|
Log-Analyse und Auswertung: Jeder Klick zwei neue Werbefenster, Adware ohne Ende, Download- und Update AufforderungenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
03.11.2014, 12:11 | #1 |
| Jeder Klick zwei neue Werbefenster, Adware ohne Ende, Download- und Update Aufforderungen Liebes Trojaner-Board-Team, mein Browser-Bildschirm (Firefox) quillt über vor Werbung und sonstigen Spam-Nachrichten. Mit jedem Klick öffnen sich gleich mehrere weitere Fenster, die mich bitten, meine Software zu aktualisieren, meinen PC zu retten oder sonstiges zu downloaden. Häufig werde ich auch auf irgendwelche fremde Seiten umgeleitet. Die eigentliche Funktion des "Klickens" funktioniert meistens erst nach zwei- bis dreimaligem Betätigen. Die meiste Zeit bin ich mit "Wegklicken" oder "zurück" beschäftigt. Dazu kommt, dass sich eine Flut von Adware auf meinem Bildschirm ausbreitet und mein Arbeitsfeld minimieren. Neuerdings „blättert“ sich diese Werbung wie eine Katalogseite über den ganzen Bildschirm ein. Bisher habe ich den Virenscanner bemüht, der aber nichts gefunden hat, und den AdwCleaner laufen lassen, ebenfalls ohne Erfolg. Im Gegenteil, nach solchen Aktionen habe ich das Gefühl, dass die Werbung sich noch verstärkt hat. Vor einiger Zeit habe ich - völlig durch aufflackernde Werbung entnervt - einer Werbeseite nachgegeben und bei ihr das Reparaturprogramm „Reimage-Repair“ gekauft. Leider auch dies ohne Erfolg. Die Bilder ploppen nach wie vor. Was Computer betrifft bin ich nur normaler, dusseliger „Anwender“ und wenig bewandert in EDV-Dingen. Freunde haben mir empfohlen, den Laptop neu zu formatieren. Jetzt bin ich auf Eure Seite gestoßen und erhoffe mir Hilfe. Vielleicht ist ja noch was zu retten. Ganz lieben Dank schon mal! Ich füge hier die Logfile an und hoffe, dass alles klappt und richtig ist. Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1) Log created at 10:16 on 03/11/2014 (Peet Löseke) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-11-2014 Ran by Peet Löseke (administrator) on PATTY on 03-11-2014 10:19:34 Running from C:\Users\Peet Löseke\Desktop Loaded Profile: Peet Löseke (Available profiles: Peet Löseke & Mary Löseke) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Lenovo.) C:\Windows\System32\ibmpmsvc.exe (AMD) C:\Windows\System32\atiesrxx.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (UPEK Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe (ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe (Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe (Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe (Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe (AMD) C:\Windows\System32\atieclxx.exe (Microsoft Corporation) C:\Windows\System32\alg.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\mkrmsg.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe () C:\Program Files\CONEXANT\ForteConfig\fmapp.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe (Lenovo Group Limited) C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe (Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe (Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe (Sony) C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe (Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe (Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe () C:\Windows\Samsung\PanelMgr\SSMMgr.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe () C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe () C:\Windows\Samsung\PanelMgr\caller64.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\Bluetooth Headset Helper.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Lenovo) C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Lenovo Group Limited) C:\Program Files (x86)\Lenovo\System Update\SUService.exe (Microsoft Corporation) C:\Windows\splwow64.exe (Symantec Corporation) C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_189.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_189.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2789160 2011-05-19] (Synaptics Incorporated) HKLM\...\Run: [IntelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-07-27] (Intel(R) Corporation) HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [310912 2011-04-26] (Conexant Systems, Inc.) HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] () HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [40808 2011-05-31] (Lenovo Group Limited) HKLM\...\Run: [ALCKRESI.EXE] => C:\Program Files\Lenovo\AutoLock\ALCKRESI.EXE [281960 2011-05-25] (Lenovo Group Limited) HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation) HKLM-x32\...\Run: [RotateImage] => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-05-11] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [Lenovo Registration] => C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe [4351712 2011-07-13] (Lenovo, Inc.) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.) HKLM-x32\...\Run: [Samsung PanelMgr] => C:\Windows\Samsung\PanelMgr\SSMMgr.exe [614400 2009-09-11] () HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152544 2012-12-12] (Apple Inc.) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703736 2014-10-07] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [165168 2014-09-23] (Avira Operations GmbH & Co. KG) HKLM\...\RunOnce: [NCInstallQueue] => rundll32 netman.dll,ProcessQueue Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (UPEK Inc.) HKU\S-1-5-21-2137695456-992688877-1232989452-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.) HKU\S-1-5-21-2137695456-992688877-1232989452-1000\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2676584 2011-09-09] (Hewlett-Packard Co.) HKU\S-1-5-21-2137695456-992688877-1232989452-1000\...\Run: [Sony PC Companion] => C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [468192 2014-09-01] (Sony) HKU\S-1-5-21-2137695456-992688877-1232989452-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-03-07] (Google Inc.) HKU\S-1-5-21-2137695456-992688877-1232989452-1000\...\Run: [Infigo] => C:\Program Files (x86)\Infigo\Infigo.exe onrun HKU\S-1-5-21-2137695456-992688877-1232989452-1000\...\Policies\system: [LogonHoursAction] 2 HKU\S-1-5-21-2137695456-992688877-1232989452-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 HKU\S-1-5-21-2137695456-992688877-1232989452-1000\...\MountPoints2: {4642f4a7-89f6-11e3-babf-60d819b03293} - E:\Startme.exe HKU\S-1-5-21-2137695456-992688877-1232989452-1000\...\MountPoints2: {9928c6c6-6834-11e1-9aa6-806e6f6e6963} - Q:\LenovoQDrive.exe Lsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File GroupPolicy: Group Policy on Chrome detected <======= ATTENTION GroupPolicyUsers\S-1-5-21-2137695456-992688877-1232989452-1001\User: Group Policy restriction detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad URLSearchHook: HKLM-x32 - (No Name) - {78e516ef-11de-47a1-8364-a99b917ec5ee} - No File SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP_deDE484 SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP_deDE484 BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll (Symantec Corporation) BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.) BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\coIEPlg.dll (Symantec Corporation) BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\IPS\IPSBHO.DLL (Symantec Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: No Name -> {78e516ef-11de-47a1-8364-a99b917ec5ee} -> No File BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll (Symantec Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\coIEPlg.dll (Symantec Corporation) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF ProfilePath: C:\Users\Peet Löseke\AppData\Roaming\Mozilla\Firefox\Profiles\9f73itof.default FF Homepage: hxxp://www.google.de/ FF NetworkProxy: "no_proxies_on", "*.local" FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_189.dll () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Users\Peet Löseke\AppData\Roaming\Mozilla\Firefox\Profiles\9f73itof.default\searchplugins\avira-safesearch.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Avira Browser Safety - C:\Users\Peet Löseke\AppData\Roaming\Mozilla\Firefox\Profiles\9f73itof.default\Extensions\abs@avira.com [2014-10-01] FF Extension: Plus-HD-5.0c - C:\Users\Peet Löseke\AppData\Roaming\Mozilla\Firefox\Profiles\9f73itof.default\Extensions\JLPQ94732309@TRY102138975.com [2014-09-20] FF Extension: Search App by Ask - C:\Users\Peet Löseke\AppData\Roaming\Mozilla\Firefox\Profiles\9f73itof.default\Extensions\toolbar_ORJ-SPE@apn.ask.com.xpi [2014-09-10] FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-09-25] FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn [2012-05-17] FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn [2014-11-03] FF HKLM-x32\...\Firefox\Extensions: [VIP@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client FF Extension: Symantec VIP Access Add-On - C:\Program Files (x86)\Symantec\VIP Access Client [2012-03-07] FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04] Chrome: ======= CHR Profile: C:\Users\Peet Löseke\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\Peet Löseke\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-31] CHR Extension: (Google Drive) - C:\Users\Peet Löseke\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-31] CHR Extension: (YouTube) - C:\Users\Peet Löseke\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-31] CHR Extension: (Google-Suche) - C:\Users\Peet Löseke\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-31] CHR Extension: (Google Wallet) - C:\Users\Peet Löseke\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-12] CHR Extension: (Google Mail) - C:\Users\Peet Löseke\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-31] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-10-07] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-10-07] (Avira Operations GmbH & Co. KG) R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [994552 2014-10-07] (Avira Operations GmbH & Co. KG) R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [160560 2014-09-23] (Avira Operations GmbH & Co. KG) R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation) R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo Group Limited) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-07-27] () R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe [138760 2011-08-10] (Symantec Corporation) R2 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [28672 2011-07-25] (Lenovo Group Limited) [File not signed] R2 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [61440 2008-01-10] (Ulead Systems, Inc.) [File not signed] R2 VIPAppService; C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [82544 2011-07-12] (Symantec Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-07] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-07] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG) R3 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120531.001\BHDrvx64.sys [1160824 2012-05-07] (Symantec Corporation) R3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1301000.01C\ccSetx64.sys [167048 2011-08-08] (Symantec Corporation) R3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-06-01] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-06-01] (Symantec Corporation) R3 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120613.007\IDSvia64.sys [488568 2012-05-18] (Symantec Corporation) S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120615.022\ENG64.SYS [120440 2012-06-16] (Symantec Corporation) S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120615.022\EX64.SYS [2068600 2012-06-16] (Symantec Corporation) S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.) R2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13840 2009-03-13] (UPEK Inc.) S3 SRTSP; C:\Windows\system32\drivers\NISx64\1301000.01C\SRTSP64.SYS [729720 2011-08-02] (Symantec Corporation) R3 SRTSPX; C:\Windows\system32\drivers\NISx64\1301000.01C\SRTSPX64.SYS [37496 2011-08-02] (Symantec Corporation) R3 SymDS; C:\Windows\system32\drivers\NISx64\1301000.01C\SYMDS64.SYS [451192 2011-07-25] (Symantec Corporation) R3 SymEFA; C:\Windows\system32\drivers\NISx64\1301000.01C\SYMEFA64.SYS [1084536 2011-07-28] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2012-03-07] (Symantec Corporation) R3 SymIRON; C:\Windows\system32\drivers\NISx64\1301000.01C\Ironx64.SYS [189560 2011-07-25] (Symantec Corporation) R3 SymNetS; C:\Windows\system32\drivers\NISx64\1301000.01C\SYMNETS.SYS [401016 2011-07-25] (Symantec Corporation) S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-03 10:19 - 2014-11-03 10:20 - 00027798 _____ () C:\Users\Peet Löseke\Desktop\FRST.txt 2014-11-03 10:19 - 2014-11-03 10:19 - 02114560 _____ (Farbar) C:\Users\Peet Löseke\Desktop\FRST64.exe 2014-11-03 10:19 - 2014-11-03 10:19 - 00000000 ____D () C:\FRST 2014-11-03 10:14 - 2014-11-03 10:16 - 00000486 _____ () C:\Users\Peet Löseke\Desktop\defogger_disable.log 2014-11-03 10:14 - 2014-11-03 10:14 - 00050477 _____ () C:\Users\Peet Löseke\Desktop\Defogger.exe 2014-11-03 10:14 - 2014-11-03 10:14 - 00000000 _____ () C:\Users\Peet Löseke\defogger_reenable 2014-11-02 15:47 - 2014-11-02 15:47 - 00001170 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-11-02 15:47 - 2014-11-02 15:47 - 00001158 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-11-02 15:47 - 2014-11-02 15:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-11-02 15:46 - 2014-11-02 15:47 - 36250792 _____ () C:\Users\Peet Löseke\Downloads\firefox_setup_33.0.2.exe 2014-10-24 06:58 - 2014-10-24 06:58 - 01962496 _____ () C:\Users\Peet Löseke\Desktop\adwcleaner_4.001.exe 2014-10-21 08:15 - 2014-10-21 08:16 - 00000000 ____D () C:\Users\Peet Löseke\Desktop\Videoaufnahmen 2014-10-15 06:38 - 2014-10-15 06:38 - 00002465 _____ () C:\Users\Peet Löseke\Desktop\AdwCleaner[S1].txt 2014-10-14 12:10 - 2014-10-14 12:10 - 00001148 _____ () C:\Users\Public\Desktop\Avira.lnk 2014-10-12 07:52 - 2014-10-12 07:52 - 00087729 _____ () C:\Users\Peet Löseke\Desktop\AdwCleaner[S0].txt 2014-10-12 07:43 - 2010-08-30 07:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll 2014-10-12 07:42 - 2014-10-24 07:01 - 00000000 ____D () C:\AdwCleaner 2014-10-12 07:34 - 2014-10-12 07:35 - 00000199 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc 2014-10-05 07:54 - 2014-10-05 07:54 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_netaapl64_01009.Wdf ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-03 10:14 - 2012-05-17 08:36 - 00000000 ____D () C:\Users\Peet Löseke 2014-11-03 10:11 - 2012-06-12 19:15 - 00000000 ____D () C:\Users\Peet Löseke\Documents\Outlook-Dateien 2014-11-03 10:10 - 2012-03-07 10:44 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-11-03 10:01 - 2012-11-18 19:46 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-11-03 08:46 - 2009-07-14 05:45 - 00024400 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-11-03 08:46 - 2009-07-14 05:45 - 00024400 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-11-03 08:44 - 2012-03-07 18:53 - 00658420 _____ () C:\Windows\system32\perfh007.dat 2014-11-03 08:44 - 2012-03-07 18:53 - 00130924 _____ () C:\Windows\system32\perfc007.dat 2014-11-03 08:44 - 2009-07-14 06:13 - 01677840 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-11-03 08:42 - 2012-03-07 10:12 - 01347321 _____ () C:\Windows\WindowsUpdate.log 2014-11-03 08:39 - 2014-01-15 10:46 - 00001342 _____ () C:\Windows\Tasks\Plus-HD-5.0-updater.job 2014-11-03 08:39 - 2014-01-15 10:46 - 00001144 _____ () C:\Windows\Tasks\Plus-HD-5.0-enabler.job 2014-11-03 08:39 - 2014-01-15 10:45 - 00002118 _____ () C:\Windows\Tasks\Plus-HD-5.0-firefoxinstaller.job 2014-11-03 08:39 - 2014-01-15 10:45 - 00001986 _____ () C:\Windows\Tasks\Plus-HD-5.0-chromeinstaller.job 2014-11-03 08:39 - 2014-01-15 10:45 - 00001244 _____ () C:\Windows\Tasks\Plus-HD-5.0-codedownloader.job 2014-11-03 08:39 - 2012-03-07 10:44 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-11-03 08:38 - 2012-06-22 11:57 - 00000432 _____ () C:\Windows\system32\Drivers\etc\hosts.ics 2014-11-03 08:38 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-11-03 08:38 - 2009-07-14 05:51 - 00171069 _____ () C:\Windows\setupact.log 2014-11-03 00:06 - 2012-06-23 16:29 - 00000000 ____D () C:\Users\Peet Löseke\AppData\Roaming\Skype 2014-11-02 23:18 - 2009-07-14 06:32 - 00000000 ____D () C:\Windows\system32\FxsTmp 2014-11-02 17:58 - 2012-07-01 21:14 - 00000000 ____D () C:\Windows\Minidump 2014-11-02 17:58 - 2012-07-01 21:13 - 684500406 _____ () C:\Windows\MEMORY.DMP 2014-11-02 15:49 - 2010-11-21 04:47 - 00645422 _____ () C:\Windows\PFRO.log 2014-11-02 15:47 - 2014-09-25 07:23 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-11-02 07:14 - 2013-02-26 18:47 - 00000000 ____D () C:\Users\Peet Löseke\Documents\Marius 2014-10-25 21:07 - 2013-02-28 11:58 - 00000000 ____D () C:\Users\Peet Löseke\Documents\Ausgaben 2014-10-22 17:05 - 2012-03-07 10:44 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-10-22 17:05 - 2012-03-07 10:44 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-10-21 06:53 - 2009-07-14 06:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-10-19 12:40 - 2012-05-17 17:57 - 00000000 ____D () C:\Users\Mary Löseke 2014-10-19 10:15 - 2012-09-27 20:56 - 00000000 ____D () C:\Users\Peet Löseke\Documents\BBS 3 Unterricht 2014-10-16 06:22 - 2014-06-12 08:32 - 00000000 ____D () C:\Users\Peet Löseke\AppData\Local\Adobe 2014-10-16 06:07 - 2012-11-18 19:46 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-10-16 06:07 - 2012-11-18 19:46 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-10-16 06:07 - 2012-11-18 19:46 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-10-15 20:26 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF 2014-10-14 15:24 - 2014-09-19 15:53 - 00000000 ____D () C:\Users\Peet Löseke\AppData\Roaming\.minecraft 2014-10-14 15:06 - 2012-09-27 20:54 - 00000000 ____D () C:\Users\Peet Löseke\Documents\Briefe 2014-10-14 12:10 - 2014-05-06 12:42 - 00000000 ____D () C:\ProgramData\Package Cache 2014-10-14 12:10 - 2013-03-02 09:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2014-10-14 12:10 - 2013-03-02 09:26 - 00000000 ____D () C:\Program Files (x86)\Avira 2014-10-10 15:05 - 2012-03-07 10:10 - 00279082 _____ () C:\Windows\DPINST.LOG 2014-10-10 15:02 - 2014-09-09 17:33 - 00002037 _____ () C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk 2014-10-10 15:02 - 2014-01-30 22:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony 2014-10-10 15:01 - 2012-03-07 10:12 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-10-09 20:49 - 2014-04-23 16:54 - 00000582 _____ () C:\Windows\system32\ScanResults.xml 2014-10-07 12:23 - 2013-05-07 12:32 - 00043064 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys 2014-10-07 12:23 - 2013-03-27 13:26 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2014-10-07 12:23 - 2013-03-27 13:26 - 00119272 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2014-10-05 19:18 - 2014-04-30 10:43 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk Files to move or delete: ==================== C:\Users\Peet Löseke\avira_de_av___ws.exe C:\Users\Peet Löseke\avira_speedup.exe C:\Users\Peet Löseke\install_flashplayer14x32au_ltr5x64d_awc_aih.exe C:\Users\Peet Löseke\New_player.exe C:\Users\Peet Löseke\regclean_my582531.exe C:\Users\Peet Löseke\setup.exe Some content of TEMP: ==================== C:\Users\Peet Löseke\AppData\Local\Temp\avgnt.exe C:\Users\Peet Löseke\AppData\Local\Temp\MouseKeyboardCenterx64_1031.exe C:\Users\Peet Löseke\AppData\Local\Temp\Quarantine.exe C:\Users\Peet Löseke\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-10-26 11:11 ==================== End Of Log ============================ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-11-2014 Ran by Peet Löseke at 2014-11-03 10:20:38 Running from C:\Users\Peet Löseke\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859} AV: Norton Internet Security (Disabled - Out of date) {63DF5164-9100-186D-2187-8DC619EFD8BF} AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4} AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Norton Internet Security (Disabled - Out of date) {D8BEB080-B73A-17E3-1B37-B6B462689202} FW: Norton Internet Security (Disabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated) Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.189 - Adobe Systems Incorporated) Adobe Reader XI (11.0.09) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated) Anzeige am Bildschirm (HKLM\...\OnScreenDisplay) (Version: 6.60.03 - ) Apple Mobile Device Support (HKLM\...\{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}) (Version: 6.0.1.3 - Apple Inc.) ATI Catalyst Install Manager (HKLM\...\{FBDB286E-D477-3C75-7F95-CAE737409050}) (Version: 3.0.820.0 - ATI Technologies, Inc.) ATI Uninstaller (HKLM\...\ATI Uninstaller) (Version: 8.84.7.3-110511a-124523C-Lenovo - ATI Technologies, Inc.) AudibleManager (HKLM-x32\...\AudibleManager) (Version: 2011053310.48.56.40768754 - Audible, Inc.) Avira (HKLM-x32\...\{9bd9b85e-7792-483b-a318-cc51ff0877ed}) (Version: 1.1.22.50000 - Avira Operations GmbH & Co. KG) Avira (x32 Version: 1.1.22.50000 - Avira Operations GmbH & Co. KG) Hidden Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.306 - Avira) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Broadcom InConcert Maestro (HKLM\...\{57DD35E9-D9BB-4089-BB05-EF933C586CB3}) (Version: 1.0.1.2200 - Broadcom Corporation) Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.32.27.0 - Conexant) Disable AMT Profile Synchronization Pop-up for Windows XP/Vista/7 (HKLM\...\DisableAMTPopup) (Version: 1.00 - ) Download & Install Packages (HKCU\...\Download & Install Packages) (Version: - ) <==== ATTENTION Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.) Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.) Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden HP Officejet Pro 8600 - Grundlegende Software für das Gerät (HKLM\...\{1241CE77-0B65-40A0-B893-02EA49E35332}) (Version: 25.0.619.0 - Hewlett-Packard Co.) HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard) Intel(R) PROSet/Wireless WiFi-Software (HKLM\...\{25FBDA9A-E868-4B3B-B9FF-D923818511A1}) (Version: 14.2.0000 - Intel Corporation) Intel(R) Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version: - ) iTunes (HKLM\...\{0E5D76AD-A3FB-48D5-8400-8903B10317D3}) (Version: 11.0.1.12 - Apple Inc.) Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle) Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 1.11 - ) Lenovo Patch Utility 64 bit (HKLM\...\{39A04221-294E-4D90-A0F2-CCB1EF15CB56}) (Version: 1.2.0.1 - Lenovo Group Limited) Lenovo SimpleTap (HKLM\...\{EFC9FE7C-ECE8-4282-8F77-FEDCAD374C77}) (Version: 3.0.0010.00 - Lenovo Group Limited) Lenovo Solution Center (HKLM\...\{828CE72E-718B-4FDC-A469-8DE674CE8C4D}) (Version: 1.0.006.00 - Lenovo Group Limited) Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - ) McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.) Message Center Plus (HKLM\...\{AD130AB4-E88C-48F4-8353-B7395A4A82D1}) (Version: 3.2.0003.00 - Lenovo Group Limited) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: - ) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation) Mozilla Firefox 33.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 33.0.2 (x86 de)) (Version: 33.0.2 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.0.2 - Mozilla) Music Converter (HKCU\...\Music Converter) (Version: - ) RapidBoot (HKLM\...\{5E2652DF-743F-482B-A593-C95F431A5769}) (Version: 1.11 - Lenovo) Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (HKLM\...\EnablePS) (Version: 1.00 - ) Search App by Ask (HKLM-x32\...\{4F524A2D-5350-4500-76A7-A758B70C1002}) (Version: 12.16.2.53 - APN, LLC) <==== ATTENTION Shopping Helper Smartbar (HKLM-x32\...\{1F288D91-CACB-47A1-A7EC-27DAC3512CEE}) (Version: 11.55.63.16956 - ReSoft Ltd.) <==== ATTENTION Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation) Sony PC Companion 2.10.228 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.228 - Sony) Studie zur Verbesserung von HP Officejet Pro 8600 Produkten (HKLM\...\{4DF1691E-8012-4E7C-89CF-3F7B9146DA6E}) (Version: 25.0.619.0 - Hewlett-Packard Co.) ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{C6C9D5F7-630C-4125-8C4E-94AF77C1896E}) (Version: 6.4.0.2200 - Broadcom Corporation) ThinkPad Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.64.00.00 - ) ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.8.0 - ) ThinkVantage AutoLock (HKLM\...\{E224B44B-B5EB-4af3-A80A-A255358E241A}_is1) (Version: 1.03 - Lenovo) ThinkVantage Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 2.07 - Lenovo) ThinkVantage Fingerprint Software (HKLM\...\{502EE63C-9A62-4330-8F8B-1EAB51B7BB46}) (Version: 5.9.4.6882 - UPEK Inc.) ThinkVantage System für aktiven Festplattenschutz (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.75 - Lenovo) Windows-Treiberpaket - Intel (iaStor) hdc (11/06/2010 10.1.0.1008) (HKLM\...\73C6BE3E3B6FC5418F2B47E6C75F6C8F9552DC12) (Version: 11/06/2010 10.1.0.1008 - Intel) Windows-Treiberpaket - Lenovo 1.64.00.00 (07/28/2011 1.64.00.00) (HKLM\...\01E3B64834B04ABAC85D8E1D3EBDC567D83AD29B) (Version: 07/28/2011 1.64.00.00 - Lenovo) Windows-Treiberpaket - Realtek (RTL8167) Net (12/29/2010 7.037.1229.2010) (HKLM\...\828B05D2B647CDAEA22493F7BFB96847265EE596) (Version: 12/29/2010 7.037.1229.2010 - Realtek) Windows-Treiberpaket - Synaptics (SynTP) Mouse (05/19/2011 15.3.8.0) (HKLM\...\DDD8A532E361E9A878EBEF69C338B306810DF059) (Version: 05/19/2011 15.3.8.0 - Synaptics) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 03-10-2014 08:36:12 Reimage Repair Restore Point 10-10-2014 14:03:19 Sony PC Companion 17-10-2014 19:21:26 Geplanter Prüfpunkt 26-10-2014 10:19:03 Geplanter Prüfpunkt 02-11-2014 12:00:59 Geplanter Prüfpunkt ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {093FE458-0258-451E-A540-5309A996BC11} - System32\Tasks\hpUrlLauncher.exe_{6683E13A-5A06-4054-994F-F385D53FD796} => C:\Program Files\HP\HP Officejet Pro 8600\Bin\utils\hpUrlLauncher.exe [2011-09-09] (Hewlett-Packard Co.) Task: {0E39E20F-ABE8-4311-BD9E-74E93095B364} - \Plus-HD-5.0-enabler No Task File <==== ATTENTION Task: {18D17D55-4AC6-4412-AFA6-7F713738AC05} - System32\Tasks\{B10A1781-401D-429A-8E6E-C2F4D8D846C3} => Firefox.exe hxxp://ui.skype.com/ui/0/6.1.0.129.272/de/abandoninstall?page=tsProgressBar Task: {196BB4B4-1AFF-4B46-95EF-90EF32D92CDB} - \Plus-HD-5.0-codedownloader No Task File <==== ATTENTION Task: {1B612102-DF1A-43A9-BA4D-3D38831394F4} - System32\Tasks\MCP => C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe [2013-02-05] (Lenovo) Task: {1BBCDE30-7940-466C-9968-FB1CD931E0F7} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\WSCStub.exe [2011-08-13] (Symantec Corporation) Task: {1FF0740F-D15D-4BF1-A5AE-3656CBD60D8F} - System32\Tasks\Lenovo\Message Center Plus Launcher => C:\Program Files (x86)\Lenovo\message center plus\mcplaunch.exe [2013-02-05] (Lenovo) Task: {2420F0F0-4DBE-4420-AE3B-DC01AC362D1B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.) Task: {2E3DEBD6-FA1A-4371-9DFE-512F43C7A3E9} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {3CE4D1B0-2FAD-410A-ADF5-A096B5583612} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PWMIDTSV.EXE [2011-08-31] (Lenovo Group Limited) Task: {46D7AA1C-96DE-4D14-9DC9-DBB1ED390B4B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-10-16] (Adobe Systems Incorporated) Task: {491AE073-715E-4A2A-BDE3-75C7DCB8F1A6} - System32\Tasks\{7CCB7A1F-4FEB-479A-92D5-C70A2A82EA2C} => Firefox.exe hxxp://ui.skype.com/ui/0/6.3.0.105/de/abandoninstall?page=tsProgressBar Task: {4CBCBE01-BCF2-4579-9AFE-CC829EADA0B9} - System32\Tasks\Lenovo\SimpleTap\Start SimpleTap for Patty.Peet Löseke => C:\Program Files\Lenovo\SimpleTap\SimpleTap.exe [2011-12-21] (Lenovo) Task: {51E7FD09-6480-4C19-9C9F-DEEDF0D20381} - System32\Tasks\ScanToPCActivationApp.exe_{A7E83F0C-8E3D-4F1E-AF96-C4047C8494CC} => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2011-09-09] (Hewlett-Packard Co.) Task: {566AA7A3-5570-4A48-9F28-65ED3A039EDB} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation) Task: {58B4DFCE-911A-48C6-BA41-9F601CB285E8} - \Plus-HD-5.0-chromeinstaller No Task File <==== ATTENTION Task: {5E3810A3-4304-4D00-B9C8-947E4A980F26} - System32\Tasks\Lenovo\SimpleTap\Start SimpleTap for Patty.Mary Löseke => C:\Program Files\Lenovo\SimpleTap\SimpleTap.exe [2011-12-21] (Lenovo) Task: {692EE816-B6A0-4307-832B-65852048559B} - System32\Tasks\{436B42C7-8A0D-4982-BC02-8C028DD03CAD} => Firefox.exe hxxp://ui.skype.com/ui/0/6.1.0.129.272/de/abandoninstall?page=tsProgressBar Task: {80691822-BB1B-441A-A44B-64148CEA6E21} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\SymErr.exe [2011-08-11] (Symantec Corporation) Task: {867035FB-7CD4-4A00-9BE7-C71BD5572540} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2012-01-09] (Lenovo) Task: {8D83D13D-570D-4BE7-97DC-A902107C20AD} - System32\Tasks\HPCustParticipation HP Officejet Pro 8600 => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2011-09-09] (Hewlett-Packard Co.) Task: {8FA02EF3-1822-43ED-BBA2-37CA1B5022E0} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\SymErr.exe [2011-08-11] (Symantec Corporation) Task: {9A39747F-7139-4F29-8853-2E4928259D9F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.) Task: {CA4C83A3-BDBD-41EE-AEDA-2B3E8BA2F51E} - \Plus-HD-5.0-updater No Task File <==== ATTENTION Task: {E5486C68-9554-4674-A1E2-93BFC619364E} - \Plus-HD-5.0-firefoxinstaller No Task File <==== ATTENTION Task: {FD72C640-2FA7-47FB-A080-00D64C2B8F09} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\Plus-HD-5.0-chromeinstaller.job => C:\Program Files (x86)\Plus-HD-5.0\Plus-HD-5.0-chromeinstaller.exe <==== ATTENTION Task: C:\Windows\Tasks\Plus-HD-5.0-codedownloader.job => C:\Program Files (x86)\Plus-HD-5.0\Plus-HD-5.0-codedownloader.exe <==== ATTENTION Task: C:\Windows\Tasks\Plus-HD-5.0-enabler.job => C:\Program Files (x86)\Plus-HD-5.0\Plus-HD-5.0-enabler.exe <==== ATTENTION Task: C:\Windows\Tasks\Plus-HD-5.0-firefoxinstaller.job => C:\Program Files (x86)\Plus-HD-5.0\Plus-HD-5.0-firefoxinstaller.exe <==== ATTENTION Task: C:\Windows\Tasks\Plus-HD-5.0-updater.job => C:\Program Files (x86)\Plus-HD-5.0\Plus-HD-5.0-updater.exe <==== ATTENTION ==================== Loaded Modules (whitelisted) ============= 2011-07-27 20:07 - 2011-07-27 20:07 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll 2012-08-27 07:42 - 2007-03-29 23:49 - 00022016 _____ () C:\Windows\System32\ml285pl6.dll 2012-03-07 10:36 - 2011-08-31 19:03 - 00055808 ____N () C:\Program Files (x86)\ThinkPad\Utilities\GR\PWMRT64V.DLL 2012-03-07 18:49 - 2011-05-19 13:04 - 00057640 _____ () C:\Program Files\Synaptics\SynTP\SynTPEnhPS.dll 2011-07-27 20:07 - 2011-07-27 20:07 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll 2012-03-07 10:24 - 2010-10-26 04:40 - 00049056 ____N () C:\Program Files\CONEXANT\ForteConfig\fmapp.exe 2012-03-07 10:25 - 2011-08-08 23:44 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2012-08-27 07:43 - 2009-09-11 11:22 - 00614400 _____ () C:\Windows\Samsung\PanelMgr\SSMMgr.exe 2014-01-30 22:39 - 2014-06-23 08:07 - 00113376 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe 2012-08-27 07:43 - 2008-08-18 06:13 - 00306688 _____ () C:\Windows\Samsung\PanelMgr\caller64.exe 2011-05-11 23:21 - 2011-05-11 23:21 - 00243712 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll 2011-03-14 14:21 - 2011-03-14 14:21 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll 2012-05-30 19:06 - 2012-05-30 19:06 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2012-05-30 19:06 - 2012-05-30 19:06 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2012-03-07 10:36 - 2010-04-06 09:05 - 02085888 _____ () C:\Program Files\Lenovo\AutoLock\cv210.dll 2012-03-07 10:36 - 2010-04-06 09:04 - 02201088 _____ () C:\Program Files\Lenovo\AutoLock\cxcore210.dll 2014-01-30 22:39 - 2012-04-30 10:57 - 00039936 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\TMonitorAPI.dll 2014-01-30 22:39 - 2013-09-13 10:02 - 00208896 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\MExplorer.dll 2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf 2013-02-14 15:46 - 2013-02-14 15:46 - 01044048 _____ () C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll 2011-02-18 09:04 - 2011-02-18 09:04 - 00196448 _____ () C:\Program Files (x86)\Microsoft Office\Office14\IEAWSDC.DLL 2014-11-02 15:47 - 2014-10-28 03:01 - 03649648 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll 2014-10-16 06:07 - 2014-10-16 06:07 - 16832176 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ========================= Accounts: ========================== Administrator (S-1-5-21-2137695456-992688877-1232989452-500 - Administrator - Disabled) Gast (S-1-5-21-2137695456-992688877-1232989452-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-2137695456-992688877-1232989452-1005 - Limited - Enabled) Mary Löseke (S-1-5-21-2137695456-992688877-1232989452-1001 - Limited - Enabled) => C:\Users\Mary Löseke Peet Löseke (S-1-5-21-2137695456-992688877-1232989452-1000 - Administrator - Enabled) => C:\Users\Peet Löseke ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (11/03/2014 08:51:36 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1". Die abhängige Assemblierung "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (11/03/2014 08:45:24 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1". Die abhängige Assemblierung "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (11/03/2014 08:40:59 AM) (Source: ATIeRecord) (EventID: 16398) (User: ) Description: ATI EEU failed to post message to CCC Error: (11/03/2014 08:38:59 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/03/2014 00:30:22 AM) (Source: ATIeRecord) (EventID: 16398) (User: ) Description: ATI EEU failed to post message to CCC Error: (11/02/2014 11:39:36 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/02/2014 11:18:41 PM) (Source: ATIeRecord) (EventID: 16398) (User: ) Description: ATI EEU failed to post message to CCC Error: (11/02/2014 11:18:41 PM) (Source: ATIeRecord) (EventID: 16398) (User: ) Description: ATI EEU failed to post message to CCC Error: (11/02/2014 11:18:41 PM) (Source: ATIeRecord) (EventID: 16398) (User: ) Description: ATI EEU failed to post message to CCC Error: (11/02/2014 11:18:41 PM) (Source: ATIeRecord) (EventID: 16398) (User: ) Description: ATI EEU failed to post message to CCC System errors: ============= Error: (11/03/2014 08:39:56 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC) Error: (11/03/2014 08:38:30 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (11/03/2014 00:30:32 AM) (Source: DCOM) (EventID: 10010) (User: ) Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} Error: (11/03/2014 00:06:59 AM) (Source: ipnathlp) (EventID: 31004) (User: ) Description: 0 Error: (11/02/2014 11:48:08 PM) (Source: ipnathlp) (EventID: 31004) (User: ) Description: 0 Error: (11/02/2014 11:40:32 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC) Error: (11/02/2014 11:39:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (11/02/2014 11:18:48 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} Error: (11/02/2014 10:20:22 PM) (Source: ipnathlp) (EventID: 31004) (User: ) Description: 0 Error: (11/02/2014 06:54:53 PM) (Source: ipnathlp) (EventID: 31004) (User: ) Description: 0 Microsoft Office Sessions: ========================= Error: (11/03/2014 08:51:36 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"c:\program files\Lenovo\lenovo solution center\App\diag\flex_comm_sample.exe Error: (11/03/2014 08:45:24 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files\Lenovo\Lenovo Solution Center\App\diag\flex_comm_sample.exe Error: (11/03/2014 08:40:59 AM) (Source: ATIeRecord) (EventID: 16398) (User: ) Description: Error: (11/03/2014 08:38:59 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/03/2014 00:30:22 AM) (Source: ATIeRecord) (EventID: 16398) (User: ) Description: Error: (11/02/2014 11:39:36 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/02/2014 11:18:41 PM) (Source: ATIeRecord) (EventID: 16398) (User: ) Description: Error: (11/02/2014 11:18:41 PM) (Source: ATIeRecord) (EventID: 16398) (User: ) Description: Error: (11/02/2014 11:18:41 PM) (Source: ATIeRecord) (EventID: 16398) (User: ) Description: Error: (11/02/2014 11:18:41 PM) (Source: ATIeRecord) (EventID: 16398) (User: ) Description: CodeIntegrity Errors: =================================== Date: 2013-02-02 21:30:44.655 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-02-02 21:30:44.625 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz Percentage of memory in use: 63% Total physical RAM: 4007.23 MB Available physical RAM: 1476.18 MB Total Pagefile: 8012.65 MB Available Pagefile: 4669.29 MB Total Virtual: 8192 MB Available Virtual: 8191.82 MB ==================== Drives ================================ Drive c: (Windows7_OS) (Fixed) (Total:448.67 GB) (Free:251.01 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive q: (Lenovo_Recovery) (Fixed) (Total:15.62 GB) (Free:5.06 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 465.8 GB) (Disk ID: 9539BD5C) Partition 1: (Active) - (Size=1.5 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=448.7 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=15.6 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net Rootkit scan 2014-11-03 10:43:14 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 HITACHI_ rev.JF3Z 465,76GB Running: Gmer-19357.exe; Driver: C:\Users\PETRAL~1\AppData\Local\Temp\fxtdapoc.sys ---- Kernel code sections - GMER 2.1 ---- INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff800033f6000 45 bytes [00, 00, 15, 02, 46, 69, 6C, ...] INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575 fffff800033f602f 16 bytes [00, 00, 00, 00, 00, 00, 00, ...] ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\60d819b03293 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\60d819b03293@04180f1e80b1 0x87 0x63 0xF5 0x31 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\60d819b03293@00c610743150 0x3C 0xDB 0x4E 0x98 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\60d819b03293@ccfa009260fb 0x7A 0x87 0xF9 0x6C ... Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{4D6586BE-8EF1-40C8-A4EE-EC366A4C3AB6}@LeaseObtainedTime 1415007389 Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{4D6586BE-8EF1-40C8-A4EE-EC366A4C3AB6}@T1 1415007419 Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{4D6586BE-8EF1-40C8-A4EE-EC366A4C3AB6}@T2 1415007441 Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{4D6586BE-8EF1-40C8-A4EE-EC366A4C3AB6}@LeaseTerminatesTime 1415007449 Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\60d819b03293 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\60d819b03293@04180f1e80b1 0x87 0x63 0xF5 0x31 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\60d819b03293@00c610743150 0x3C 0xDB 0x4E 0x98 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\60d819b03293@ccfa009260fb 0x7A 0x87 0xF9 0x6C ... ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ---- Code:
ATTFilter # AdwCleaner v4.000 - Bericht erstellt am 15/10/2014 um 07:34:21 # DB v2014-10-15.7 # Aktualisiert 12/10/2014 von Xplode # Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits) # Benutzername : Peet Löseke - PATTY # Gestartet von : C:\Users\Peet Löseke\Desktop\adwcleaner_4.000.exe # Option : Löschen ***** [ Dienste ] ***** [#] Dienst Gelöscht : APNMCP [#] Dienst Gelöscht : ReimageRealTimeProtector ***** [ Dateien / Ordner ] ***** Ordner Gelöscht : C:\ProgramData\apn Ordner Gelöscht : C:\Users\Peet Löseke\AppData\Local\apn Ordner Gelöscht : C:\ProgramData\AskPartnerNetwork Ordner Gelöscht : C:\Program Files (x86)\AskPartnerNetwork Ordner Gelöscht : C:\Users\Peet Löseke\AppData\Local\AskPartnerNetwork Ordner Gelöscht : C:\ProgramData\Reimage Protector Ordner Gelöscht : C:\Users\Peet Löseke\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma Datei Gelöscht : C:\Windows\Reimage.ini Datei Gelöscht : C:\Users\Peet Löseke\ReimageRepair.exe ***** [ Tasks ] ***** Task Gelöscht : ReimageUpdater ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** Schlüssel Gelöscht : HKCU\Software\AskPartnerNetwork Schlüssel Gelöscht : HKCU\Software\Reimage Schlüssel Gelöscht : HKLM\SOFTWARE\AskPartnerNetwork Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Reimage Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Reimage Repair ***** [ Browser ] ***** -\\ Internet Explorer v11.0.9600.16521 -\\ Mozilla Firefox v32.0.3 (x86 de) [9f73itof.default] - Zeile gelöscht : user_pref("extensions.aJLPQ94732309TRY102138975com62056.62056.internaldb.__ICM_LITE__blacklist_domain.value", "%7B%22SLIDERS%22%3A%5B%226pm.com%22%2C%22amazon.co.uk%22%2C%22amazon.com%22%2C%22anthropo[...] [9f73itof.default] - Zeile gelöscht : user_pref("extensions.aJLPQ94732309TRY102138975com62056.62056.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssfiles.com%22%5D%7D%2C%22dealply_p%22%3A%7[...] -\\ Google Chrome v37.0.2062.124 ************************* AdwCleaner[R0].txt - [93095 octets] - [12/10/2014 08:43:04] AdwCleaner[R1].txt - [2582 octets] - [15/10/2014 07:32:25] AdwCleaner[S0].txt - [87729 octets] - [12/10/2014 08:45:28] AdwCleaner[S1].txt - [2317 octets] - [15/10/2014 07:34:21] ########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [2377 octets] ########## |
03.11.2014, 12:27 | #2 |
/// the machine /// TB-Ausbilder | Jeder Klick zwei neue Werbefenster, Adware ohne Ende, Download- und Update Aufforderungen hi,
__________________Lade Dir bitte von hier Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
Scan mit Combofix
__________________ |
03.11.2014, 14:12 | #3 |
| Jeder Klick zwei neue Werbefenster, Adware ohne Ende, Download- und Update Aufforderungen Hallo schrauber,
__________________vielen Dank für Deine schnelle Antwort. Habe inzwischen alles so ausgeführt wie oben beschrieben. Was machmal bei all den aufploppenden Fenstern gar nicht so einfach war ;-) Combofix hatte ein bisschen gemeckert, sich aber trotzdem an die Arbeit gemacht, ohne dass ich etwas machen konnte. Am Erscheinungsbild meines Bildschirm hat sich momentan noch nicht wirklich etwas Erkennbares geändert. Lieben Gruß Peloe Hier nun der Combofix-logfile: Code:
ATTFilter ComboFix 14-10-29.01 - Peet Löseke 03.11.2014 13:21:36.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4007.1670 [GMT 1:00] ausgeführt von:: c:\users\Peet L÷seke\Desktop\ComboFix.exe AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859} AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF} FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4} SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\Roaming c:\users\Peet Löseke\AppData\Local\nsu7F6F.tmp c:\users\Peet Löseke\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll c:\users\PETRAL~1\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll Q:\Autorun.inf . . ((((((((((((((((((((((( Dateien erstellt von 2014-10-03 bis 2014-11-03 )))))))))))))))))))))))))))))) . . 2014-11-03 12:31 . 2014-11-03 12:31 -------- d-----w- c:\users\Mary Löseke\AppData\Local\temp 2014-11-03 12:31 . 2014-11-03 12:31 -------- d-----w- c:\users\Default\AppData\Local\temp 2014-11-03 11:53 . 2014-11-03 11:58 -------- d-----w- c:\program files (x86)\VS Revo Group 2014-11-03 09:19 . 2014-11-03 09:21 -------- d-----w- C:\FRST 2014-10-18 21:40 . 2014-10-26 22:12 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9D9D6040-391F-4940-A53F-7EC4A6B44D8C}\offreg.dll 2014-10-12 06:43 . 2010-08-30 06:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll 2014-10-12 06:42 . 2014-10-24 06:01 -------- d-----w- C:\AdwCleaner . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-10-23 00:27 . 2013-08-16 06:45 893552 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll 2014-10-23 00:27 . 2013-08-16 06:45 42168 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll 2014-10-23 00:27 . 2013-08-16 06:44 1236816 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2014-10-16 05:07 . 2012-11-18 18:46 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2014-10-16 05:07 . 2012-11-18 18:46 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2014-10-07 11:23 . 2013-05-07 11:32 43064 ----a-w- c:\windows\system32\drivers\avnetflt.sys 2014-10-07 11:23 . 2013-03-27 12:26 131608 ----a-w- c:\windows\system32\drivers\avipbb.sys 2014-10-07 11:23 . 2013-03-27 12:26 119272 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2014-10-05 07:11 . 2013-09-02 06:23 893552 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll 2014-10-05 07:11 . 2013-09-02 06:23 42168 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll 2014-10-03 08:36 . 2014-04-20 16:17 16224 ----a-w- c:\windows\system32\Native.exe 2014-09-26 04:53 . 2013-09-20 05:02 1236816 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll 2014-09-19 14:52 . 2014-09-19 14:52 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2014-09-09 16:30 . 2010-06-24 10:33 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2014-08-18 11:32 . 2014-08-18 11:32 255352 ----a-w- c:\windows\SysWow64\awrdscdc.ax 2014-08-13 19:05 . 2014-08-13 19:05 1058200 ----a-w- c:\users\Peet Löseke\install_flashplayer14x32au_ltr5x64d_awc_aih.exe 2014-08-13 19:05 . 2014-08-13 19:05 1058200 ----a-w- c:\users\Peet Löseke\install_flashplayer14x32au_ltr5x64d_awc_aih.exe . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-11-14 20584608] "HP Officejet Pro 8600 (NET)"="c:\program files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe" [2011-09-09 2676584] "Sony PC Companion"="c:\program files (x86)\Sony\Sony PC Companion\PCCompanion.exe" [2014-09-01 468192] "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-03-07 39408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "RotateImage"="c:\program files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe" [2008-10-30 55808] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-05-11 336384] "Lenovo Registration"="c:\program files (x86)\Lenovo Registration\LenovoReg.exe" [2011-07-13 4351712] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280] "Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2009-09-11 614400] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544] "avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-10-07 703736] "HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2013-05-30 96056] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-07-25 256896] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-08-21 959176] "Avira Systray"="c:\program files (x86)\Avira\My Avira\Avira.OE.Systray.exe" [2014-09-23 165168] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2011-4-27 1218336] McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.150\SSScheduler.exe [2014-4-9 332016] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "DisableCAD"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "Userinit"="userinit.exe" . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 HyperW7Svc;HyperW7 Service;c:\program files\Lenovo\RapidBoot\HyperW7Svc64.exe;c:\program files\Lenovo\RapidBoot\HyperW7Svc64.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x] R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x] R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe [x] R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x] R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x] R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [x] R3 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE [x] R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [x] R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bbus.sys [x] R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bmdfl.sys [x] R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bmdm.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x] R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x] S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys;c:\windows\SYSNATIVE\DRIVERS\ApsHM64.sys [x] S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x] S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys;c:\windows\SYSNATIVE\DRIVERS\smiifx64.sys [x] S1 PHCORE;PHCORE;c:\program files\Lenovo\RapidBoot\PHCORE64.SYS;c:\program files\Lenovo\RapidBoot\PHCORE64.SYS [x] S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x] S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x] S2 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [x] S2 Avira.OE.ServiceHost;Avira Service Host;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [x] S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x] S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x] S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe;c:\windows\SYSNATIVE\CxAudMsg64.exe [x] S2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [x] S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [x] S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [x] S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [x] S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [x] S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe;c:\program files (x86)\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe [x] S2 risdxc;risdxc;c:\windows\system32\DRIVERS\risdxc64.sys;c:\windows\SYSNATIVE\DRIVERS\risdxc64.sys [x] S2 SAService;Conexant SmartAudio service;c:\windows\system32\SAsrv.exe;c:\windows\SYSNATIVE\SAsrv.exe [x] S2 smihlp;SMI Helper Driver (smihlp);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys;c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [x] S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys;c:\windows\SYSNATIVE\Drivers\SSPORT.sys [x] S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [x] S2 TPHKSVC;Anzeige am Bildschirm;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [x] S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x] S2 VIPAppService;VIPAppService;c:\program files (x86)\Symantec\VIP Access Client\VIPAppService.exe;c:\program files (x86)\Symantec\VIP Access Client\VIPAppService.exe [x] S3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys;c:\windows\SYSNATIVE\DRIVERS\5U877.sys [x] S3 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120531.001\BHDrvx64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120531.001\BHDrvx64.sys [x] S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys;c:\windows\SYSNATIVE\DRIVERS\btwampfl.sys [x] S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x] S3 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1301000.01C\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NISx64\1301000.01C\ccSetx64.sys [x] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x] S3 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120613.007\IDSvia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120613.007\IDSvia64.sys [x] S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x] S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys;c:\windows\SYSNATIVE\DRIVERS\igdpmd64.sys [x] S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys;c:\windows\SYSNATIVE\DRIVERS\iwdbus.sys [x] S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] S3 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1301000.01C\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1301000.01C\SYMDS64.SYS [x] S3 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1301000.01C\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1301000.01C\SYMEFA64.SYS [x] S3 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1301000.01C\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1301000.01C\Ironx64.SYS [x] S3 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\NISx64\1301000.01C\SYMNETS.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1301000.01C\SYMNETS.SYS [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2014-11-01 22:35 1089352 ----a-w- c:\program files (x86)\Google\Chrome\Application\38.0.2125.111\Installer\chrmstp.exe . Inhalt des "geplante Tasks" Ordners . 2014-11-03 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-18 05:07] . 2014-11-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-07 16:02] . 2014-11-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-07 16:02] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-07-27 1935120] "SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2011-04-26 310912] "ForteConfig"="c:\program files\Conexant\ForteConfig\fmapp.exe" [2010-10-26 49056] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-09 167704] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-09 392472] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-09 416024] "LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2011-05-31 40808] "ALCKRESI.EXE"="c:\program files\Lenovo\AutoLock\ALCKRESI.EXE" [2011-05-25 281960] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "NCInstallQueue"="netman.dll" [2009-07-14 360448] . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://www.google.com uLocal Page = c:\windows\system32\blank.htm uDefault_Search_URL = hxxp://www.google.com mLocal Page = c:\windows\SysWOW64\blank.htm mSearch Bar = hxxp://www.google.com uSearchAssistant = hxxp://www.google.com uSearchURL,(Default) = hxxp://www.google.com IE: An OneNote s&enden - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105 IE: Bild an &Bluetooth-Gerät senden... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000 IE: Seite an &Bluetooth-Gerät senden... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm Trusted Zone: samsungsetup.com\www TCP: DhcpNameServer = 192.168.0.1 FF - ProfilePath - c:\users\Peet Löseke\AppData\Roaming\Mozilla\Firefox\Profiles\9f73itof.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/ . - - - - Entfernte verwaiste Registrierungseinträge - - - - . BHO-{78e516ef-11de-47a1-8364-a99b917ec5ee} - (no file) Toolbar-Locked - (no file) Wow6432Node-HKCU-Run-Infigo - c:\program files (x86)\Infigo\Infigo.exe Wow6432Node-HKLM-Run-<NO NAME> - (no file) HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start Toolbar-Locked - (no file) ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file) HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe AddRemove-Activeris AntiMalware_is1 - c:\program files (x86)\Activeris AntiMalware\unins000.exe AddRemove-Music Converter - c:\program files (x86)\MusicConverter\Uninstall\__Uninstall_.exe . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS] "ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.1.0.28\diMaster.dll\" /prefetch:1" . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}] @Denied: (A 2) (Everyone) @="IFlashBroker6" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.15" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}] @Denied: (A 2) (Everyone) @="IFlashBroker6" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Weitere laufende Prozesse ------------------------ . c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe c:\windows\SysWOW64\SAsrv.exe c:\program files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe c:\progra~1\Lenovo\HOTKEY\TPONSCR.EXE c:\program files (x86)\Lenovo\message center plus\mcplaunch.exe c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe c:\program files (x86)\Lenovo\System Update\SUService.exe . ************************************************************************** . Zeit der Fertigstellung: 2014-11-03 13:41:27 - PC wurde neu gestartet ComboFix-quarantined-files.txt 2014-11-03 12:41 . Vor Suchlauf: 16 Verzeichnis(se), 272.476.807.168 Bytes frei Nach Suchlauf: 21 Verzeichnis(se), 275.115.384.832 Bytes frei . - - End Of File - - 7E47EE29B7198AFE1B7CDF05D67A8129 |
03.11.2014, 22:33 | #4 |
/// the machine /// TB-Ausbilder | Jeder Klick zwei neue Werbefenster, Adware ohne Ende, Download- und Update Aufforderungen Downloade Dir bitte Malwarebytes Anti-Malware
Downloade Dir bitte AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
04.11.2014, 11:33 | #5 |
| Jeder Klick zwei neue Werbefenster, Adware ohne Ende, Download- und Update Aufforderungen Hallo schrauber, alles erledigt :-) - fast jedenfalls. Beim MBAM habe ich versehentlich den Benutzerdefinierten Suchlauf anageklickt, den ich dann nach 18 Minuten abgebrochen habe, als ich meinen Fehler bemerkt hatte. Dort gab es ca. 160 Befunde. Beim Bedrohungssuchlauf dann nur noch 3. Ich sende alle logfils mit. Hier die logfiles: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 04.11.2014 Suchlauf-Zeit: 08:36:28 Logdatei: malware.txt Administrator: Ja Version: 2.00.3.1025 Malware Datenbank: v2014.11.04.01 Rootkit Datenbank: v2014.11.01.02 Lizenz: Testversion Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Petra Löseke Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgebrochen Durchsuchte Objekte: 363200 Verstrichene Zeit: 19 Min, 9 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente erkannt) Module: 0 (Keine schädliche Elemente erkannt) Registrierungsschlüssel: 0 (Keine schädliche Elemente erkannt) Registrierungswerte: 0 (Keine schädliche Elemente erkannt) Registrierungsdaten: 0 (Keine schädliche Elemente erkannt) Ordner: 0 (Keine schädliche Elemente erkannt) Dateien: 0 (Keine schädliche Elemente erkannt) Physische Sektoren: 0 (Keine schädliche Elemente erkannt) (end) Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 04.11.2014 Suchlauf-Zeit: 09:05:19 Logdatei: malware2.txt Administrator: Ja Version: 2.00.3.1025 Malware Datenbank: v2014.11.04.01 Rootkit Datenbank: v2014.11.01.02 Lizenz: Testversion Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Petra Löseke Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 381894 Verstrichene Zeit: 19 Min, 36 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente erkannt) Module: 0 (Keine schädliche Elemente erkannt) Registrierungsschlüssel: 0 (Keine schädliche Elemente erkannt) Registrierungswerte: 0 (Keine schädliche Elemente erkannt) Registrierungsdaten: 3 PUP.Optional.SimplyTech.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\ABOUTURLS|newtab, %appdata%\SimplyTech\home\home.htm, Gut: (www.google.com), Schlecht: (%appdata%\SimplyTech\home\home.htm),,[734e22157804cf67f6e455d97c89b14f] PUP.Optional.SnapDo.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnWE23Qik11mFwB7WTYnaVdQO2kd51UUlKZ-aUXL5za07wSXsxIYVDvC5aiZovqoaYnhArixDDvGoJ_0lWBB3WQRLDahdWO6by2AqOD2TSJKWiIu7R0ZRtJk2o-epZwgA9F4eb_4t2srEgjBFU9RgUaoT8xU,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnWE23Qik11mFwB7WTYnaVdQO2kd51UUlKZ-aUXL5za07wSXsxIYVDvC5aiZovqoaYnhArixDDvGoJ_0lWBB3WQRLDahdWO6by2AqOD2TSJKWiIu7R0ZRtJk2o-epZwgA9F4eb_4t2srEgjBFU9RgUaoT8xU,&q={searchTerms}),,[6c559b9c2a52e452a2313af3b352827e] PUP.Optional.SearchCertifiedTB.A, HKU\S-1-5-21-2137695456-992688877-1232989452-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURI, hxxp://search.certified-toolbar.com?si=80415&st=bs&tid=23890&ver=6.3&ts=1401400800000.000000&tguid=80415-23890-1401435222325-5BC0FAEF3B609D083560FFD6C8EBF115&q=%s, Gut: (www.google.com), Schlecht: (hxxp://search.certified-toolbar.com?si=80415&st=bs&tid=23890&ver=6.3&ts=1401400800000.000000&tguid=80415-23890-1401435222325-5BC0FAEF3B609D083560FFD6C8EBF115&q=%s),,[06bb64d36a12e551ac893802cb3ad32d] Ordner: 0 (Keine schädliche Elemente erkannt) Dateien: 0 (Keine schädliche Elemente erkannt) Physische Sektoren: 0 (Keine schädliche Elemente erkannt) (end) Code:
ATTFilter # AdwCleaner v4.002 - Bericht erstellt am 04/11/2014 um 10:55:00 # DB v2014-11-02.1 # Aktualisiert 27/10/2014 von Xplode # Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits) # Benutzername : Peet Löseke - PATTY # Gestartet von : C:\Users\Peet Löseke\Desktop\AdwCleaner_4.002.exe # Option : Löschen ***** [ Dienste ] ***** ***** [ Dateien / Ordner ] ***** Ordner Gelöscht : C:\Users\Mary Löseke\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl ***** [ Tasks ] ***** ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\webssearches.com ***** [ Browser ] ***** -\\ Internet Explorer v11.0.9600.16521 -\\ Mozilla Firefox v33.0.2 (x86 de) [9f73itof.default] - Zeile gelöscht : user_pref("extensions.aJLPQ94732309TRY102138975com62056.62056.internaldb.__ICM_LITE__blacklist_domain.value", "%7B%22SLIDERS%22%3A%5B%226pm.com%22%2C%22amazon.co.uk%22%2C%22amazon.com%22%2C%22anthropo[...] [9f73itof.default] - Zeile gelöscht : user_pref("extensions.aJLPQ94732309TRY102138975com62056.62056.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssfiles.com%22%5D%7D%2C%22dealply_p%22%3A%7[...] -\\ Google Chrome v38.0.2125.111 ************************* AdwCleaner[R0].txt - [93095 octets] - [12/10/2014 07:43:04] AdwCleaner[R1].txt - [2582 octets] - [15/10/2014 06:32:25] AdwCleaner[R2].txt - [7263 octets] - [24/10/2014 06:59:04] AdwCleaner[R3].txt - [2030 octets] - [04/11/2014 10:52:37] AdwCleaner[S0].txt - [87729 octets] - [12/10/2014 07:45:28] AdwCleaner[S1].txt - [2465 octets] - [15/10/2014 06:34:21] AdwCleaner[S2].txt - [7316 octets] - [24/10/2014 07:01:30] AdwCleaner[S3].txt - [1943 octets] - [04/11/2014 10:55:00] ########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [2003 octets] ########## Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.3.5 (10.31.2014:1) OS: Windows 7 Home Premium x64 Ran by Petra L”seke on 04.11.2014 at 11:05:16,30 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] "hkey_current_user\software\microsoft\internet explorer\low rights\elevationpolicy\{a5aa24ea-11b8-4113-95ae-9ed71deaf12a}" Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9" ~~~ Files ~~~ Folders Successfully deleted: [Empty Folder] C:\Users\Petra L”seke\appdata\local\{0132319A-C6DF-4AED-ABD0-6482A68023BC} Successfully deleted: [Empty Folder] C:\Users\Petra L”seke\appdata\local\{0C6E70D6-2A9D-4237-BA41-8D723FB749A6} Successfully deleted: [Empty Folder] C:\Users\Petra L”seke\appdata\local\{1825D36A-18B1-455F-8A9D-D97F1B9FF8F3} Successfully deleted: [Empty Folder] C:\Users\Petra L”seke\appdata\local\{1993CFF9-F26F-4AD0-BF6E-F7DAEEA933EC} Successfully deleted: [Empty Folder] C:\Users\Petra L”seke\appdata\local\{1EB4D9FF-221D-4738-9093-C27267279B52} Successfully deleted: [Empty Folder] C:\Users\Petra L”seke\appdata\local\{22E5B933-8712-44D9-9C6D-60DDF8CD3419} Successfully deleted: [Empty Folder] C:\Users\Petra L”seke\appdata\local\{23A00D78-6E96-4F6B-ABF5-8E75F7D3B234} Successfully deleted: [Empty Folder] C:\Users\Petra L”seke\appdata\local\{260E3C7C-C3C8-48F4-8CCF-E37090B4387C} Successfully deleted: [Empty Folder] C:\Users\Petra L”seke\appdata\local\{391C6F4E-4963-4DE9-9AD2-6015E3C0545A} Successfully deleted: [Empty Folder] C:\Users\Petra L”seke\appdata\local\{3A9E805A-9632-482A-ADF3-B51D7834A573} Successfully deleted: [Empty Folder] C:\Users\Petra L”seke\appdata\local\{3B4F289D-4326-4532-8B7E-2F5FFA89A49F} Successfully deleted: [Empty Folder] C:\Users\Petra L”seke\appdata\local\{3D996697-59A2-4FA5-B4DD-5E822F539CE4} Successfully deleted: [Empty Folder] C:\Users\Petra L”seke\appdata\local\{3F0BA481-963D-4C27-A27D-ACC6FBC2632F} Successfully deleted: [Empty Folder] C:\Users\Petra L”seke\appdata\local\{41275842-8AE7-4231-9025-578F7A286B2B} Successfully deleted: [Empty Folder] C:\Users\Petra L”seke\appdata\local\{4489E731-2E3D-442E-B7AC-000C7C6CD70A} Successfully deleted: [Empty Folder] C:\Users\Petra L”seke\appdata\local\{48E7F459-6492-45A0-BB20-FD3B817E2D41} Successfully deleted: [Empty Folder] C:\Users\Petra L”seke\appdata\local\{49A81E10-E6BA-48A6-B43B-975A6824B5E4} Successfully deleted: [Empty Folder] C:\Users\Petra L”seke\appdata\local\{4E77648A-06A8-49FD-BB1E-39B5F672C9EB} Successfully deleted: [Empty Folder] C:\Users\Petra L”seke\appdata\local\{5722A8D6-2B14-450B-9AA0-9F5EEB43729A} Successfully deleted: [Empty Folder] C:\Users\Petra L”seke\appdata\local\{575DAB8B-6E04-4A40-9DC0-ECF2E915B5F1} Successfully deleted: [Empty Folder] C:\Users\Petra L”seke\appdata\local\{5DC6B8A9-B5AF-41D3-A1FB-4ABC608ED30A} Successfully deleted: [Empty Folder] C:\Users\Petra L”seke\appdata\local\{609D4F34-EB60-4AB9-802E-ABD7C6C7B534} Successfully deleted: [Empty Folder] C:\Users\Petra L”seke\appdata\local\{684996C6-1B86-4261-A158-43C42146366A} Successfully deleted: [Empty Folder] C:\Users\Petra L”seke\appdata\local\{71B8F8BD-DC9D-423C-B088-C2289CE9DB67} Successfully deleted: [Empty Folder] C:\Users\Petra L”seke\appdata\local\{7F0A2448-FE99-43A2-8F56-D44F81848676} Successfully deleted: [Empty Folder] C:\Users\Petra L”seke\appdata\local\{805F310B-2139-4D14-AC36-37965900A5DE} Successfully deleted: [Empty Folder] C:\Users\Petra L”seke\appdata\local\{8184A157-1CA4-43F7-B78F-F44CD0B3F223} Successfully deleted: [Empty Folder] C:\Users\Petra L”seke\appdata\local\{988D1ECF-5E62-4497-A975-17021ECE107E} Successfully deleted: [Empty Folder] C:\Users\Petra L”seke\appdata\local\{9955731F-A162-4020-ACE1-2A14FD65A8C4} Successfully deleted: [Empty Folder] C:\Users\Petra L”seke\appdata\local\{A67D22C5-E206-4ED8-86D7-056C674AD8CA} Successfully deleted: [Empty Folder] C:\Users\Petra L”seke\appdata\local\{ABB8DA76-9A16-4337-AF6F-7680F612C946} Successfully deleted: [Empty Folder] C:\Users\Petra L”seke\appdata\local\{B159D725-9360-4A2F-A809-21CCB1BD5F07} Successfully deleted: [Empty Folder] C:\Users\Petra L”seke\appdata\local\{B1B2BC7B-AB95-4F74-B45A-7951E4CAD47B} Successfully deleted: [Empty Folder] C:\Users\Petra L”seke\appdata\local\{B2658671-8B8F-4A28-9C56-4A1B7E8E78D0} Successfully deleted: [Empty Folder] C:\Users\Petra L”seke\appdata\local\{B2F12544-44E2-4985-A6B1-A45D8B3DF109} Successfully deleted: [Empty Folder] C:\Users\Petra L”seke\appdata\local\{CFDE9C81-8F17-4618-BA7C-CEC53BB12BA5} Successfully deleted: [Empty Folder] C:\Users\Petra L”seke\appdata\local\{D02D6441-9FDD-4E59-B4E5-A5653A9347F3} Successfully deleted: [Empty Folder] C:\Users\Petra L”seke\appdata\local\{D29750FB-1D58-43E2-8A7C-3B2589C1794A} Successfully deleted: [Empty Folder] C:\Users\Petra L”seke\appdata\local\{DB4943D0-3870-44DE-80A6-ACA6B4A619E4} Successfully deleted: [Empty Folder] C:\Users\Petra L”seke\appdata\local\{DFEE4758-E174-45EC-BE2E-07152568C8B1} Successfully deleted: [Empty Folder] C:\Users\Petra L”seke\appdata\local\{E0D94C2A-D10A-479F-B762-E9E86F70E0EF} Successfully deleted: [Empty Folder] C:\Users\Petra L”seke\appdata\local\{EDEA31E4-C788-44EA-BBAB-8097F61A644A} Successfully deleted: [Empty Folder] C:\Users\Petra L”seke\appdata\local\{F54689DF-E1EF-4F44-A751-D009E394CD7D} ~~~ FireFox Successfully deleted: [File] C:\Users\Petra L”seke\AppData\Roaming\mozilla\firefox\profiles\9f73itof.default\searchplugins\avira-safesearch.xml Successfully deleted the following from C:\Users\Petra L”seke\AppData\Roaming\mozilla\firefox\profiles\9f73itof.default\prefs.js user_pref("HomeTab_23890.global.DisplayRecentSearches", "true"); user_pref("extensions.aJLPQ94732309TRY102138975com62056.62056.internaldb.__ICM_LITE__blacklist_domain.value", "%7B%22SLIDERS%22%3A%5B%226pm.com%22%2C%22amazon.co.uk%22%2C%22am user_pref("extensions.aJLPQ94732309TRY102138975com62056.62056.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssfiles.com%22%5D% Emptied folder: C:\Users\Petra L”seke\AppData\Roaming\mozilla\firefox\profiles\9f73itof.default\minidumps [1003 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 04.11.2014 at 11:10:11,00 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-11-2014 Ran by Petra Löseke (administrator) on PATTY on 04-11-2014 11:12:26 Running from C:\Users\Petra Löseke\Desktop Loaded Profile: Petra Löseke (Available profiles: Petra Löseke & Marius Löseke) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Lenovo.) C:\Windows\System32\ibmpmsvc.exe (AMD) C:\Windows\System32\atiesrxx.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (UPEK Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe (ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe (Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe (Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe (AMD) C:\Windows\System32\atieclxx.exe (Microsoft Corporation) C:\Windows\System32\alg.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\mkrmsg.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe (Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe () C:\Program Files\CONEXANT\ForteConfig\fmapp.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe (Lenovo Group Limited) C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe (Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe (Sony) C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe (Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe () C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe () C:\Windows\Samsung\PanelMgr\SSMMgr.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe () C:\Windows\Samsung\PanelMgr\caller64.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\Bluetooth Headset Helper.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe (Lenovo) C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe (Lenovo Group Limited) C:\Program Files (x86)\Lenovo\System Update\SUService.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Symantec Corporation) C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2789160 2011-05-19] (Synaptics Incorporated) HKLM\...\Run: [IntelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-07-27] (Intel(R) Corporation) HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [310912 2011-04-26] (Conexant Systems, Inc.) HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] () HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [40808 2011-05-31] (Lenovo Group Limited) HKLM\...\Run: [ALCKRESI.EXE] => C:\Program Files\Lenovo\AutoLock\ALCKRESI.EXE [281960 2011-05-25] (Lenovo Group Limited) HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation) HKLM-x32\...\Run: [RotateImage] => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-05-11] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [Lenovo Registration] => C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe [4351712 2011-07-13] (Lenovo, Inc.) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.) HKLM-x32\...\Run: [Samsung PanelMgr] => C:\Windows\Samsung\PanelMgr\SSMMgr.exe [614400 2009-09-11] () HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152544 2012-12-12] (Apple Inc.) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703736 2014-10-07] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [165168 2014-09-23] (Avira Operations GmbH & Co. KG) HKLM\...\RunOnce: [NCInstallQueue] => rundll32 netman.dll,ProcessQueue Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (UPEK Inc.) HKU\S-1-5-21-2137695456-992688877-1232989452-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.) HKU\S-1-5-21-2137695456-992688877-1232989452-1000\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2676584 2011-09-09] (Hewlett-Packard Co.) HKU\S-1-5-21-2137695456-992688877-1232989452-1000\...\Run: [Sony PC Companion] => C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [468192 2014-09-01] (Sony) HKU\S-1-5-21-2137695456-992688877-1232989452-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-03-07] (Google Inc.) HKU\S-1-5-21-2137695456-992688877-1232989452-1000\...\Policies\system: [LogonHoursAction] 2 HKU\S-1-5-21-2137695456-992688877-1232989452-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 Lsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File GroupPolicy: Group Policy on Chrome detected <======= ATTENTION GroupPolicyUsers\S-1-5-21-2137695456-992688877-1232989452-1001\User: Group Policy restriction detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-2137695456-992688877-1232989452-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP_deDE484 SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP_deDE484 BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll (Symantec Corporation) BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.) BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\coIEPlg.dll (Symantec Corporation) BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\IPS\IPSBHO.DLL (Symantec Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll (Symantec Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\coIEPlg.dll (Symantec Corporation) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF ProfilePath: C:\Users\Petra Löseke\AppData\Roaming\Mozilla\Firefox\Profiles\9f73itof.default FF Homepage: hxxp://www.google.de/ FF NetworkProxy: "no_proxies_on", "*.local" FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_189.dll () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Avira Browser Safety - C:\Users\Petra Löseke\AppData\Roaming\Mozilla\Firefox\Profiles\9f73itof.default\Extensions\abs@avira.com [2014-10-01] FF Extension: Plus-HD-5.0c - C:\Users\Petra Löseke\AppData\Roaming\Mozilla\Firefox\Profiles\9f73itof.default\Extensions\JLPQ94732309@TRY102138975.com [2014-09-20] FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-09-25] FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn [2012-05-17] FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn [2014-11-04] FF HKLM-x32\...\Firefox\Extensions: [VIP@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client FF Extension: Symantec VIP Access Add-On - C:\Program Files (x86)\Symantec\VIP Access Client [2012-03-07] FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04] Chrome: ======= CHR Profile: C:\Users\Petra Löseke\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\Petra Löseke\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-31] CHR Extension: (Google Drive) - C:\Users\Petra Löseke\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-31] CHR Extension: (YouTube) - C:\Users\Petra Löseke\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-31] CHR Extension: (Google-Suche) - C:\Users\Petra Löseke\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-31] CHR Extension: (Google Wallet) - C:\Users\Petra Löseke\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-12] CHR Extension: (Google Mail) - C:\Users\Petra Löseke\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-31] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-10-07] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-10-07] (Avira Operations GmbH & Co. KG) R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [994552 2014-10-07] (Avira Operations GmbH & Co. KG) R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [160560 2014-09-23] (Avira Operations GmbH & Co. KG) R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation) R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo Group Limited) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-07-27] () R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe [138760 2011-08-10] (Symantec Corporation) R2 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [28672 2011-07-25] (Lenovo Group Limited) [File not signed] R2 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [61440 2008-01-10] (Ulead Systems, Inc.) [File not signed] R2 VIPAppService; C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [82544 2011-07-12] (Symantec Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-07] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-07] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG) R3 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120531.001\BHDrvx64.sys [1160824 2012-05-07] (Symantec Corporation) R3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1301000.01C\ccSetx64.sys [167048 2011-08-08] (Symantec Corporation) R3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-06-01] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-06-01] (Symantec Corporation) R3 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120613.007\IDSvia64.sys [488568 2012-05-18] (Symantec Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-04] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation) S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120615.022\ENG64.SYS [120440 2012-06-16] (Symantec Corporation) S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120615.022\EX64.SYS [2068600 2012-06-16] (Symantec Corporation) S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.) R2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13840 2009-03-13] (UPEK Inc.) S3 SRTSP; C:\Windows\system32\drivers\NISx64\1301000.01C\SRTSP64.SYS [729720 2011-08-02] (Symantec Corporation) R3 SRTSPX; C:\Windows\system32\drivers\NISx64\1301000.01C\SRTSPX64.SYS [37496 2011-08-02] (Symantec Corporation) R3 SymDS; C:\Windows\system32\drivers\NISx64\1301000.01C\SYMDS64.SYS [451192 2011-07-25] (Symantec Corporation) R3 SymEFA; C:\Windows\system32\drivers\NISx64\1301000.01C\SYMEFA64.SYS [1084536 2011-07-28] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2012-03-07] (Symantec Corporation) R3 SymIRON; C:\Windows\system32\drivers\NISx64\1301000.01C\Ironx64.SYS [189560 2011-07-25] (Symantec Corporation) R3 SymNetS; C:\Windows\system32\drivers\NISx64\1301000.01C\SYMNETS.SYS [401016 2011-07-25] (Symantec Corporation) S3 catchme; \??\C:\ComboFix\catchme.sys [X] S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-04 11:10 - 2014-11-04 11:10 - 00006626 _____ () C:\Users\Petra Löseke\Desktop\JRT.txt 2014-11-04 11:05 - 2014-11-04 11:05 - 00000000 ____D () C:\Windows\ERUNT 2014-11-04 11:04 - 2014-11-04 11:04 - 01706359 _____ (Thisisu) C:\Users\Petra Löseke\Desktop\JRT.exe 2014-11-04 10:58 - 2014-11-04 10:59 - 00002079 _____ () C:\Users\Petra Löseke\Desktop\AdwCleaner[S3].txt 2014-11-04 10:50 - 2014-11-04 10:50 - 01998336 _____ () C:\Users\Petra Löseke\Desktop\AdwCleaner_4.002.exe 2014-11-04 10:47 - 2014-11-04 10:47 - 00001206 _____ () C:\Users\Petra Löseke\Desktop\mbam.txt 2014-11-04 09:26 - 2014-11-04 09:26 - 00002670 _____ () C:\Users\Petra Löseke\Desktop\malware2.txt 2014-11-04 08:56 - 2014-11-04 08:56 - 00001209 _____ () C:\Users\Petra Löseke\Desktop\malware.txt 2014-11-04 08:35 - 2014-11-04 10:58 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-11-04 08:34 - 2014-11-04 08:34 - 00001113 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-11-04 08:34 - 2014-11-04 08:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-11-04 08:34 - 2014-11-04 08:34 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-11-04 08:34 - 2014-11-04 08:34 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-11-04 08:34 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-11-04 08:34 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-11-04 08:34 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-11-04 08:27 - 2014-11-04 08:27 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Petra Löseke\Desktop\mbam-setup-2.0.3.1025.exe 2014-11-03 13:41 - 2014-11-03 13:41 - 00026636 _____ () C:\ComboFix.txt 2014-11-03 13:18 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe 2014-11-03 13:18 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe 2014-11-03 13:18 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2014-11-03 13:18 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2014-11-03 13:18 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2014-11-03 13:18 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe 2014-11-03 13:18 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe 2014-11-03 13:18 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe 2014-11-03 13:17 - 2014-11-03 13:41 - 00000000 ____D () C:\Qoobox 2014-11-03 13:17 - 2014-11-03 13:40 - 00000000 ____D () C:\Windows\erdnt 2014-11-03 13:15 - 2014-11-03 13:16 - 05591672 ____R (Swearware) C:\Users\Petra Löseke\Desktop\ComboFix.exe 2014-11-03 12:53 - 2014-11-03 12:58 - 00001275 _____ () C:\Users\Petra Löseke\Desktop\Revo Uninstaller.lnk 2014-11-03 12:53 - 2014-11-03 12:58 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2014-11-03 12:50 - 2014-11-03 12:50 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Petra Löseke\Desktop\revosetup95.exe 2014-11-03 12:33 - 2014-11-03 12:33 - 00467832 _____ () C:\Windows\Minidump\110314-14851-01.dmp 2014-11-03 10:43 - 2014-11-03 10:43 - 00002824 _____ () C:\Users\Petra Löseke\Desktop\Gmer.txt 2014-11-03 10:27 - 2014-11-03 10:27 - 00380416 _____ () C:\Users\Petra Löseke\Desktop\Gmer-19357.exe 2014-11-03 10:20 - 2014-11-03 11:04 - 00027049 _____ () C:\Users\Petra Löseke\Desktop\Addition.txt 2014-11-03 10:19 - 2014-11-04 11:12 - 00027660 _____ () C:\Users\Petra Löseke\Desktop\FRST.txt 2014-11-03 10:19 - 2014-11-04 11:12 - 00000000 ____D () C:\FRST 2014-11-03 10:19 - 2014-11-03 10:19 - 02114560 _____ (Farbar) C:\Users\Petra Löseke\Desktop\FRST64.exe 2014-11-03 10:14 - 2014-11-03 10:59 - 00000486 _____ () C:\Users\Petra Löseke\Desktop\defogger_disable.log 2014-11-03 10:14 - 2014-11-03 10:14 - 00050477 _____ () C:\Users\Petra Löseke\Desktop\Defogger.exe 2014-11-03 10:14 - 2014-11-03 10:14 - 00000000 _____ () C:\Users\Petra Löseke\defogger_reenable 2014-11-02 15:47 - 2014-11-02 15:47 - 00001170 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-11-02 15:47 - 2014-11-02 15:47 - 00001158 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-11-02 15:47 - 2014-11-02 15:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-11-02 15:46 - 2014-11-02 15:47 - 36250792 _____ () C:\Users\Petra Löseke\Downloads\firefox_setup_33.0.2.exe 2014-10-24 06:58 - 2014-10-24 06:58 - 01962496 _____ () C:\Users\Petra Löseke\Desktop\adwcleaner_4.001.exe 2014-10-21 08:15 - 2014-10-21 08:16 - 00000000 ____D () C:\Users\Petra Löseke\Desktop\Videoaufnahmen 2014-10-15 06:38 - 2014-11-03 11:03 - 00002459 _____ () C:\Users\Petra Löseke\Desktop\AdwCleaner[S1].txt 2014-10-14 12:10 - 2014-10-14 12:10 - 00001148 _____ () C:\Users\Public\Desktop\Avira.lnk 2014-10-12 07:43 - 2010-08-30 07:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll 2014-10-12 07:42 - 2014-11-04 10:55 - 00000000 ____D () C:\AdwCleaner 2014-10-12 07:34 - 2014-10-12 07:35 - 00000199 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc 2014-10-05 07:54 - 2014-10-05 07:54 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_netaapl64_01009.Wdf ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-04 11:11 - 2012-06-12 19:15 - 00000000 ____D () C:\Users\Petra Löseke\Documents\Outlook-Dateien 2014-11-04 11:10 - 2012-03-07 10:44 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-11-04 11:06 - 2012-10-14 20:42 - 00000000 ____D () C:\Users\Petra Löseke\AppData\Local\CrashDumps 2014-11-04 11:04 - 2009-07-14 05:45 - 00024400 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-11-04 11:04 - 2009-07-14 05:45 - 00024400 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-11-04 11:01 - 2012-11-18 19:46 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-11-04 11:00 - 2012-03-07 18:53 - 00661968 _____ () C:\Windows\system32\perfh007.dat 2014-11-04 11:00 - 2012-03-07 18:53 - 00131972 _____ () C:\Windows\system32\perfc007.dat 2014-11-04 11:00 - 2009-07-14 06:13 - 01686600 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-11-04 10:57 - 2012-06-23 16:29 - 00000000 ____D () C:\Users\Petra Löseke\AppData\Roaming\Skype 2014-11-04 10:57 - 2012-03-07 10:44 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-11-04 10:56 - 2012-06-22 11:57 - 00000432 _____ () C:\Windows\system32\Drivers\etc\hosts.ics 2014-11-04 10:56 - 2010-11-21 04:47 - 00666160 _____ () C:\Windows\PFRO.log 2014-11-04 10:56 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-11-04 10:56 - 2009-07-14 05:51 - 00171405 _____ () C:\Windows\setupact.log 2014-11-04 10:55 - 2012-03-07 10:12 - 01383026 _____ () C:\Windows\WindowsUpdate.log 2014-11-04 08:58 - 2012-05-17 08:36 - 00000000 ____D () C:\Users\Petra Löseke 2014-11-03 20:45 - 2012-09-27 20:53 - 00000000 ____D () C:\Users\Petra Löseke\Documents\Rezepte 2014-11-03 15:49 - 2009-07-14 06:32 - 00000000 ____D () C:\Windows\system32\FxsTmp 2014-11-03 13:54 - 2012-03-07 10:16 - 01707010 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2014-11-03 13:41 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default 2014-11-03 13:35 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini 2014-11-03 13:08 - 2014-09-19 18:00 - 00000000 ____D () C:\Users\Petra Löseke\AppData\Roaming\0D1F2W1G1I1F1T1QyE2W1L1G1Q1F2W1B 2014-11-03 12:33 - 2012-07-01 21:14 - 00000000 ____D () C:\Windows\Minidump 2014-11-03 12:33 - 2012-07-01 21:13 - 668823798 _____ () C:\Windows\MEMORY.DMP 2014-11-03 10:57 - 2013-02-28 11:58 - 00000000 ____D () C:\Users\Petra Löseke\Documents\Ausgaben 2014-11-02 15:47 - 2014-09-25 07:23 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-11-02 07:14 - 2013-02-26 18:47 - 00000000 ____D () C:\Users\Petra Löseke\Documents\Marius 2014-10-22 17:05 - 2012-03-07 10:44 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-10-22 17:05 - 2012-03-07 10:44 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-10-21 06:53 - 2009-07-14 06:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-10-19 12:40 - 2012-05-17 17:57 - 00000000 ____D () C:\Users\Marius Löseke 2014-10-19 10:15 - 2012-09-27 20:56 - 00000000 ____D () C:\Users\Petra Löseke\Documents\BBS 3 Unterricht 2014-10-16 06:22 - 2014-06-12 08:32 - 00000000 ____D () C:\Users\Petra Löseke\AppData\Local\Adobe 2014-10-16 06:07 - 2012-11-18 19:46 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-10-16 06:07 - 2012-11-18 19:46 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-10-16 06:07 - 2012-11-18 19:46 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-10-15 20:26 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF 2014-10-14 15:24 - 2014-09-19 15:53 - 00000000 ____D () C:\Users\Petra Löseke\AppData\Roaming\.minecraft 2014-10-14 15:06 - 2012-09-27 20:54 - 00000000 ____D () C:\Users\Petra Löseke\Documents\Briefe 2014-10-14 12:10 - 2014-05-06 12:42 - 00000000 ____D () C:\ProgramData\Package Cache 2014-10-14 12:10 - 2013-03-02 09:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2014-10-14 12:10 - 2013-03-02 09:26 - 00000000 ____D () C:\Program Files (x86)\Avira 2014-10-10 15:05 - 2012-03-07 10:10 - 00279082 _____ () C:\Windows\DPINST.LOG 2014-10-10 15:02 - 2014-09-09 17:33 - 00002037 _____ () C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk 2014-10-10 15:02 - 2014-01-30 22:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony 2014-10-10 15:01 - 2012-03-07 10:12 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-10-09 20:49 - 2014-04-23 16:54 - 00000582 _____ () C:\Windows\system32\ScanResults.xml 2014-10-07 12:23 - 2013-05-07 12:32 - 00043064 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys 2014-10-07 12:23 - 2013-03-27 13:26 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2014-10-07 12:23 - 2013-03-27 13:26 - 00119272 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2014-10-05 19:18 - 2014-04-30 10:43 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk Files to move or delete: ==================== C:\Users\Petra Löseke\avira_de_av___ws.exe C:\Users\Petra Löseke\avira_speedup.exe C:\Users\Petra Löseke\install_flashplayer14x32au_ltr5x64d_awc_aih.exe Some content of TEMP: ==================== C:\Users\Petra Löseke\AppData\Local\Temp\avgnt.exe C:\Users\Petra Löseke\AppData\Local\Temp\Quarantine.exe C:\Users\Petra Löseke\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-10-26 11:11 ==================== End Of Log ============================ So, ich hoffe, dass alles dabei ist. Danke schon mal und bis bald! LG Peloe |
04.11.2014, 20:39 | #6 |
/// the machine /// TB-Ausbilder | Jeder Klick zwei neue Werbefenster, Adware ohne Ende, Download- und Update AufforderungenESET Online Scanner
Downloade Dir bitte SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ --> Jeder Klick zwei neue Werbefenster, Adware ohne Ende, Download- und Update Aufforderungen |
05.11.2014, 13:55 | #7 |
| Jeder Klick zwei neue Werbefenster, Adware ohne Ende, Download- und Update Aufforderungen hier der log von eset: Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7623 # api_version=3.0.2 # EOSSerial=c497c8405d95df4591fdae3d89c7adbc # engine=20936 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2014-11-05 12:18:30 # local_time=2014-11-05 01:18:30 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1031 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='Avira Desktop' # compatibility_mode=1810 16777213 100 100 19364 159742088 0 0 # compatibility_mode_1='' # compatibility_mode=5893 16776573 100 94 831944 166819760 0 0 # scanned=414664 # found=143 # cleaned=0 # scan_time=14344 sh=28A2197E6556B501C7D9C4D111BD9676C5CD6E13 ft=1 fh=3255a3c07fbe8343 vn="Win32/Toolbar.Babylon.T evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Reimage\Reimage Repair\ReimageRepair.exe.vir" sh=A39C55E362199542330244B280735468B730D9E2 ft=1 fh=349dd8a04a8f8b58 vn="Variante von MSIL/AdvancedSystemProtector.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe.vir" sh=22D2DDD066089C7CE3D77251A17EE75198A1342B ft=1 fh=da73685930070287 vn="Variante von MSIL/AdvancedSystemProtector.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Advanced System Protector\AspManager.exe.vir" sh=94DCD04C16D15948089FB51150E2A9F711812090 ft=1 fh=7d051ae8688787b2 vn="Variante von Win32/Systweak.K evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Advanced System Protector\ASPUninstall.exe.vir" sh=E463D7177802CC2DE1AD0E7B042FABBE71B51030 ft=1 fh=fcee3b1c91bcf815 vn="Win32/Systweak.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Advanced System Protector\Communication.dll.vir" sh=866698A8AC36996FDF5AB67F502FEA5955C7C450 ft=1 fh=181b648461105be7 vn="Variante von MSIL/AdvancedSystemProtector.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Advanced System Protector\filetypehelper.exe.vir" sh=70F105875DE6420CEDC5674F3F3C0ED9D4BE5728 ft=1 fh=43fda2c9df0909f5 vn="Variante von MSIL/AdvancedSystemProtector.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Advanced System Protector\scandll.dll.vir" sh=476063885747EDD774A6B8CB2790703503A75A55 ft=1 fh=d7bb79193adaee2e vn="Win32/Systweak.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Advanced System Protector\SSDPTstub.exe.vir" sh=05BBF923EFFC0CEAC46F97D7A4338AE75A00C02D ft=1 fh=bf0cf04aa4aad68d vn="MSIL/AdvancedSystemProtector.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Advanced System Protector\Troubleshooter\asp-fixer.com.vir" sh=05BBF923EFFC0CEAC46F97D7A4338AE75A00C02D ft=1 fh=bf0cf04aa4aad68d vn="MSIL/AdvancedSystemProtector.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Advanced System Protector\Troubleshooter\asp-fixer.exe.vir" sh=05BBF923EFFC0CEAC46F97D7A4338AE75A00C02D ft=1 fh=bf0cf04aa4aad68d vn="MSIL/AdvancedSystemProtector.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Advanced System Protector\Troubleshooter\asp-fixer.pif.vir" sh=05BBF923EFFC0CEAC46F97D7A4338AE75A00C02D ft=1 fh=bf0cf04aa4aad68d vn="MSIL/AdvancedSystemProtector.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Advanced System Protector\Troubleshooter\asp-fixer.scr.vir" sh=05BBF923EFFC0CEAC46F97D7A4338AE75A00C02D ft=1 fh=bf0cf04aa4aad68d vn="MSIL/AdvancedSystemProtector.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Advanced System Protector\Troubleshooter\firefox.com.vir" sh=05BBF923EFFC0CEAC46F97D7A4338AE75A00C02D ft=1 fh=bf0cf04aa4aad68d vn="MSIL/AdvancedSystemProtector.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Advanced System Protector\Troubleshooter\iexplore.exe.vir" sh=95BAB6B16CBF1F91FEC7D9474333F69C4C672619 ft=1 fh=d866222b6395102f vn="Variante von Win32/AnyProtect.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AnyProtectEx\AnyProtectTrayIcon.exe.vir" sh=10903598F769E2AC5F1E2372E90F6722A3A860B7 ft=1 fh=89560075533c3d40 vn="Win32/SaveSense.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SaveSenseLive\Update\1.3.23.0\npGoogleUpdate3.dll.vir" sh=88482528CE4F67A1004B50BA93282CEACCEDE534 ft=1 fh=e40b702402e604d5 vn="Win32/SaveSense.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SaveSenseLive\Update\1.3.23.0\psmachine.dll.vir" sh=FABF99D84DAE1B16B0BDBA7003ACA991AE40DB47 ft=1 fh=2aca0aed277d57d6 vn="Win32/SaveSense.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SaveSenseLive\Update\1.3.23.0\SaveSenseLive.exe.vir" sh=70D49B9ABA391E6976DAB5C4BEA63733459B3F1C ft=1 fh=0b76a05977e7722a vn="Win32/SaveSense.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SaveSenseLive\Update\1.3.23.0\SaveSenseLiveBroker.exe.vir" sh=FABF99D84DAE1B16B0BDBA7003ACA991AE40DB47 ft=1 fh=2aca0aed277d57d6 vn="Win32/SaveSense.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SaveSenseLive\Update\1.3.23.0\SaveSenseLiveHandler.exe.vir" sh=F09B9B9B1D16D1539D23CC6ACDE0DC7BC983DF59 ft=1 fh=2dbadf99ca2df2d7 vn="Win32/SaveSense.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SaveSenseLive\Update\1.3.23.0\SaveSenseLiveOnDemand.exe.vir" sh=F15DD99A82E5FEBC2F273F1D3FA31C9AEDCEC1F3 ft=1 fh=7ed163d47c85f857 vn="Variante von Win32/Toolbar.MyWebSearch.AC evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\VideoDownloadConverter\npVDCPlugin.dll.vir" sh=8744B5141DF186B200D7D49CA33FE666DF75B920 ft=1 fh=0fb37247ba975883 vn="Variante von Win32/Toolbar.MyWebSearch.AC evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\VideoDownloadConverter\VDCScriptHelper.dll.vir" sh=B5ED1E639B7D9AD3C0F3C81E5AA2E9F88DDFEB65 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Marius Löseke\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjiibbppkaibndmgapooidfnmdjbecii\1.25.9_0\extensionData\plugins\102_dealply_m.js.vir" sh=FC28D62EDB6C0C353E97185BB4B6DC87F5EDED14 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Marius Löseke\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjiibbppkaibndmgapooidfnmdjbecii\1.25.9_0\extensionData\plugins\103_intext_5_m.js.vir" sh=8BFBBD749FDAA46297DA7F28A30E29C55FD72880 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Marius Löseke\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjiibbppkaibndmgapooidfnmdjbecii\1.25.9_0\extensionData\plugins\104_jollywallet_m.js.vir" sh=0B21E41A47E579081215969619861996F43524B1 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Marius Löseke\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjiibbppkaibndmgapooidfnmdjbecii\1.25.9_0\extensionData\plugins\105_corticas_m.js.vir" sh=30AFCC1D03C04E68202593C239C4964A29BA2E15 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Marius Löseke\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjiibbppkaibndmgapooidfnmdjbecii\1.25.9_0\extensionData\plugins\108_icm_m.js.vir" sh=7F7359D9F0900191297BFDF5B85D5CDF588CD9EA ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Marius Löseke\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjiibbppkaibndmgapooidfnmdjbecii\1.25.9_0\extensionData\plugins\117_coupons_intext_ads_5_m.js.vir" sh=FE3704EEF2BFB9DCA552518E7AEC9D6AFC1ED15C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Marius Löseke\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjiibbppkaibndmgapooidfnmdjbecii\1.25.9_0\extensionData\plugins\119_similar_web_m.js.vir" sh=35CE3B76158991DDEA79CAF0C1F826A7EE18A820 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Marius Löseke\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjiibbppkaibndmgapooidfnmdjbecii\1.25.9_0\extensionData\plugins\120_luck_m.js.vir" sh=E106EF12FBA54AD37717391E3A2A8B7416B0A30E ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Marius Löseke\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjiibbppkaibndmgapooidfnmdjbecii\1.25.9_0\extensionData\plugins\123_intext_adv_m.js.vir" sh=6376FE6DF3E7E394FAE45C47A1FDE1CF41CAFBFD ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Marius Löseke\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjiibbppkaibndmgapooidfnmdjbecii\1.25.9_0\extensionData\plugins\124_superfish_no_search_no_coupons_m.js.vir" sh=D295E3F253D0942BD3114F61DEF5D78DD0FC5BFB ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Marius Löseke\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjiibbppkaibndmgapooidfnmdjbecii\1.25.9_0\extensionData\plugins\125_arcadi2_m.js.vir" sh=3CFE90E3825BB08EB9B4222552FAC05360188207 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Marius Löseke\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjiibbppkaibndmgapooidfnmdjbecii\1.25.9_0\extensionData\plugins\126_revizer_ws_m.js.vir" sh=031F6CD140ED363E0F137E627AE1FE4DED5714E2 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Marius Löseke\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjiibbppkaibndmgapooidfnmdjbecii\1.25.9_0\extensionData\plugins\127_revizer_p_m.js.vir" sh=8127B97C670D583EED3F89EDB7543D51CC90FDB5 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Marius Löseke\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjiibbppkaibndmgapooidfnmdjbecii\1.25.9_0\extensionData\plugins\128_superfish_pricora_m.js.vir" sh=BB2946641B9FEB2F76D281220A52220336E454E1 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Marius Löseke\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjiibbppkaibndmgapooidfnmdjbecii\1.25.9_0\extensionData\plugins\135_arcadi3_m.js.vir" sh=8BD506BDCB470B73FE581B4DA1769AD9FBCAF0D8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Marius Löseke\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjiibbppkaibndmgapooidfnmdjbecii\1.25.9_0\extensionData\plugins\138_getdeal_m.js.vir" sh=90A4F559561CF603A203F93D56C80B17B8152325 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Marius Löseke\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjiibbppkaibndmgapooidfnmdjbecii\1.25.9_0\extensionData\plugins\141_corticas_ru_m.js.js.vir" sh=8395A2B6D59D2F3EDDCFC863DDA2F674396DC74C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Marius Löseke\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjiibbppkaibndmgapooidfnmdjbecii\1.25.9_0\extensionData\plugins\142_intext_fa_m.js.vir" sh=AE2D5CE395EE9CD2595F77F616E574F4794B1152 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Marius Löseke\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjiibbppkaibndmgapooidfnmdjbecii\1.25.9_0\extensionData\plugins\155_ibario_pops_m.js.vir" sh=0CEB1A073B87956FD1F21F8425B8F76015B1BCD8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Marius Löseke\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjiibbppkaibndmgapooidfnmdjbecii\1.25.9_0\extensionData\plugins\158_50onred_ads_only_no_fb_m.js.vir" sh=441E98540BDEC21B7E534C2B317AE91925F6CEE7 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Marius Löseke\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjiibbppkaibndmgapooidfnmdjbecii\1.25.9_0\extensionData\plugins\159_cortica_rollover_m.js.vir" sh=C8B01A1511A63AEC3D40B1D045034D76B1E85EFD ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Marius Löseke\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjiibbppkaibndmgapooidfnmdjbecii\1.25.9_0\extensionData\plugins\171_arcadi2_sourceID_m.js.vir" sh=078C314715CCC0DE7547172AD4B810FD754115C6 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Marius Löseke\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjiibbppkaibndmgapooidfnmdjbecii\1.25.9_0\extensionData\plugins\174_arcadi_serp_dynamic_id_m.js.vir" sh=220B01F705C009D135199A26C85EB536B16C9D6E ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Marius Löseke\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjiibbppkaibndmgapooidfnmdjbecii\1.25.9_0\extensionData\plugins\175_coolmirage_m.js.vir" sh=CFFCA6A4EE3A0DF2319440491BB297ADEC6EEF37 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Marius Löseke\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjiibbppkaibndmgapooidfnmdjbecii\1.25.9_0\extensionData\plugins\178_revizer_ws_dynamic_m.js.vir" sh=ADB54DE323736C99B4191A45B478B70DF1B7B945 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Marius Löseke\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjiibbppkaibndmgapooidfnmdjbecii\1.25.9_0\extensionData\plugins\179_revizer_p_dynamic_m.js.vir" sh=C9A8D5AE55FA65E00EE75767C5D2E9B56041858D ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Marius Löseke\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjiibbppkaibndmgapooidfnmdjbecii\1.25.9_0\extensionData\plugins\180_bpo_serp_m.js.vir" sh=24E6E5A06D24A5CC24C0B705FDB089FD4FEC70AC ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Marius Löseke\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjiibbppkaibndmgapooidfnmdjbecii\1.25.9_0\extensionData\plugins\184_noproblemppc_m.js.vir" sh=C450AA599E6408FB93F66538C89B8D8B7799642D ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Marius Löseke\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjiibbppkaibndmgapooidfnmdjbecii\1.25.9_0\extensionData\plugins\189_active_sanity.js.vir" sh=6B3C17F9D4BD40BFCF87831196C40DBA3C4DB14C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Marius Löseke\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjiibbppkaibndmgapooidfnmdjbecii\1.25.9_0\extensionData\plugins\190_pops_5_m.js.vir" sh=9F07ACC96BC246F25975479E9382CDF88E7D8711 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Marius Löseke\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjiibbppkaibndmgapooidfnmdjbecii\1.25.9_0\extensionData\plugins\191_ciuvo_m.js.vir" sh=F913C9EE03B4CCE8680961DBF505FA17BAC140F0 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Marius Löseke\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjiibbppkaibndmgapooidfnmdjbecii\1.25.9_0\extensionData\plugins\192_revizer_ws_dynamic_b2b_m.js.vir" sh=28F70DF1D28964084CCA8382AE4ADA97EF0C4C0A ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Marius Löseke\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjiibbppkaibndmgapooidfnmdjbecii\1.25.9_0\extensionData\plugins\193_revizer_p_dynamic_b2b_m.js.vir" sh=2B2BD3E9AC85BA029FFFBBD266DDE00AC85817F3 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Marius Löseke\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjiibbppkaibndmgapooidfnmdjbecii\1.25.9_0\extensionData\plugins\194_retargeting_bi_m.js.js.vir" sh=DB6D60F85147D2C1DF2F166A67BDBBDAE73CE0E5 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Marius Löseke\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjiibbppkaibndmgapooidfnmdjbecii\1.25.9_0\extensionData\plugins\195_icm_convertmedia_m.js.vir" sh=0A113BDC19C5B96609992E6C9D972B814B918109 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Marius Löseke\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjiibbppkaibndmgapooidfnmdjbecii\1.25.9_0\extensionData\plugins\197_kreapixel_pops_m.js.vir" sh=9A67AB016B12405F2FF8E65A64A035E46421F243 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Marius Löseke\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjiibbppkaibndmgapooidfnmdjbecii\1.25.9_0\extensionData\plugins\198_superfish_no_search_no_coupons_plushd_m.js.vir" sh=6DF0914CB2A51AA8E7F1BDDEC414B8969C38A6F7 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Marius Löseke\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjiibbppkaibndmgapooidfnmdjbecii\1.25.9_0\extensionData\plugins\199_superfish_no_coupons_plushd_m.js.vir" sh=61DB672F16D1D9053F6B8D591E51C53BA3165770 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Marius Löseke\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjiibbppkaibndmgapooidfnmdjbecii\1.25.9_0\extensionData\plugins\200_foxydeal_m.js.vir" sh=392B3EB529AF22E57C2AC4076E7702176010694C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Marius Löseke\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjiibbppkaibndmgapooidfnmdjbecii\1.25.9_0\extensionData\plugins\204_pricedetect_m.js.vir" sh=CEFE3720E5F8912F0E75E7966BA64F23C0DAA130 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Marius Löseke\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjiibbppkaibndmgapooidfnmdjbecii\1.25.9_0\extensionData\plugins\91_monetizationLoader.js.js.vir" sh=0C5AC30A082628E85A9A8B68EF5E5EAFA46F0CC7 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Marius Löseke\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjiibbppkaibndmgapooidfnmdjbecii\1.25.9_0\extensionData\plugins\93_superfish_no_coupons_m.js.vir" sh=A1280B1F085B8284DC157EC359BD1ADA091CFE7E ft=1 fh=d8aa3384d1249a40 vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Marius Löseke\AppData\LocalLow\FileConverter_1.3\ldrtbFile.dll.vir" sh=81AF7CFB10091601ED1B82B92BDA2A254AA2B82F ft=1 fh=b76578e523b80dbc vn="Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Marius Löseke\AppData\LocalLow\FileConverter_1.3\tbFil1.dll.vir" sh=92E84D2216A7763D580E42FA2493CCF67D0D0560 ft=1 fh=e8efc42494afd9f6 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Marius Löseke\AppData\LocalLow\FileConverter_1.3\tbFile.dll.vir" sh=B5C93DA0C608B26C9487ABC49CCB643C9A15ED33 ft=1 fh=75f1c65aa8a331ed vn="Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Marius Löseke\AppData\LocalLow\FileConverter_1.3\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.6.12\bin\PriceGongIE.dll.vir" sh=AD3EB5C38E33919317F46331E93E669105497F07 ft=1 fh=f28f6a642fe78f79 vn="Variante von Win32/Conduit.SearchProtect.N evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Marius Löseke\AppData\Roaming\Mozilla\Firefox\Profiles\y6gjrcn2.default\Extensions\{78e516ef-11de-47a1-8364-a99b917ec5ee}\ctypes\FirefoxCtype.dll.vir" sh=545537DD6DF32D4ADCA7CD093735EB727CF3B98E ft=1 fh=c14d1e35487b28c7 vn="Variante von Win32/Conduit.SearchProtect.N evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Marius Löseke\AppData\Roaming\Mozilla\Firefox\Profiles\y6gjrcn2.default\Extensions\{78e516ef-11de-47a1-8364-a99b917ec5ee}\Plugins\npFirefoxPlugin.dll.vir" sh=72DBF7896EDE9C8A956BBEC460AEF550FFA3CC9D ft=1 fh=15d2f84eb4cedb61 vn="Variante von Win32/ReImageRepair.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Petra Löseke\ReimageRepair.exe.vir" sh=39A35BC70498C0500C5CB9EBC72A392244AECF8D ft=1 fh=c71c00110fe1072b vn="Win32/AnyProtect.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Petra Löseke\AppData\Local\AnyProtectScannerSetup.exe.vir" sh=8E6A6992A3C7FEC4000FA1A4D764DD597109E0B5 ft=1 fh=c71c0011cd00713e vn="Win32/NextLive.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Petra Löseke\AppData\Local\genienext\nengine.dll.vir" sh=B2C09DC8D9F5020A619DA4E5975BD8B5A0C1DB7D ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Petra Löseke\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjiibbppkaibndmgapooidfnmdjbecii\1.26.63_0\extensionData\plugins\91.js.vir" sh=33678C386B71567C68D706CBA354B27DC5CA79DE ft=1 fh=3866b922ba5c4fbb vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Petra Löseke\AppData\Local\LPT\Smartbar.Resources.HistoryAndStatsWrapper.dll.vir" sh=C2381968A9AD145C3150D5E7599DE1A1DF1341C1 ft=1 fh=97f16ef6626bc348 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Petra Löseke\AppData\Local\LPT\sppsm.dll.vir" sh=FCBC72F213915C43CA007CEB88643A1E225BF86B ft=1 fh=71cbf6b304d66e83 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Petra Löseke\AppData\Local\LPT\spusm.dll.vir" sh=1047E8DE2E8C177E2E9140E3DB72679ABAD86AC3 ft=1 fh=dc4103cd1fc98cca vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Petra Löseke\AppData\Local\LPT\srbs.dll.vir" sh=91A1A1A8479DAE2ADC860AD471B42921DE243E39 ft=1 fh=c33beb7552fd7a2a vn="Variante von MSIL/Toolbar.Linkury.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Petra Löseke\AppData\Local\LPT\srbu.dll.vir" sh=5987165033C8B1D2C272227AB9E7B1C6B44078D8 ft=1 fh=c61f67bcbeaff236 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Petra Löseke\AppData\Local\LPT\srpt.dll.vir" sh=D6CFE89E51D1CF5C0043E538BC26C4477CE3EF3E ft=0 fh=0000000000000000 vn="Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Petra Löseke\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie2.2.0.zip.vir" sh=95826B332BD1AC0543C2BA4DB637D082A994B1E5 ft=1 fh=f3159d8e366dd55a vn="Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Petra Löseke\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\DaemonProcess.exe.vir" sh=749E0C6D85971204E397EAE65ED10A9A4AEF40AB ft=1 fh=ef830199de104882 vn="Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Petra Löseke\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\Mobogenie.exe.vir" sh=1FD24BAE5755536F5B1CDF3F46A6C75BFD137933 ft=0 fh=0000000000000000 vn="Variante von Android/Mobserv.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Petra Löseke\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\MUServer.apk.vir" sh=8E6A6992A3C7FEC4000FA1A4D764DD597109E0B5 ft=1 fh=c71c0011cd00713e vn="Win32/NextLive.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Petra Löseke\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\nengine.dll.vir" sh=93AD648467F47DC2708810D169F26F4A814778C5 ft=1 fh=e589ccabe231da4b vn="Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Petra Löseke\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\New_UpdateMoboGenie.exe.vir" sh=33D68AA5491E0A62E2BEFBD13B6929521EC0FE11 ft=1 fh=38d272f6d66d8239 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Petra Löseke\AppData\Local\Smartbar\Application\Smartbar.GUI.Controls.dll.vir" sh=D3D63F97722A9F4FFCF41CD794F75B0A7BCFF8E1 ft=1 fh=9326a7c066447249 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Petra Löseke\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Core.dll.vir" sh=E151EF54AF2358171ADD6CE05921469FA71EAC98 ft=1 fh=16481205beaa6b0d vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Petra Löseke\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.ChromeLocalPlugin.dll.vir" sh=3DCCC212380A45E78D8F8F21BB41DDA378CE8FC0 ft=1 fh=ce1f22ce80fb2bc0 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Petra Löseke\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.FireFoxLocalPlugin.dll.vir" sh=89AB082151A5E62E052F4BCA732EF25E0E623B2B ft=1 fh=f84d399bb6d29316 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Petra Löseke\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.InternetExplorerLocalPlugin.dll.vir" sh=33678C386B71567C68D706CBA354B27DC5CA79DE ft=1 fh=3866b922ba5c4fbb vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Petra Löseke\AppData\Local\Smartbar\Application\Smartbar.Resources.HistoryAndStatsWrapper.dll.vir" sh=C3945172404B04FF1FDADDC1BCDB0AF069E108AE ft=1 fh=f1842581aea3005a vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Petra Löseke\AppData\Local\Smartbar\Application\SmartbarInternetExplorerBHO.dll.vir" sh=6CAD4F5E37EA8273071D448E240194374D4E3A99 ft=1 fh=f5aca63a1d99f8a3 vn="Variante von MSIL/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Petra Löseke\AppData\Local\Smartbar\Application\SmartbarInternetExplorerExtension.dll.vir" sh=F38F2A77C2F1C2E974E99257AC72CC47520D270B ft=1 fh=53fbf320d771d0e3 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Petra Löseke\AppData\Local\Smartbar\Application\smta.dll.vir" sh=73425F3D8C8D2381297D91CD6D7A29C62AD59731 ft=1 fh=3ab98182bcd5f251 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Petra Löseke\AppData\Local\Smartbar\Application\smtu.dll.vir" sh=CAC2475879A69B7D879DEE02DDA8D3BC115DEFB2 ft=1 fh=343c776b0108a1e8 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Petra Löseke\AppData\Local\Smartbar\Application\spbe.dll.vir" sh=BA2F7BFAE8914B9B5B978E7036E39891CA4DF714 ft=1 fh=79a2b181e386b826 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Petra Löseke\AppData\Local\Smartbar\Application\spbl.dll.vir" sh=C2381968A9AD145C3150D5E7599DE1A1DF1341C1 ft=1 fh=97f16ef6626bc348 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Petra Löseke\AppData\Local\Smartbar\Application\sppsm.dll.vir" sh=FCBC72F213915C43CA007CEB88643A1E225BF86B ft=1 fh=71cbf6b304d66e83 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Petra Löseke\AppData\Local\Smartbar\Application\spusm.dll.vir" sh=E5107E6467B15B967C903D8E48DF7906077656E7 ft=1 fh=3e996af41a18cd4f vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Petra Löseke\AppData\Local\Smartbar\Application\srau.dll.vir" sh=1047E8DE2E8C177E2E9140E3DB72679ABAD86AC3 ft=1 fh=dc4103cd1fc98cca vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Petra Löseke\AppData\Local\Smartbar\Application\srbs.dll.vir" sh=91A1A1A8479DAE2ADC860AD471B42921DE243E39 ft=1 fh=c33beb7552fd7a2a vn="Variante von MSIL/Toolbar.Linkury.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Petra Löseke\AppData\Local\Smartbar\Application\srbu.dll.vir" sh=F487724FFF4720B5A8B9496CC2571162F842A0E4 ft=1 fh=597aa9aa7cf77f8e vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Petra Löseke\AppData\Local\Smartbar\Application\srpu.dll.vir" sh=EB35280B7E1C13B999B4778CDAB1D15D9AC939FB ft=1 fh=e43d47ebe8871f43 vn="Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Petra Löseke\AppData\Local\Smartbar\Application\amfclgbdpgndipgoegfpkkgobahigbcl\GoogleChromeRemotePlugin.dll.vir" sh=4AC367267605A307BDCF5B6DC733B54C900A780E ft=1 fh=c396e249fc954766 vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Petra Löseke\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_24.dll.vir" sh=38A21287030CEF47C7DA2BF5B2399CA438CB125B ft=1 fh=b1eb23e976cc9e83 vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Petra Löseke\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_25.dll.vir" sh=0693C65EA6768E1CF41AC653A2110352D80E490A ft=1 fh=52c89069366453c4 vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Petra Löseke\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_26.dll.vir" sh=E02713A12F351951CEB33006E257FA8AD7F2E0CD ft=1 fh=921c5401492c1c6d vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Petra Löseke\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_27.dll.vir" sh=743666E8FACC7E07CDEBE6B9A21A29C4273B42E3 ft=1 fh=1d1836d6504c0794 vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Petra Löseke\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_28.dll.vir" sh=E6C8F368B323F38031060BC0307C8501939B1037 ft=1 fh=1b9fe7eff54065f1 vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Petra Löseke\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_29.dll.vir" sh=A1280B1F085B8284DC157EC359BD1ADA091CFE7E ft=1 fh=d8aa3384d1249a40 vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Petra Löseke\AppData\LocalLow\FileConverter_1.3\ldrtbFile.dll.vir" sh=92E84D2216A7763D580E42FA2493CCF67D0D0560 ft=1 fh=e8efc42494afd9f6 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Petra Löseke\AppData\LocalLow\FileConverter_1.3\tbFile.dll.vir" sh=62593592F16DECDF78103F7AA764BAC8DC8767F2 ft=1 fh=af70f76a6b90370a vn="Variante von Win32/DealPly.M evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Petra Löseke\AppData\Roaming\FoxTab\UpdateProc\UpdateTask.exe.vir" sh=0885FDAAB78F9E3B0330396E09D5C62687E77E46 ft=1 fh=1aee2f2bb04d775a vn="Variante von Win32/Toolbar.MyWebSearch.AI evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Petra Löseke\AppData\Roaming\Mozilla\Firefox\Profiles\9f73itof.default\Extensions\4zffxtbr@VideoDownloadConverter_4z.com\plugins\EXEManager.dll.vir" sh=7E476CBC20B540F11239EC2A5C617FF221BF52CC ft=1 fh=80c7b6f3be1d69d2 vn="Variante von Win32/Toolbar.MyWebSearch.AI evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Petra Löseke\AppData\Roaming\Mozilla\Firefox\Profiles\9f73itof.default\Extensions\4zffxtbr@VideoDownloadConverter_4z.com\plugins\FF-NativeMessagingDispatcher.dll.vir" sh=50011C0296AD3EAA8E01F40FAC69764C7D4B9754 ft=1 fh=8353d9c34311742e vn="Variante von Win32/Toolbar.MyWebSearch.AC evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Petra Löseke\AppData\Roaming\Mozilla\Firefox\Profiles\9f73itof.default\Extensions\4zffxtbr@VideoDownloadConverter_4z.com\plugins\Verify.dll.vir" sh=476063885747EDD774A6B8CB2790703503A75A55 ft=1 fh=d7bb79193adaee2e vn="Win32/Systweak.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Petra Löseke\AppData\Roaming\Systweak\ssd\SSDPTstub.exe.vir" sh=D4CC48D139C141781B8D9EC5330FDB3057D3DF88 ft=1 fh=34d17fc7c29d944b vn="Variante von Win64/Systweak.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\System32\roboot64.exe.vir" sh=32DB15F329E19119A7DFA5196CC38864BB1FFD6C ft=1 fh=4a0254390fe1072b vn="Win32/AnyProtect.D evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Petra Löseke\AppData\Local\nsu7F6F.tmp.vir" sh=E07CB325BE550F868956401CBC3EC871225206C4 ft=1 fh=9615b3ba082b99db vn="Variante von Win64/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\rei\Temp\20140420_1750\Installer\C_drive\Program Files (x86)\plus-hd-5.0\plus-hd-5.0-bho64.dll" sh=25DFF371C1801FAA4D3F3E74DDCA4BDEB12D467B ft=1 fh=5f5d9c13d5d87e69 vn="Variante von Win32/Toolbar.CrossRider.T evtl. unerwünschte Anwendung" ac=I fn="C:\rei\Temp\20140420_1750\Installer\C_drive\Program Files (x86)\plus-hd-5.0\plus-hd-5.0-codedownloader.exe" sh=0F31050CECACE3BF8BA4F4F53442321ED64AF61A ft=1 fh=d68ad4a2dba0f049 vn="Win32/Toolbar.CrossRider.T evtl. unerwünschte Anwendung" ac=I fn="C:\rei\Temp\20140420_1750\Installer\C_drive\Program Files (x86)\plus-hd-5.0\plus-hd-5.0-updater.exe" sh=FABF99D84DAE1B16B0BDBA7003ACA991AE40DB47 ft=1 fh=2aca0aed277d57d6 vn="Win32/SaveSense.A evtl. unerwünschte Anwendung" ac=I fn="C:\rei\Temp\20140420_1750\Installer\C_drive\Program Files (x86)\savesenselive\update\savesenselive.exe" sh=46560D0E2662C1C44F72B68EA5A3C2D7F0E77EBE ft=1 fh=c71c001105569964 vn="Variante von Win32/ELEX.AD evtl. unerwünschte Anwendung" ac=I fn="C:\rei\Temp\20140420_1750\Installer\C_drive\ProgramData\iepluginservice\pluginservice.exe" sh=8E6A6992A3C7FEC4000FA1A4D764DD597109E0B5 ft=1 fh=c71c0011cd00713e vn="Win32/NextLive.A evtl. unerwünschte Anwendung" ac=I fn="C:\rei\Temp\20140420_1750\Installer\C_drive\Users\Petra Löseke\AppData\Roaming\newnext.me\nengine.dll" sh=8E84B3369C409B88BFF2F167495B5BDA08485065 ft=1 fh=cea6bc5b1fc91d53 vn="Variante von Win32/DealPly.S evtl. unerwünschte Anwendung" ac=I fn="C:\rei\Temp\20140420_1750\Installer\C_drive\Users\Petra Löseke\AppData\Roaming\savese~1\update~1\update~1.exe" sh=2FABD278B0E388A9DC7834AC9412DD94CAC9F31E ft=1 fh=afdd8b6557ec58c1 vn="Variante von Win32/OutBrowse.BA evtl. unerwünschte Anwendung" ac=I fn="C:\rei\Temp\20140429_1424\Installer\C_drive\Users\Petra Löseke\AppData\Local\Temp\instract.exe" sh=5DBE7F98979AD35A249D2001105DAC2569B100CE ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Marius Löseke\AppData\Local\Mozilla\Firefox\Profiles\y6gjrcn2.default\Cache\0\D5\55C5Cd01" sh=E300ED08F69CF71B115D8A9820CCC0BA1EDD7144 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Marius Löseke\AppData\Local\Mozilla\Firefox\Profiles\y6gjrcn2.default\Cache\9\31\063EFd01" sh=56F2941839D54C9CA1502C7AEE77DE1AAB6176E7 ft=0 fh=0000000000000000 vn="Variante von Win32/Conduit.SearchProtect.N evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Marius Löseke\AppData\Local\Mozilla\Firefox\Profiles\y6gjrcn2.default\Cache\C\B9\A68DBd01" sh=036E5382B69AD522C3CCEBEA286528D82424396A ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Marius Löseke\AppData\Roaming\Mozilla\Firefox\Profiles\y6gjrcn2.default\extensions\staged\JLPQ94732309@TRY102138975.com\extensionData\plugins\91.js" sh=C16E4E5C1EE09F273533B7FBA7F1847DD4E0A3C5 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Petra Löseke\AppData\Roaming\Mozilla\Firefox\Profiles\9f73itof.default\extensions\JLPQ94732309@TRY102138975.com\extensionData\plugins\91.js" sh=3229878A36708E6D98A1D1D8F92019F8C123412F ft=1 fh=c47b2a919fab5ecc vn="Win32/Systweak.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Petra Löseke\Documents\BBS 3 Unterricht\Bauzeichner\Lernfelder\LF 10 A\regclean_my582531.exe" sh=B67B356F277035A94771AB673443074877A2A489 ft=0 fh=0000000000000000 vn="Variante von Win32/DealPly.M evtl. unerwünschte Anwendung" ac=I fn="E:\PATTY\Backup Set 2014-04-15 230902\Backup Files 2014-04-15 230902\Backup files 32.zip" sh=B7BCD25E6EAE9791A729235C0E0BAD6936B5AABA ft=0 fh=0000000000000000 vn="Win32/NextLive.A evtl. unerwünschte Anwendung" ac=I fn="E:\PATTY\Backup Set 2014-04-15 230902\Backup Files 2014-04-15 230902\Backup files 33.zip" sh=3D1BDCC73F76F38B8CC37140786B61AD3ECB0C3D ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="E:\PATTY\Backup Set 2014-04-15 230902\Backup Files 2014-04-15 230902\Backup files 34.zip" sh=0AAFB28238C42134A8121E8741815CE889C48DD8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="E:\PATTY\Backup Set 2014-04-15 230902\Backup Files 2014-04-15 230902\Backup files 37.zip" sh=7136F815AE3F3A0E89EB35F66405818DBC90E8BB ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="E:\PATTY\Backup Set 2014-04-15 230902\Backup Files 2014-04-15 230902\Backup files 38.zip" sh=7E3C034DF45F9DE4FD123A3EE6FAA07287B9CF74 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="E:\PATTY\Backup Set 2014-04-15 230902\Backup Files 2014-04-15 230902\Backup files 39.zip" sh=620A1649B36EC75C6CCF2C42363BCF2922881D46 ft=0 fh=0000000000000000 vn="Variante von Win32/Conduit.SearchProtect.N evtl. unerwünschte Anwendung" ac=I fn="E:\PATTY\Backup Set 2014-04-15 230902\Backup Files 2014-04-15 230902\Backup files 40.zip" sh=2200ABEAE8D4A91A50F79F580C72A49DF0768617 ft=0 fh=0000000000000000 vn="Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="E:\PATTY\Backup Set 2014-04-15 230902\Backup Files 2014-04-15 230902\Backup files 536.zip" Code:
ATTFilter Results of screen317's Security Check version 0.99.89 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Avira Desktop Norton Internet Security Antivirus up to date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` Java 7 Update 67 Adobe Flash Player 15.0.0.189 Adobe Reader XI Mozilla Firefox (33.0.2) Google Chrome 38.0.2125.104 Google Chrome 38.0.2125.111 ````````Process Check: objlist.exe by Laurent```````` Norton ccSvcHst.exe Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbam.exe Avira Antivir avgnt.exe Avira Antivir avguard.exe Malwarebytes Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` und frst: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-11-2014 Ran by Petra Löseke (administrator) on PATTY on 05-11-2014 13:45:08 Running from C:\Users\Petra Löseke\Desktop Loaded Profile: Petra Löseke (Available profiles: Petra Löseke & Mary Löseke) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Lenovo.) C:\Windows\System32\ibmpmsvc.exe (AMD) C:\Windows\System32\atiesrxx.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (UPEK Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe (ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe (Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe (Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe (AMD) C:\Windows\System32\atieclxx.exe (Microsoft Corporation) C:\Windows\System32\alg.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe (Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\mkrmsg.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe () C:\Program Files\CONEXANT\ForteConfig\fmapp.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe (Lenovo Group Limited) C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe (Sony) C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe (Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe () C:\Windows\Samsung\PanelMgr\SSMMgr.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe () C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe () C:\Windows\Samsung\PanelMgr\caller64.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\Bluetooth Headset Helper.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Lenovo Group Limited) C:\Program Files (x86)\Lenovo\System Update\SUService.exe (Symantec Corporation) C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Lenovo) C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_189.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_189.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE (Microsoft Corporation) C:\Windows\System32\prevhost.exe () C:\Users\Petra Löseke\Desktop\SecurityCheck.exe (Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) C:\Windows\splwow64.exe (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2789160 2011-05-19] (Synaptics Incorporated) HKLM\...\Run: [IntelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-07-27] (Intel(R) Corporation) HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [310912 2011-04-26] (Conexant Systems, Inc.) HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] () HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [40808 2011-05-31] (Lenovo Group Limited) HKLM\...\Run: [ALCKRESI.EXE] => C:\Program Files\Lenovo\AutoLock\ALCKRESI.EXE [281960 2011-05-25] (Lenovo Group Limited) HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation) HKLM-x32\...\Run: [RotateImage] => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-05-11] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [Lenovo Registration] => C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe [4351712 2011-07-13] (Lenovo, Inc.) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.) HKLM-x32\...\Run: [Samsung PanelMgr] => C:\Windows\Samsung\PanelMgr\SSMMgr.exe [614400 2009-09-11] () HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152544 2012-12-12] (Apple Inc.) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703736 2014-10-07] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [165168 2014-09-23] (Avira Operations GmbH & Co. KG) HKLM\...\RunOnce: [NCInstallQueue] => rundll32 netman.dll,ProcessQueue Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (UPEK Inc.) HKU\S-1-5-21-2137695456-992688877-1232989452-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.) HKU\S-1-5-21-2137695456-992688877-1232989452-1000\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2676584 2011-09-09] (Hewlett-Packard Co.) HKU\S-1-5-21-2137695456-992688877-1232989452-1000\...\Run: [Sony PC Companion] => C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [468192 2014-09-01] (Sony) HKU\S-1-5-21-2137695456-992688877-1232989452-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-03-07] (Google Inc.) HKU\S-1-5-21-2137695456-992688877-1232989452-1000\...\Policies\system: [LogonHoursAction] 2 HKU\S-1-5-21-2137695456-992688877-1232989452-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 Lsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File GroupPolicy: Group Policy on Chrome detected <======= ATTENTION GroupPolicyUsers\S-1-5-21-2137695456-992688877-1232989452-1001\User: Group Policy restriction detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-2137695456-992688877-1232989452-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP_deDE484 SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP_deDE484 BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll (Symantec Corporation) BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.) BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\coIEPlg.dll (Symantec Corporation) BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\IPS\IPSBHO.DLL (Symantec Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll (Symantec Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\coIEPlg.dll (Symantec Corporation) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF ProfilePath: C:\Users\Petra Löseke\AppData\Roaming\Mozilla\Firefox\Profiles\9f73itof.default FF Homepage: hxxp://www.google.de/ FF NetworkProxy: "no_proxies_on", "*.local" FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_189.dll () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Avira Browser Safety - C:\Users\Petra Löseke\AppData\Roaming\Mozilla\Firefox\Profiles\9f73itof.default\Extensions\abs@avira.com [2014-10-01] FF Extension: Plus-HD-5.0c - C:\Users\Petra Löseke\AppData\Roaming\Mozilla\Firefox\Profiles\9f73itof.default\Extensions\JLPQ94732309@TRY102138975.com [2014-09-20] FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-09-25] FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn [2012-05-17] FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn [2014-11-05] FF HKLM-x32\...\Firefox\Extensions: [VIP@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client FF Extension: Symantec VIP Access Add-On - C:\Program Files (x86)\Symantec\VIP Access Client [2012-03-07] FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04] Chrome: ======= CHR Profile: C:\Users\Petra Löseke\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\Petra Löseke\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-31] CHR Extension: (Google Drive) - C:\Users\Petra Löseke\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-31] CHR Extension: (YouTube) - C:\Users\Petra Löseke\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-31] CHR Extension: (Google-Suche) - C:\Users\Petra Löseke\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-31] CHR Extension: (Google Wallet) - C:\Users\Petra Löseke\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-12] CHR Extension: (Google Mail) - C:\Users\Petra Löseke\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-31] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-10-07] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-10-07] (Avira Operations GmbH & Co. KG) R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [994552 2014-10-07] (Avira Operations GmbH & Co. KG) R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [160560 2014-09-23] (Avira Operations GmbH & Co. KG) R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation) R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo Group Limited) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-07-27] () R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe [138760 2011-08-10] (Symantec Corporation) R2 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [28672 2011-07-25] (Lenovo Group Limited) [File not signed] R2 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [61440 2008-01-10] (Ulead Systems, Inc.) [File not signed] R2 VIPAppService; C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [82544 2011-07-12] (Symantec Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-07] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-07] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG) R3 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120531.001\BHDrvx64.sys [1160824 2012-05-07] (Symantec Corporation) R3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1301000.01C\ccSetx64.sys [167048 2011-08-08] (Symantec Corporation) R3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-06-01] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-06-01] (Symantec Corporation) R3 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120613.007\IDSvia64.sys [488568 2012-05-18] (Symantec Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-05] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation) S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120615.022\ENG64.SYS [120440 2012-06-16] (Symantec Corporation) S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120615.022\EX64.SYS [2068600 2012-06-16] (Symantec Corporation) S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.) R2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13840 2009-03-13] (UPEK Inc.) S3 SRTSP; C:\Windows\system32\drivers\NISx64\1301000.01C\SRTSP64.SYS [729720 2011-08-02] (Symantec Corporation) R3 SRTSPX; C:\Windows\system32\drivers\NISx64\1301000.01C\SRTSPX64.SYS [37496 2011-08-02] (Symantec Corporation) R3 SymDS; C:\Windows\system32\drivers\NISx64\1301000.01C\SYMDS64.SYS [451192 2011-07-25] (Symantec Corporation) R3 SymEFA; C:\Windows\system32\drivers\NISx64\1301000.01C\SYMEFA64.SYS [1084536 2011-07-28] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2012-03-07] (Symantec Corporation) R3 SymIRON; C:\Windows\system32\drivers\NISx64\1301000.01C\Ironx64.SYS [189560 2011-07-25] (Symantec Corporation) R3 SymNetS; C:\Windows\system32\drivers\NISx64\1301000.01C\SYMNETS.SYS [401016 2011-07-25] (Symantec Corporation) S3 catchme; \??\C:\ComboFix\catchme.sys [X] S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-05 13:38 - 2014-11-05 13:38 - 00854448 _____ () C:\Users\Petra Löseke\Desktop\SecurityCheck.exe 2014-11-05 09:06 - 2014-11-05 09:06 - 02347384 _____ (ESET) C:\Users\Petra Löseke\Desktop\esetsmartinstaller_deu.exe 2014-11-05 08:51 - 2014-11-05 08:51 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\32876552.sys 2014-11-04 11:16 - 2014-11-04 11:16 - 00040145 _____ () C:\Users\Petra Löseke\Desktop\FRST1.txt 2014-11-04 11:10 - 2014-11-04 11:10 - 00006626 _____ () C:\Users\Petra Löseke\Desktop\JRT.txt 2014-11-04 11:05 - 2014-11-04 11:05 - 00000000 ____D () C:\Windows\ERUNT 2014-11-04 11:04 - 2014-11-04 11:04 - 01706359 _____ (Thisisu) C:\Users\Petra Löseke\Desktop\JRT.exe 2014-11-04 10:58 - 2014-11-04 10:59 - 00002079 _____ () C:\Users\Petra Löseke\Desktop\AdwCleaner[S3].txt 2014-11-04 10:50 - 2014-11-04 10:50 - 01998336 _____ () C:\Users\Petra Löseke\Desktop\AdwCleaner_4.002.exe 2014-11-04 10:47 - 2014-11-04 10:47 - 00001206 _____ () C:\Users\Petra Löseke\Desktop\mbam.txt 2014-11-04 09:26 - 2014-11-04 09:26 - 00002670 _____ () C:\Users\Petra Löseke\Desktop\malware2.txt 2014-11-04 08:56 - 2014-11-04 08:56 - 00001209 _____ () C:\Users\Petra Löseke\Desktop\malware.txt 2014-11-04 08:35 - 2014-11-05 08:51 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-11-04 08:34 - 2014-11-04 08:34 - 00001113 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-11-04 08:34 - 2014-11-04 08:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-11-04 08:34 - 2014-11-04 08:34 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-11-04 08:34 - 2014-11-04 08:34 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-11-04 08:34 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-11-04 08:34 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-11-04 08:34 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-11-04 08:27 - 2014-11-04 08:27 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Petra Löseke\Desktop\mbam-setup-2.0.3.1025.exe 2014-11-03 13:41 - 2014-11-03 13:41 - 00026636 _____ () C:\ComboFix.txt 2014-11-03 13:18 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe 2014-11-03 13:18 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe 2014-11-03 13:18 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2014-11-03 13:18 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2014-11-03 13:18 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2014-11-03 13:18 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe 2014-11-03 13:18 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe 2014-11-03 13:18 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe 2014-11-03 13:17 - 2014-11-03 13:41 - 00000000 ____D () C:\Qoobox 2014-11-03 13:17 - 2014-11-03 13:40 - 00000000 ____D () C:\Windows\erdnt 2014-11-03 13:15 - 2014-11-03 13:16 - 05591672 ____R (Swearware) C:\Users\Petra Löseke\Desktop\ComboFix.exe 2014-11-03 12:53 - 2014-11-03 12:58 - 00001275 _____ () C:\Users\Petra Löseke\Desktop\Revo Uninstaller.lnk 2014-11-03 12:53 - 2014-11-03 12:58 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2014-11-03 12:50 - 2014-11-03 12:50 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Petra Löseke\Desktop\revosetup95.exe 2014-11-03 12:33 - 2014-11-03 12:33 - 00467832 _____ () C:\Windows\Minidump\110314-14851-01.dmp 2014-11-03 10:43 - 2014-11-03 10:43 - 00002824 _____ () C:\Users\Petra Löseke\Desktop\Gmer.txt 2014-11-03 10:27 - 2014-11-03 10:27 - 00380416 _____ () C:\Users\Petra Löseke\Desktop\Gmer-19357.exe 2014-11-03 10:20 - 2014-11-03 11:04 - 00027049 _____ () C:\Users\Petra Löseke\Desktop\Addition.txt 2014-11-03 10:19 - 2014-11-05 13:45 - 00028690 _____ () C:\Users\Petra Löseke\Desktop\FRST.txt 2014-11-03 10:19 - 2014-11-05 13:45 - 00000000 ____D () C:\FRST 2014-11-03 10:19 - 2014-11-03 10:19 - 02114560 _____ (Farbar) C:\Users\Petra Löseke\Desktop\FRST64.exe 2014-11-03 10:14 - 2014-11-03 10:59 - 00000486 _____ () C:\Users\Petra Löseke\Desktop\defogger_disable.log 2014-11-03 10:14 - 2014-11-03 10:14 - 00050477 _____ () C:\Users\Petra Löseke\Desktop\Defogger.exe 2014-11-03 10:14 - 2014-11-03 10:14 - 00000000 _____ () C:\Users\Petra Löseke\defogger_reenable 2014-11-02 15:47 - 2014-11-02 15:47 - 00001170 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-11-02 15:47 - 2014-11-02 15:47 - 00001158 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-11-02 15:47 - 2014-11-02 15:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-11-02 15:46 - 2014-11-02 15:47 - 36250792 _____ () C:\Users\Petra Löseke\Downloads\firefox_setup_33.0.2.exe 2014-10-21 08:15 - 2014-10-21 08:16 - 00000000 ____D () C:\Users\Petra Löseke\Desktop\Videoaufnahmen 2014-10-15 06:38 - 2014-11-03 11:03 - 00002459 _____ () C:\Users\Petra Löseke\Desktop\AdwCleaner[S1].txt 2014-10-14 12:10 - 2014-10-14 12:10 - 00001148 _____ () C:\Users\Public\Desktop\Avira.lnk 2014-10-12 07:43 - 2010-08-30 07:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll 2014-10-12 07:42 - 2014-11-04 10:55 - 00000000 ____D () C:\AdwCleaner 2014-10-12 07:34 - 2014-10-12 07:35 - 00000199 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-05 13:26 - 2012-06-12 19:15 - 00000000 ____D () C:\Users\Petra Löseke\Documents\Outlook-Dateien 2014-11-05 13:10 - 2012-03-07 10:44 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-11-05 13:01 - 2012-11-18 19:46 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-11-05 12:42 - 2012-06-23 16:29 - 00000000 ____D () C:\Users\Petra Löseke\AppData\Roaming\Skype 2014-11-05 12:42 - 2012-03-07 10:12 - 01391132 _____ () C:\Windows\WindowsUpdate.log 2014-11-05 09:04 - 2012-03-07 18:53 - 00661968 _____ () C:\Windows\system32\perfh007.dat 2014-11-05 09:04 - 2012-03-07 18:53 - 00131972 _____ () C:\Windows\system32\perfc007.dat 2014-11-05 09:04 - 2009-07-14 06:13 - 01686600 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-11-05 08:57 - 2009-07-14 05:45 - 00024400 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-11-05 08:57 - 2009-07-14 05:45 - 00024400 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-11-05 08:50 - 2012-03-07 10:44 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-11-05 08:49 - 2012-06-22 11:57 - 00000432 _____ () C:\Windows\system32\Drivers\etc\hosts.ics 2014-11-05 08:49 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-11-05 08:49 - 2009-07-14 05:51 - 00171461 _____ () C:\Windows\setupact.log 2014-11-04 15:31 - 2012-09-27 20:53 - 00000000 ____D () C:\Users\Petra Löseke\Documents\Steuer und Co 2014-11-04 12:46 - 2013-02-28 11:58 - 00000000 ____D () C:\Users\Petra Löseke\Documents\Ausgaben 2014-11-04 11:06 - 2012-10-14 20:42 - 00000000 ____D () C:\Users\Petra Löseke\AppData\Local\CrashDumps 2014-11-04 10:56 - 2010-11-21 04:47 - 00666160 _____ () C:\Windows\PFRO.log 2014-11-04 08:58 - 2012-05-17 08:36 - 00000000 ____D () C:\Users\Petra Löseke 2014-11-03 20:45 - 2012-09-27 20:53 - 00000000 ____D () C:\Users\Petra Löseke\Documents\Rezepte 2014-11-03 15:49 - 2009-07-14 06:32 - 00000000 ____D () C:\Windows\system32\FxsTmp 2014-11-03 13:54 - 2012-03-07 10:16 - 01707010 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2014-11-03 13:41 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default 2014-11-03 13:35 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini 2014-11-03 13:08 - 2014-09-19 18:00 - 00000000 ____D () C:\Users\Petra Löseke\AppData\Roaming\0D1F2W1G1I1F1T1QyE2W1L1G1Q1F2W1B 2014-11-03 12:33 - 2012-07-01 21:14 - 00000000 ____D () C:\Windows\Minidump 2014-11-03 12:33 - 2012-07-01 21:13 - 668823798 _____ () C:\Windows\MEMORY.DMP 2014-11-02 15:47 - 2014-09-25 07:23 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-11-02 07:14 - 2013-02-26 18:47 - 00000000 ____D () C:\Users\Petra Löseke\Documents\Mary 2014-10-22 17:05 - 2012-03-07 10:44 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-10-22 17:05 - 2012-03-07 10:44 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-10-21 06:53 - 2009-07-14 06:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-10-19 12:40 - 2012-05-17 17:57 - 00000000 ____D () C:\Users\Mary Löseke 2014-10-19 10:15 - 2012-09-27 20:56 - 00000000 ____D () C:\Users\Peet Löseke\Documents\BBS 3 Unterricht 2014-10-16 06:22 - 2014-06-12 08:32 - 00000000 ____D () C:\Users\Peet Löseke\AppData\Local\Adobe 2014-10-16 06:07 - 2012-11-18 19:46 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-10-16 06:07 - 2012-11-18 19:46 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-10-16 06:07 - 2012-11-18 19:46 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-10-15 20:26 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF 2014-10-14 15:24 - 2014-09-19 15:53 - 00000000 ____D () C:\Users\Peet Löseke\AppData\Roaming\.minecraft 2014-10-14 15:06 - 2012-09-27 20:54 - 00000000 ____D () C:\Users\Peet Löseke\Documents\Briefe 2014-10-14 12:10 - 2014-05-06 12:42 - 00000000 ____D () C:\ProgramData\Package Cache 2014-10-14 12:10 - 2013-03-02 09:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2014-10-14 12:10 - 2013-03-02 09:26 - 00000000 ____D () C:\Program Files (x86)\Avira 2014-10-10 15:05 - 2012-03-07 10:10 - 00279082 _____ () C:\Windows\DPINST.LOG 2014-10-10 15:02 - 2014-09-09 17:33 - 00002037 _____ () C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk 2014-10-10 15:02 - 2014-01-30 22:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony 2014-10-10 15:01 - 2012-03-07 10:12 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-10-09 20:49 - 2014-04-23 16:54 - 00000582 _____ () C:\Windows\system32\ScanResults.xml 2014-10-07 12:23 - 2013-05-07 12:32 - 00043064 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys 2014-10-07 12:23 - 2013-03-27 13:26 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2014-10-07 12:23 - 2013-03-27 13:26 - 00119272 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys Files to move or delete: ==================== C:\Users\Peet Löseke\avira_de_av___ws.exe C:\Users\Peet Löseke\avira_speedup.exe C:\Users\Peet Löseke\install_flashplayer14x32au_ltr5x64d_awc_aih.exe Some content of TEMP: ==================== C:\Users\Peet Löseke\AppData\Local\Temp\avgnt.exe C:\Users\Peet Löseke\AppData\Local\Temp\Quarantine.exe C:\Users\Peet Löseke\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-10-26 11:11 ==================== End Of Log ============================ Vom "Ploppverhalten" am Bildschirm gibt es nicht Neues, nach wie vor die alten Probleme :-(! Soweit ... Ich hoffe, dass ich alles richtig gemacht habe. Bis bald :-) Peloe |
06.11.2014, 08:28 | #8 |
/// the machine /// TB-Ausbilder | Jeder Klick zwei neue Werbefenster, Adware ohne Ende, Download- und Update Aufforderungen Backups auf E löschen. Revo Uninstaller - Download - Filepony damit Firefox deinstallieren, keine Daten behalten, Reste entfernen lassen, neu installieren. Dann: https://support.mozilla.org/de/kb/fi...einfach-loesen Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter GroupPolicy: Group Policy on Chrome detected <======= ATTENTION GroupPolicyUsers\S-1-5-21-2137695456-992688877-1232989452-1001\User: Group Policy restriction detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION Emptytemp: Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Frisches FRST log bitte. Falls die Probleme immer noch da sind bitte mal nen Screenshot davon.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
06.11.2014, 08:42 | #9 |
| Jeder Klick zwei neue Werbefenster, Adware ohne Ende, Download- und Update Aufforderungen Hallo Schrauber, ich habe gar kein "E" ... und kann daher auch keine Backups löschen. Oder versteckt sich das Laufwerk irgendwo? Gruß Peloe P.S. : Habe "E" gerade gefunden, als ich die mobile Festplatte wieder angeschlossen hatte :-) Welche Backups meinst du denn? Das "WindowsImageBackup" ist doch meine Datensicherung, die kann ich doch nicht einfach löschen. LG Peloe Geändert von Peloe (06.11.2014 um 09:19 Uhr) |
06.11.2014, 20:30 | #10 |
/// the machine /// TB-Ausbilder | Jeder Klick zwei neue Werbefenster, Adware ohne Ende, Download- und Update Aufforderungen Warum nit? wenn Du ein neues Backup anlegst? Das alte ist voll Adware.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
07.11.2014, 13:37 | #11 |
| Jeder Klick zwei neue Werbefenster, Adware ohne Ende, Download- und Update Aufforderungen Hallo schrauber, habe alles erledigt! hier die logs: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-11-2014 Ran by Petra Löseke at 2014-11-07 12:58:44 Run:2 Running from C:\Users\Petra Löseke\Desktop Loaded Profile: Petra Löseke (Available profiles: Petra Löseke & Marius Löseke) Boot Mode: Normal ============================================== Content of fixlist: ***************** GroupPolicy: Group Policy on Chrome detected <======= ATTENTION GroupPolicyUsers\S-1-5-21-2137695456-992688877-1232989452-1001\User: Group Policy restriction detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION Emptytemp: ***************** "C:\Windows\system32\GroupPolicy\Machine" => File/Directory not found. "C:\Windows\system32\GroupPolicyUsers\S-1-5-21-2137695456-992688877-1232989452-1001\User" => File/Directory not found. "HKLM\SOFTWARE\Policies\Google" => Key not found. EmptyTemp: => Removed 89.3 MB temporary data. The system needed a reboot. ==== End of Fixlog ==== FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-11-2014 Ran by Peet Löseke (administrator) on PATTY on 07-11-2014 13:15:10 Running from C:\Users\Peet Löseke\Desktop Loaded Profile: Peet Löseke (Available profiles: Peet Löseke & Mary Löseke) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Lenovo.) C:\Windows\System32\ibmpmsvc.exe (AMD) C:\Windows\System32\atiesrxx.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (UPEK Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe (ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe (Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe (Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe (AMD) C:\Windows\System32\atieclxx.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\mkrmsg.exe (Microsoft Corporation) C:\Windows\System32\alg.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe (Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe () C:\Program Files\CONEXANT\ForteConfig\fmapp.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe (Lenovo Group Limited) C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe (Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe (Sony) C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe (Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe (Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe () C:\Windows\Samsung\PanelMgr\SSMMgr.exe () C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe () C:\Windows\Samsung\PanelMgr\caller64.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\Bluetooth Headset Helper.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe (Lenovo Group Limited) C:\Program Files (x86)\Lenovo\System Update\SUService.exe (Symantec Corporation) C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Lenovo) C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\splwow64.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2789160 2011-05-19] (Synaptics Incorporated) HKLM\...\Run: [IntelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-07-27] (Intel(R) Corporation) HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [310912 2011-04-26] (Conexant Systems, Inc.) HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] () HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [40808 2011-05-31] (Lenovo Group Limited) HKLM\...\Run: [ALCKRESI.EXE] => C:\Program Files\Lenovo\AutoLock\ALCKRESI.EXE [281960 2011-05-25] (Lenovo Group Limited) HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation) HKLM-x32\...\Run: [RotateImage] => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-05-11] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [Lenovo Registration] => C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe [4351712 2011-07-13] (Lenovo, Inc.) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.) HKLM-x32\...\Run: [Samsung PanelMgr] => C:\Windows\Samsung\PanelMgr\SSMMgr.exe [614400 2009-09-11] () HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152544 2012-12-12] (Apple Inc.) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703736 2014-10-07] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [165168 2014-09-23] (Avira Operations GmbH & Co. KG) HKLM\...\RunOnce: [NCInstallQueue] => rundll32 netman.dll,ProcessQueue Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (UPEK Inc.) HKU\S-1-5-21-2137695456-992688877-1232989452-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.) HKU\S-1-5-21-2137695456-992688877-1232989452-1000\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2676584 2011-09-09] (Hewlett-Packard Co.) HKU\S-1-5-21-2137695456-992688877-1232989452-1000\...\Run: [Sony PC Companion] => C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [468192 2014-09-01] (Sony) HKU\S-1-5-21-2137695456-992688877-1232989452-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-03-07] (Google Inc.) Lsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-2137695456-992688877-1232989452-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP_deDE484 SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP_deDE484 BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll (Symantec Corporation) BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.) BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\coIEPlg.dll (Symantec Corporation) BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\IPS\IPSBHO.DLL (Symantec Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll (Symantec Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\coIEPlg.dll (Symantec Corporation) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF ProfilePath: C:\Users\Peet Löseke\AppData\Roaming\Mozilla\Firefox\Profiles\9f73itof.default FF Homepage: hxxp://www.google.de/ FF NetworkProxy: "no_proxies_on", "*.local" FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_189.dll () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Avira Browser Safety - C:\Users\Peet Löseke\AppData\Roaming\Mozilla\Firefox\Profiles\9f73itof.default\Extensions\abs@avira.com [2014-10-01] FF Extension: Plus-HD-5.0c - C:\Users\Peet Löseke\AppData\Roaming\Mozilla\Firefox\Profiles\9f73itof.default\Extensions\JLPQ94732309@TRY102138975.com [2014-09-20] FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn [2012-05-17] FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn [2014-11-07] FF HKLM-x32\...\Firefox\Extensions: [VIP@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client FF Extension: Symantec VIP Access Add-On - C:\Program Files (x86)\Symantec\VIP Access Client [2012-03-07] FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04] Chrome: ======= CHR Profile: C:\Users\Peet Löseke\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\Peet Löseke\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-31] CHR Extension: (Google Drive) - C:\Users\Peet Löseke\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-31] CHR Extension: (YouTube) - C:\Users\Peet Löseke\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-31] CHR Extension: (Google-Suche) - C:\Users\Peet Löseke\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-31] CHR Extension: (Google Wallet) - C:\Users\Peet Löseke\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-12] CHR Extension: (Google Mail) - C:\Users\Peet Löseke\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-31] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-10-07] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-10-07] (Avira Operations GmbH & Co. KG) R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [994552 2014-10-07] (Avira Operations GmbH & Co. KG) R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [160560 2014-09-23] (Avira Operations GmbH & Co. KG) R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation) R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo Group Limited) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-07-27] () R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe [138760 2011-08-10] (Symantec Corporation) R2 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [28672 2011-07-25] (Lenovo Group Limited) [File not signed] R2 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [61440 2008-01-10] (Ulead Systems, Inc.) [File not signed] R2 VIPAppService; C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [82544 2011-07-12] (Symantec Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-07] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-07] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG) R3 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120531.001\BHDrvx64.sys [1160824 2012-05-07] (Symantec Corporation) R3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1301000.01C\ccSetx64.sys [167048 2011-08-08] (Symantec Corporation) R3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-06-01] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-06-01] (Symantec Corporation) R3 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120613.007\IDSvia64.sys [488568 2012-05-18] (Symantec Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-07] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation) S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120615.022\ENG64.SYS [120440 2012-06-16] (Symantec Corporation) S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120615.022\EX64.SYS [2068600 2012-06-16] (Symantec Corporation) S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.) R2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13840 2009-03-13] (UPEK Inc.) S3 SRTSP; C:\Windows\system32\drivers\NISx64\1301000.01C\SRTSP64.SYS [729720 2011-08-02] (Symantec Corporation) R3 SRTSPX; C:\Windows\system32\drivers\NISx64\1301000.01C\SRTSPX64.SYS [37496 2011-08-02] (Symantec Corporation) R3 SymDS; C:\Windows\system32\drivers\NISx64\1301000.01C\SYMDS64.SYS [451192 2011-07-25] (Symantec Corporation) R3 SymEFA; C:\Windows\system32\drivers\NISx64\1301000.01C\SYMEFA64.SYS [1084536 2011-07-28] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2012-03-07] (Symantec Corporation) R3 SymIRON; C:\Windows\system32\drivers\NISx64\1301000.01C\Ironx64.SYS [189560 2011-07-25] (Symantec Corporation) R3 SymNetS; C:\Windows\system32\drivers\NISx64\1301000.01C\SYMNETS.SYS [401016 2011-07-25] (Symantec Corporation) S3 catchme; \??\C:\ComboFix\catchme.sys [X] S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-07 12:55 - 2014-11-07 12:55 - 00001170 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-11-07 12:55 - 2014-11-07 12:55 - 00001158 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-11-07 12:55 - 2014-11-07 12:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-11-07 12:55 - 2014-11-07 12:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-11-07 12:54 - 2014-11-07 12:54 - 36249264 _____ () C:\Users\Peet Löseke\Downloads\Firefox_Setup_de33.0.3.exe 2014-11-07 08:55 - 2014-11-07 08:55 - 00039750 _____ () C:\Users\Peet Löseke\Desktop\FRST7.txt 2014-11-07 08:21 - 2014-11-07 08:22 - 36250792 _____ () C:\Users\Peet Löseke\Downloads\Firefox_Setup_33.0.2DE.exe 2014-11-07 08:21 - 2014-11-07 08:21 - 00000190 _____ () C:\Users\Peet Löseke\Downloads\acv.js 2014-11-05 13:38 - 2014-11-05 13:38 - 00854448 _____ () C:\Users\Peet Löseke\Desktop\SecurityCheck.exe 2014-11-05 09:06 - 2014-11-05 09:06 - 02347384 _____ (ESET) C:\Users\Peet Löseke\Desktop\esetsmartinstaller_deu.exe 2014-11-05 08:51 - 2014-11-05 08:51 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\32876552.sys 2014-11-04 11:16 - 2014-11-04 11:16 - 00040145 _____ () C:\Users\Peet Löseke\Desktop\FRST1.txt 2014-11-04 11:10 - 2014-11-04 11:10 - 00006626 _____ () C:\Users\Peet Löseke\Desktop\JRT.txt 2014-11-04 11:05 - 2014-11-04 11:05 - 00000000 ____D () C:\Windows\ERUNT 2014-11-04 11:04 - 2014-11-04 11:04 - 01706359 _____ (Thisisu) C:\Users\Peet Löseke\Desktop\JRT.exe 2014-11-04 10:58 - 2014-11-04 10:59 - 00002079 _____ () C:\Users\Peet Löseke\Desktop\AdwCleaner[S3].txt 2014-11-04 10:50 - 2014-11-04 10:50 - 01998336 _____ () C:\Users\Peet Löseke\Desktop\AdwCleaner_4.002.exe 2014-11-04 10:47 - 2014-11-04 10:47 - 00001206 _____ () C:\Users\Peet Löseke\Desktop\mbam.txt 2014-11-04 09:26 - 2014-11-04 09:26 - 00002670 _____ () C:\Users\Peet Löseke\Desktop\malware2.txt 2014-11-04 08:56 - 2014-11-04 08:56 - 00001209 _____ () C:\Users\Peet Löseke\Desktop\malware.txt 2014-11-04 08:35 - 2014-11-07 13:10 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-11-04 08:34 - 2014-11-04 08:34 - 00001113 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-11-04 08:34 - 2014-11-04 08:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-11-04 08:34 - 2014-11-04 08:34 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-11-04 08:34 - 2014-11-04 08:34 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-11-04 08:34 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-11-04 08:34 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-11-04 08:34 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-11-04 08:27 - 2014-11-04 08:27 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Peet Löseke\Desktop\mbam-setup-2.0.3.1025.exe 2014-11-03 13:41 - 2014-11-03 13:41 - 00026636 _____ () C:\ComboFix.txt 2014-11-03 13:18 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe 2014-11-03 13:18 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe 2014-11-03 13:18 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2014-11-03 13:18 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2014-11-03 13:18 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2014-11-03 13:18 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe 2014-11-03 13:18 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe 2014-11-03 13:18 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe 2014-11-03 13:17 - 2014-11-03 13:41 - 00000000 ____D () C:\Qoobox 2014-11-03 13:17 - 2014-11-03 13:40 - 00000000 ____D () C:\Windows\erdnt 2014-11-03 13:15 - 2014-11-03 13:16 - 05591672 ____R (Swearware) C:\Users\Peet Löseke\Desktop\ComboFix.exe 2014-11-03 12:53 - 2014-11-03 12:58 - 00001275 _____ () C:\Users\Peet Löseke\Desktop\Revo Uninstaller.lnk 2014-11-03 12:53 - 2014-11-03 12:58 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2014-11-03 12:50 - 2014-11-03 12:50 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Peet Löseke\Desktop\revosetup95.exe 2014-11-03 12:33 - 2014-11-03 12:33 - 00467832 _____ () C:\Windows\Minidump\110314-14851-01.dmp 2014-11-03 10:43 - 2014-11-03 10:43 - 00002824 _____ () C:\Users\Peet Löseke\Desktop\Gmer.txt 2014-11-03 10:27 - 2014-11-03 10:27 - 00380416 _____ () C:\Users\Peet Löseke\Desktop\Gmer-19357.exe 2014-11-03 10:20 - 2014-11-03 11:04 - 00027049 _____ () C:\Users\Peet Löseke\Desktop\Addition.txt 2014-11-03 10:19 - 2014-11-07 13:15 - 00027793 _____ () C:\Users\Peet Löseke\Desktop\FRST.txt 2014-11-03 10:19 - 2014-11-07 13:15 - 00000000 ____D () C:\FRST 2014-11-03 10:19 - 2014-11-03 10:19 - 02114560 _____ (Farbar) C:\Users\Peet Löseke\Desktop\FRST64.exe 2014-11-03 10:14 - 2014-11-03 10:59 - 00000486 _____ () C:\Users\Peet Löseke\Desktop\defogger_disable.log 2014-11-03 10:14 - 2014-11-03 10:14 - 00050477 _____ () C:\Users\Peet Löseke\Desktop\Defogger.exe 2014-11-03 10:14 - 2014-11-03 10:14 - 00000000 _____ () C:\Users\Peet Löseke\defogger_reenable 2014-11-02 15:46 - 2014-11-02 15:47 - 36250792 _____ () C:\Users\Peet Löseke\Downloads\firefox_setup_33.0.2.exe 2014-10-21 08:15 - 2014-10-21 08:16 - 00000000 ____D () C:\Users\Peet Löseke\Desktop\Videoaufnahmen 2014-10-15 06:38 - 2014-11-03 11:03 - 00002459 _____ () C:\Users\Peet Löseke\Desktop\AdwCleaner[S1].txt 2014-10-14 12:10 - 2014-10-14 12:10 - 00001148 _____ () C:\Users\Public\Desktop\Avira.lnk 2014-10-12 07:43 - 2010-08-30 07:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll 2014-10-12 07:42 - 2014-11-04 10:55 - 00000000 ____D () C:\AdwCleaner 2014-10-12 07:34 - 2014-10-12 07:35 - 00000199 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-07 13:13 - 2012-03-07 18:53 - 00661968 _____ () C:\Windows\system32\perfh007.dat 2014-11-07 13:13 - 2012-03-07 18:53 - 00131972 _____ () C:\Windows\system32\perfc007.dat 2014-11-07 13:13 - 2009-07-14 06:13 - 01686600 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-11-07 13:11 - 2014-07-01 05:45 - 00279040 ___SH () C:\Users\Peet Löseke\Desktop\Thumbs.db 2014-11-07 13:11 - 2012-03-07 10:44 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-11-07 13:10 - 2012-03-07 10:44 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-11-07 13:09 - 2012-06-22 11:57 - 00000432 _____ () C:\Windows\system32\Drivers\etc\hosts.ics 2014-11-07 13:09 - 2010-11-21 04:47 - 00672678 _____ () C:\Windows\PFRO.log 2014-11-07 13:09 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-11-07 13:09 - 2009-07-14 05:51 - 00171629 _____ () C:\Windows\setupact.log 2014-11-07 13:08 - 2012-03-07 10:12 - 01416467 _____ () C:\Windows\WindowsUpdate.log 2014-11-07 13:01 - 2012-11-18 19:46 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-11-07 12:38 - 2012-06-12 19:15 - 00000000 ____D () C:\Users\Peet Löseke\Documents\Outlook-Dateien 2014-11-07 12:33 - 2012-06-23 16:29 - 00000000 ____D () C:\Users\Peet Löseke\AppData\Roaming\Skype 2014-11-07 08:57 - 2009-07-14 05:45 - 00024400 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-11-07 08:57 - 2009-07-14 05:45 - 00024400 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-11-07 08:48 - 2014-05-30 08:33 - 00000008 __RSH () C:\ProgramData\ntuser.pol 2014-11-07 08:48 - 2013-10-02 14:40 - 00000008 __RSH () C:\Users\Peet Löseke\ntuser.pol 2014-11-07 08:48 - 2012-05-17 08:36 - 00000000 ____D () C:\Users\Peet Löseke 2014-11-07 08:35 - 2012-10-14 20:42 - 00000000 ____D () C:\Users\Peet Löseke\AppData\Local\CrashDumps 2014-11-07 08:35 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\GroupPolicy 2014-11-06 22:04 - 2009-07-14 06:32 - 00000000 ____D () C:\Windows\system32\FxsTmp 2014-11-06 16:57 - 2012-09-27 20:54 - 00000000 ____D () C:\Users\Peet Löseke\Documents\Briefe 2014-11-04 15:31 - 2012-09-27 20:53 - 00000000 ____D () C:\Users\Peet Löseke\Documents\Steuer und Co 2014-11-04 12:46 - 2013-02-28 11:58 - 00000000 ____D () C:\Users\Peet Löseke\Documents\Ausgaben 2014-11-03 20:45 - 2012-09-27 20:53 - 00000000 ____D () C:\Users\Peet Löseke\Documents\Rezepte 2014-11-03 13:54 - 2012-03-07 10:16 - 01707010 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2014-11-03 13:41 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default 2014-11-03 13:35 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini 2014-11-03 13:08 - 2014-09-19 18:00 - 00000000 ____D () C:\Users\Peet Löseke\AppData\Roaming\0D1F2W1G1I1F1T1QyE2W1L1G1Q1F2W1B 2014-11-03 12:33 - 2012-07-01 21:14 - 00000000 ____D () C:\Windows\Minidump 2014-11-03 12:33 - 2012-07-01 21:13 - 668823798 _____ () C:\Windows\MEMORY.DMP 2014-11-02 07:14 - 2013-02-26 18:47 - 00000000 ____D () C:\Users\Peet Löseke\Documents\Marius 2014-10-22 17:05 - 2012-03-07 10:44 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-10-22 17:05 - 2012-03-07 10:44 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-10-21 06:53 - 2009-07-14 06:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-10-19 12:40 - 2012-05-17 17:57 - 00000000 ____D () C:\Users\Mary Löseke 2014-10-19 10:15 - 2012-09-27 20:56 - 00000000 ____D () C:\Users\Peet Löseke\Documents\BBS 3 Unterricht 2014-10-16 06:22 - 2014-06-12 08:32 - 00000000 ____D () C:\Users\Peet Löseke\AppData\Local\Adobe 2014-10-16 06:07 - 2012-11-18 19:46 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-10-16 06:07 - 2012-11-18 19:46 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-10-16 06:07 - 2012-11-18 19:46 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-10-15 20:26 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF 2014-10-14 15:24 - 2014-09-19 15:53 - 00000000 ____D () C:\Users\Peet Löseke\AppData\Roaming\.minecraft 2014-10-14 12:10 - 2014-05-06 12:42 - 00000000 ____D () C:\ProgramData\Package Cache 2014-10-14 12:10 - 2013-03-02 09:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2014-10-14 12:10 - 2013-03-02 09:26 - 00000000 ____D () C:\Program Files (x86)\Avira 2014-10-10 15:05 - 2012-03-07 10:10 - 00279082 _____ () C:\Windows\DPINST.LOG 2014-10-10 15:02 - 2014-09-09 17:33 - 00002037 _____ () C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk 2014-10-10 15:02 - 2014-01-30 22:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony 2014-10-10 15:01 - 2012-03-07 10:12 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-10-09 20:49 - 2014-04-23 16:54 - 00000582 _____ () C:\Windows\system32\ScanResults.xml Files to move or delete: ==================== C:\Users\Peet Löseke\avira_de_av___ws.exe C:\Users\Peet Löseke\avira_speedup.exe C:\Users\Peet Löseke\install_flashplayer14x32au_ltr5x64d_awc_aih.exe Some content of TEMP: ==================== C:\Users\Peet Löseke\AppData\Local\Temp\avgnt.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-11-05 17:05 ==================== End Of Log ============================ Und leider ist alles noch beim Alten! Ich wollte Dir hierein paar nette Screenshots einfügen, das hat aber leider nicht geklappt. Wie mache ich das? Muss ich den Laptop doch neu formatieren? Lg Peloe |
08.11.2014, 07:39 | #12 |
/// the machine /// TB-Ausbilder | Jeder Klick zwei neue Werbefenster, Adware ohne Ende, Download- und Update Aufforderungen UNten auf Erweitert klicken, dann runterscrollen und Anhänge verwalten.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
08.11.2014, 08:12 | #13 |
| Jeder Klick zwei neue Werbefenster, Adware ohne Ende, Download- und Update Aufforderungen Hallo schrauber, anbie einpaar Screenschots. Ich hoffe, das klappt jetzt. Hatte es schon drei abis vier mal versucht, aber bei dem ganzen Aufklappen und Wegklicken ist Arbeien im Internet kaum noch möglliche :-((( LG Peloe |
08.11.2014, 20:31 | #14 |
/// the machine /// TB-Ausbilder | Jeder Klick zwei neue Werbefenster, Adware ohne Ende, Download- und Update Aufforderungen Das spielt sich alles nur in Firefox ab. Also nochmal: Du hast Firefox mit Revo deinstalliert? ALLE Reste entfernt? Nichts vorher mit MozBackup oder irgend so einem Scheiss gesichert und wieder eingespielt? Anschliessend den FF laut Link komplett zurückgesetzt?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
08.11.2014, 21:53 | #15 |
| Danke, danke, danke ... Hallo schrauber, es hat geklappt!!!!! Hatte firefox zuvor "moderat" deinstallliert und diesmal den untersten Programmpunkt -also das volle Programm - gewählt! Und zusätzlich dann noch ein Programm, das irgendwas mit Mozilla hieß, gleich mit!!! Und nun kann ich wieder stressfrei und nach Herzenslust klicken und hier antworten, ohne dass ich mit 333 aufploppenden Fenstern kämpfen muss!! Toll, ein ganz neues Internetgefühl!!!! Ganz, ganz, ganz lieben und herzlichen Dank! Hast Du einen Tipp was ich machen kann, dass dies auch so bleibt? Lieben Gruß und einen wunderschönen Sonntag Peloe |