ran by john at 2014-11-04 16:47:36
Running from C:\Users\john\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: AntiVir Desktop (Disabled - Up to date) {090F9C29-64CE-6C6F-379C-5901B49A85B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AntiVir Desktop (Disabled - Up to date) {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
ACD/Labs Software in C:\ACDFREE12\ (HKLM-x32\...\ACDLabs in C__ACDFREE12_) (Version: v12.00, FREE - ACD/Labs)
Adobe Digital Editions 2.0 (HKLM-x32\...\Adobe Digital Editions 2.0) (Version: 2.0.1 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader (HKLM-x32\...\InstallShield_{878CADF7-5BD6-4A29-A6F4-AC51C0CE8068}) (Version: 1.8.17.26026 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.8.17.26026 - Alcor Micro Corp.) Hidden
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0005 - ASUS)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Cisco Systems VPN Client 5.0.07.0290 (HKLM\...\{467D5E81-8349-4892-9E81-C3674ED8E451}) (Version: 5.0.7 - Cisco Systems, Inc.)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.40.2.0131 - DT Soft Ltd)
Dropbox (HKCU\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)
Fresco Logic USB3.0 Host Controller (HKLM\...\{EA2EFBF6-7CFD-47A0-BECE-AFCB98428CFE}) (Version: 3.0.108.16 - Fresco Logic Inc.)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
iTunes (HKLM\...\{A535111D-95C8-487F-869E-CE4C239972D2}) (Version: 11.1.1.11 - Apple Inc.)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Juniper Networks Network Connect 7.1.0 (HKLM-x32\...\Juniper Network Connect 7.1.0) (Version: 7.1.0.19243 - Juniper Networks)
Juniper Networks, Inc. Setup Client (HKCU\...\Juniper_Setup_Client) (Version: 7.1.4.13103 - Juniper Networks, Inc.)
Juniper Networks, Inc. Setup Client Activex Control (HKLM-x32\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks, Inc.)
Malwarebytes Anti-Malware Version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 33.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 33.0.1 (x86 de)) (Version: 33.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.0.1 - Mozilla)
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5964 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation)
OpenOffice.org 3.3 (HKLM-x32\...\{4286716B-1287-48E7-9078-3DC8248DBA96}) (Version: 3.3.9567 - OpenOffice.org)
PDF Architect (HKLM-x32\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.2 - pdfforge)
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.21.531.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6225 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.9.12585 - Skype Technologies S.A.)
Skype™ 6.6 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.6.106 - Skype Technologies S.A.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1158 - SUPERAntiSpyware.com)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.1.8.0 - Synaptics Incorporated)
USB 2.0 VGA UVC WebCam (HKLM\...\USB 2.0 VGA UVC WebCam) (Version: - )
VLC media player 1.1.9 (HKLM-x32\...\VLC media player) (Version: 1.1.9 - VideoLAN)
WIDCOMM Bluetooth Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.5.600 - Broadcom Corporation)
Winamp (HKLM-x32\...\Winamp) (Version: 5.61 - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Driver Package - Broadcom (BTHUSB) Bluetooth (02/25/2010 6.2.0.9419) (HKLM\...\85CE3A3657FAE5FD305B143E90E6FC89BA53001C) (Version: 02/25/2010 6.2.0.9419 - Broadcom)
Windows Driver Package - Broadcom Bluetooth (01/19/2010 6.2.0.1417) (HKLM\...\7341A1B43E7FE58942EB1E820A17C18305DFBCE6) (Version: 01/19/2010 6.2.0.1417 - Broadcom)
Windows Driver Package - Broadcom Bluetooth (07/29/2009 6.1.7100.0) (HKLM\...\2AA10AB519DC7432D599A0E860206A7DDCC27764) (Version: 07/29/2009 6.1.7100.0 - Broadcom)
Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405) (HKLM\...\6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1) (Version: 07/30/2009 6.2.0.9405 - Broadcom)
Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
WinRAR 4.00 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-763759145-3361092453-3005493021-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\john\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-763759145-3361092453-3005493021-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\john\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-763759145-3361092453-3005493021-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\john\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-763759145-3361092453-3005493021-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\john\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-763759145-3361092453-3005493021-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\john\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-763759145-3361092453-3005493021-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\john\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-763759145-3361092453-3005493021-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\john\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-763759145-3361092453-3005493021-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\john\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-763759145-3361092453-3005493021-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\john\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-763759145-3361092453-3005493021-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\john\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-763759145-3361092453-3005493021-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\john\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
==================== Restore Points =========================
23-10-2014 20:27:19 Removed Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
29-10-2014 20:26:42 Installed Java 7 Update 71
29-10-2014 21:07:16 Removed Ubisoft Game Launcher
29-10-2014 21:12:19 Removed Apple Application Support
29-10-2014 21:13:52 Removed Apple Mobile Device Support
29-10-2014 21:54:24 Removed Java(TM) 6 Update 37
29-10-2014 22:01:03 zoek.exe restore point
02-11-2014 10:11:31 Revo Uninstaller's restore point - File Opener Packages
02-11-2014 23:36:35 Revo Uninstaller's restore point - Gameo
02-11-2014 23:39:55 Revo Uninstaller's restore point - WSE_Astromenda
02-11-2014 23:42:43 Revo Uninstaller's restore point - Term Tutor
02-11-2014 23:45:05 Revo Uninstaller's restore point - Mozilla Firefox 33.0.2 (x86 de)
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2012-06-10 17:12 - 00000027 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {2820FA97-6D5F-4136-804E-5DBDD658DB8E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-27] (Adobe Systems Incorporated)
Task: {2A5ADDB4-BB87-43B4-9584-A26C6D1E27A5} - System32\Tasks\WOT WTUE1 => Firefox.exe hxxp://mmotraffic.com/catalog/goplay/1327/MTE3NjYvLy8xMzI3/
Task: {63012B9F-D546-4DA2-8B53-4A3B1893EC90} - \Super Optimizer Schedule No Task File <==== ATTENTION
Task: {7233C411-B21A-4C7A-A5F3-F2B0A74255C6} - System32\Tasks\WOT WWED1 => Firefox.exe hxxp://mmotraffic.com/catalog/goplay/1327/MTE3NjYvLy8xMzI3/
Task: {7B08A821-236A-4BCC-A5B1-2B0FDDA210D9} - System32\Tasks\WOT WW1 => Firefox.exe hxxp://mmotraffic.com/catalog/goplay/1327/MTE3NjYvLy8xMzI3/
Task: {81EC4BE1-6B06-4A00-9424-8833739267D2} - System32\Tasks\WOT WMON1 => Firefox.exe hxxp://mmotraffic.com/catalog/goplay/1327/MTE3NjYvLy8xMzI3/
Task: {8930C265-2D84-4887-A602-33DB252A7BA5} - System32\Tasks\WOT WFRI1 => Firefox.exe hxxp://mmotraffic.com/catalog/goplay/1327/MTE3NjYvLy8xMzI3/
Task: {8B3C0CE2-9811-437F-8582-937C86BF24FA} - System32\Tasks\SUPERAntiSpyware Scheduled Task 53aae92c-16a9-4e88-b255-61639cc7764b => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {8EB104E8-8EC4-45B5-9F89-2FEDD6B43190} - System32\Tasks\WOT WW2 => Firefox.exe hxxp://mmotraffic.com/catalog/goplay/1327/MTE3NjYvLy8xMzI3/
Task: {99E16E98-06E7-4CDE-8096-C5054A9426B4} - System32\Tasks\ASUS Patch 10430001 => C:\Windows\AsPatch10430001.exe
Task: {9BE8FCC5-A8D8-4ACC-B630-DDB30C36D083} - System32\Tasks\{CAF2DEE2-0D38-4BCB-A058-1EE03E98ECEE} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2013-06-21] (Skype Technologies S.A.)
Task: {E077EDD8-B0D6-4663-9B3B-DE4138EB6753} - System32\Tasks\SUPERAntiSpyware Scheduled Task 393ed3ec-65cd-4f04-af7c-9d0ff1463f3e => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {E43D64A0-B1F3-497F-BF9D-742DEE305B9F} - System32\Tasks\WOT WTHUR1 => Firefox.exe hxxp://mmotraffic.com/catalog/goplay/1327/MTE3NjYvLy8xMzI3/
Task: {EF88BF68-D9C0-42F2-8A77-C52B60578D5E} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\SymErr.exe
Task: {FA1245EF-7B8F-40B3-83B1-5F12A1316D91} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\SymErr.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 393ed3ec-65cd-4f04-af7c-9d0ff1463f3e.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 53aae92c-16a9-4e88-b255-61639cc7764b.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
==================== Loaded Modules (whitelisted) =============
2010-01-30 01:40 - 2010-01-30 01:40 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-03-11 19:14 - 2010-03-11 19:14 - 00173344 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
2010-03-23 12:26 - 2010-03-23 12:26 - 00201512 _____ () C:\Program Files (x86)\Cisco Systems\VPN Client\vpnapi.dll
2010-01-30 01:41 - 2010-01-30 01:41 - 04254560 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2014-11-04 16:44 - 2014-11-04 16:44 - 00043008 _____ () c:\users\john\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpv0wvhq.dll
2013-08-23 20:01 - 2013-08-23 20:01 - 25100288 _____ () C:\Users\john\AppData\Roaming\Dropbox\bin\libcef.dll
2011-01-17 15:19 - 2011-04-23 20:16 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
2014-11-03 01:00 - 2014-10-24 08:00 - 03649648 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^Users^john^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk => C:\Windows\pss\OpenOffice.org 3.3.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SynAsusAcpi => %ProgramFiles%\Synaptics\SynTP\SynAsusAcpi.exe
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
========================= Accounts: ==========================
Administrator (S-1-5-21-763759145-3361092453-3005493021-500 - Administrator - Disabled)
Guest (S-1-5-21-763759145-3361092453-3005493021-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-763759145-3361092453-3005493021-1003 - Limited - Enabled)
john (S-1-5-21-763759145-3361092453-3005493021-1000 - Administrator - Enabled) => C:\Users\john
UpdatusUser (S-1-5-21-763759145-3361092453-3005493021-1001 - Limited - Enabled) => C:\Users\UpdatusUser
==================== Faulty Device Manager Devices =============
Name: BT-270
Description: BT-270
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Broadcom
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Cisco Systems VPN Adapter for 64-bit Windows
Description: Cisco Systems VPN Adapter for 64-bit Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (11/04/2014 04:43:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/04/2014 04:43:16 PM) (Source: Avira AntiVir) (EventID: 4122) (User: NT AUTHORITY)
Description: Die Datei AVPREF.DLL konnte nicht geladen werden.
Fehlercode: 0x45a
Error: (11/04/2014 04:40:21 PM) (Source: rcores) (EventID: 0) (User: )
Description: Service failed on stop: 301: Interrupted.
Error: (11/04/2014 04:39:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 33.0.1.5409, Zeitstempel: 0x5449f51c
Name des fehlerhaften Moduls: mozalloc.dll, Version: 33.0.1.5409, Zeitstempel: 0x5449d001
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001425
ID des fehlerhaften Prozesses: 0xe54
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Error: (11/03/2014 07:27:17 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 19656
Error: (11/03/2014 07:27:17 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 19656
Error: (11/03/2014 07:27:17 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (11/03/2014 07:27:07 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8814
Error: (11/03/2014 07:27:07 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8814
Error: (11/03/2014 07:27:07 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
System errors:
=============
Error: (11/04/2014 04:43:19 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
ttnfd
Error: (11/03/2014 00:51:33 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
ttnfd
Error: (11/02/2014 11:00:58 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "ttnfd" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275
Error: (11/02/2014 11:00:58 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\system32\drivers\ttnfd.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
Error: (11/02/2014 02:29:22 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
ttnfd
Error: (11/02/2014 02:29:22 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "ttnfd" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (11/02/2014 02:29:20 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Optimizer Pro Crash Monitor erreicht.
Error: (11/02/2014 01:55:39 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
ttnfd
Error: (11/02/2014 01:55:39 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "ttnfd" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (11/02/2014 01:55:32 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Optimizer Pro Crash Monitor erreicht.
Microsoft Office Sessions:
=========================
Error: (11/04/2014 04:43:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/04/2014 04:43:16 PM) (Source: Avira AntiVir) (EventID: 4122) (User: NT AUTHORITY)
Description: AVPREF.DLL0x45a
Error: (11/04/2014 04:40:21 PM) (Source: rcores) (EventID: 0) (User: )
Description: Service failed on stop: 301: Interrupted.
Error: (11/04/2014 04:39:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe33.0.1.54095449f51cmozalloc.dll33.0.1.54095449d0018000000300001425e5401cff6fbeb8e386bC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dllb2ce14c1-6438-11e4-b441-14dae90d7044
Error: (11/03/2014 07:27:17 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 19656
Error: (11/03/2014 07:27:17 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 19656
Error: (11/03/2014 07:27:17 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (11/03/2014 07:27:07 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8814
Error: (11/03/2014 07:27:07 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8814
Error: (11/03/2014 07:27:07 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
CodeIntegrity Errors:
===================================
Date: 2014-11-02 11:00:58.570
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\ Malwarebytes Anti-Malware \mbampt.exe" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-11-02 11:00:58.508
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\ Malwarebytes Anti-Malware \mbampt.exe" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-11-02 01:41:42.263
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\ Malwarebytes Anti-Malware \mbampt.exe" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-11-02 01:41:41.997
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\ Malwarebytes Anti-Malware \mbampt.exe" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2012-06-10 18:11:33.838
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2012-06-10 18:11:33.822
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2012-06-07 20:27:13.721
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2012-06-07 20:27:13.721
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5 CPU M 480 @ 2.67GHz
Percentage of memory in use: 44%
Total physical RAM: 3884.29 MB
Available physical RAM: 2151.9 MB
Total Pagefile: 7766.77 MB
Available Pagefile: 5957.11 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: (win7) (Fixed) (Total:74.52 GB) (Free:18.13 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (data) (Fixed) (Total:202.08 GB) (Free:155.75 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: E0C5913D)
Partition 1: (Not Active) - (Size=21.5 GB) - (Type=1C)
Partition 2: (Active) - (Size=74.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=202.1 GB) - (Type=OF Extended)
==================== End Of Log ============================
|
|
04.11.2014, 21:22
| #10 |
| /// the machine /// TB-Ausbilder | Browser-Virus lässt sich nicht entfernen Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter Task: {63012B9F-D546-4DA2-8B53-4A3B1893EC90} - \Super Optimizer Schedule No Task File <==== ATTENTION
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
05.11.2014, 23:59
| #11 |
| | Browser-Virus lässt sich nicht entfernenCode:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-11-2014
Ran by john at 2014-11-05 23:55:36 Run:2
Running from C:\Users\john\Desktop
Loaded Profiles: john & UpdatusUser (Available profiles: john & UpdatusUser)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
Task: {63012B9F-D546-4DA2-8B53-4A3B1893EC90} - \Super Optimizer Schedule No Task File <==== ATTENTION
*****************
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{63012B9F-D546-4DA2-8B53-4A3B1893EC90}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{63012B9F-D546-4DA2-8B53-4A3B1893EC90}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Super Optimizer Schedule" => Key deleted successfully.
==== End of Fixlog ====
|
|
06.11.2014, 14:50
| #12 |
| /// the machine /// TB-Ausbilder | Browser-Virus lässt sich nicht entfernen Fertig  Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
Linear-Darstellung
