| |
| |||||||
Log-Analyse und Auswertung: Frst und addition logfilesWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
16.11.2014, 12:11
| #1 |
 |  Frst und addition logfiles VIELEN DANK IM VORAUS FÜR EURE HILFE HOFFE ES IST RICHTIG WIE ICH ES GEMACHT HABE Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-11-2014 01 Ran by mario (administrator) on MARIO-PC on 13-11-2014 18:23:24 Running from C:\Users\mario\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QXNLI2QR Loaded Profiles: mario & UpdatusUser (Available profiles: mario & UpdatusUser) Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (mst software GmbH, Germany) C:\Program Files\Ashampoo\Ashampoo WinOptimizer 8\DfSdkS.exe (SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE (SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE (Teruten) C:\Windows\System32\FsUsbExService.Exe () C:\ProgramData\DatacardService\HWDeviceService.exe (Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe () C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe (Sony Corporation) C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe (TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE () C:\Program Files\Ashampoo\Ashampoo WinOptimizer 8\LiveTunerService.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Google Inc.) C:\Program Files\Google\Update\1.3.25.11\GoogleCrashHandler.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Ashampoo Development GmbH & Co. KG) C:\Program Files\Ashampoo\Ashampoo WinOptimizer 8\LiveTuner.exe (Sony Corporation) C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (1und1 Mail und Media GmbH) C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (Google) C:\Program Files\Google\Drive\googledrivesync.exe (TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (Skillbrains) C:\Users\mario\AppData\Local\Skillbrains\lightshot\5.1.4.17\Lightshot.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Avira) C:\Program Files\Avira\AviraSpeedup\avira_system_speedup.exe (Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe (Google) C:\Program Files\Google\Drive\googledrivesync.exe (Dropbox, Inc.) C:\Users\mario\AppData\Roaming\Dropbox\bin\Dropbox.exe (OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Google Inc.) C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_15_0_0_223_ActiveX.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [8092192 2009-11-17] (Realtek Semiconductor) HKLM\...\Run: [Ashampoo WinOptimizer Live-Tuner] => C:\Program Files\Ashampoo\Ashampoo WinOptimizer 8\LiveTuner.exe [2656680 2011-09-28] (Ashampoo Development GmbH & Co. KG) HKLM\...\Run: [NPSStartup] => [X] HKLM\...\Run: [PMBVolumeWatcher] => C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe [651832 2011-08-24] (Sony Corporation) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated) HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [703736 2014-10-14] (Avira Operations GmbH & Co. KG) HKLM\...\Run: [KiesTrayAgent] => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [310064 2014-06-14] (Samsung Electronics Co., Ltd.) HKLM\...\Run: [MailCheck IE Broker] => C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe [1810496 2014-04-24] (1und1 Mail und Media GmbH) HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [124208 2014-10-22] (Avira Operations GmbH & Co. KG) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation) HKU\S-1-5-21-943191095-2846990741-2943127497-1001\...\Run: [EPSON1A5D7B (Epson Stylus SX420W)] => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIGCE.EXE [200704 2009-09-14] (SEIKO EPSON CORPORATION) HKU\S-1-5-21-943191095-2846990741-2943127497-1001\...\Run: [AutoStartNPSAgent] => C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe [102400 2009-04-02] (Samsung Electronics Co., Ltd.) HKU\S-1-5-21-943191095-2846990741-2943127497-1001\...\Run: [EPSON SX420W Series] => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIGCE.EXE [200704 2009-09-14] (SEIKO EPSON CORPORATION) HKU\S-1-5-21-943191095-2846990741-2943127497-1001\...\Run: [] => C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [843568 2014-06-14] (Samsung) HKU\S-1-5-21-943191095-2846990741-2943127497-1001\...\Run: [Facebook Update] => C:\Users\mario\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-09-02] (Facebook Inc.) HKU\S-1-5-21-943191095-2846990741-2943127497-1001\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [22869088 2014-10-21] (Google) HKU\S-1-5-21-943191095-2846990741-2943127497-1001\...\Run: [LightShot] => C:\Users\mario\AppData\Local\Skillbrains\lightshot\Lightshot.exe [226560 2014-06-18] () HKU\S-1-5-21-943191095-2846990741-2943127497-1001\...\Run: [TomTomHOME.exe] => C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [248208 2013-08-27] (TomTom) HKU\S-1-5-21-943191095-2846990741-2943127497-1001\...\Run: [AviraSpeedup] => C:\Program Files\Avira\AviraSpeedup\avira_system_speedup.exe [5395192 2014-10-03] (Avira) HKU\S-1-5-21-943191095-2846990741-2943127497-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [4825880 2014-10-23] (Piriform Ltd) HKU\S-1-5-21-943191095-2846990741-2943127497-1001\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2014-11-07] (Google Inc.) HKU\S-1-5-21-943191095-2846990741-2943127497-1001\...\MountPoints2: E - E:\AutoRun.exe HKU\S-1-5-21-943191095-2846990741-2943127497-1001\...\MountPoints2: {2e6f69a6-e937-11e1-bbef-001e101f7f74} - E:\AutoRun.exe HKU\S-1-5-21-943191095-2846990741-2943127497-1001\...\MountPoints2: {b0f9344c-df70-11d4-9acf-00a0d1ad0be0} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\index.html HKU\S-1-5-21-943191095-2846990741-2943127497-1001\...\MountPoints2: {b817d815-e92d-11e1-95fe-00a0d1ad0be0} - E:\AutoRun.exe HKU\S-1-5-21-943191095-2846990741-2943127497-1001\...\MountPoints2: {b817d82c-e92d-11e1-95fe-00a0d1ad0be0} - E:\AutoRun.exe HKU\S-1-5-21-943191095-2846990741-2943127497-1001\...\MountPoints2: {b817d84b-e92d-11e1-95fe-00a0d1ad0be0} - E:\AutoRun.exe HKU\S-1-5-18\...\Run: [AviraSpeedup] => C:\Program Files\Avira\AviraSpeedup\avira_system_speedup.exe [5395192 2014-10-03] (Avira) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.) Startup: C:\Users\mario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\mario\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\mario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe () ShellIconOverlayIdentifiers: [GDriveBlacklistedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google) ShellIconOverlayIdentifiers: [GDriveSharedEditOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google) ShellIconOverlayIdentifiers: [GDriveSharedViewOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google) ShellIconOverlayIdentifiers: [GDriveSyncedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google) ShellIconOverlayIdentifiers: [GDriveSyncingOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google) BootExecute: autocheck autochk * bootdelete GroupPolicy: Group Policy on Chrome detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.facebook.de/ HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x4C56FBDE1CBCCC01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartsurf.com/?type=hp&ts=1409769840&from=tugs&uid=ST9500325AS_5VE0Z7EZXXXX5VE0Z7EZ HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1409769840&from=tugs&uid=ST9500325AS_5VE0Z7EZXXXX5VE0Z7EZ&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartsurf.com/?type=hp&ts=1409769840&from=tugs&uid=ST9500325AS_5VE0Z7EZXXXX5VE0Z7EZ HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.istartsurf.com/?type=hp&ts=1409769840&from=tugs&uid=ST9500325AS_5VE0Z7EZXXXX5VE0Z7EZ HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartsurf.com/web/?type=ds&ts=1409769840&from=tugs&uid=ST9500325AS_5VE0Z7EZXXXX5VE0Z7EZ&q={searchTerms} URLSearchHook: HKLM - DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Users\mario\AppData\LocalLow\DVDVideoSoftTB\prxtbDVDV.dll (ClientConnect Ltd.) URLSearchHook: HKCU - DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Users\mario\AppData\LocalLow\DVDVideoSoftTB\prxtbDVDV.dll (ClientConnect Ltd.) HKU\S-1-5-21-943191095-2846990741-2943127497-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.istartsurf.com/?type=sc&ts=1409769840&from=tugs&uid=ST9500325AS_5VE0Z7EZXXXX5VE0Z7EZ SearchScopes: HKCU - {22FAACBA-E5CE-4A7E-8C1A-32B5C840F4D9} URL = hxxp://de.search.yahoo.com/search?fr=mcafee&p={SearchTerms} SearchScopes: HKCU - {462DBD11-50B6-4729-A19B-6CEFEB16DCD0} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8 SearchScopes: HKCU - {4B0E8FA1-5355-41B8-981D-A32F6C1D8362} URL = hxxp://go.gmx.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8 SearchScopes: HKCU - {99F56934-85E6-4298-83E6-529910F9802A} URL = hxxp://go.mail.com/tb/en-us/ie_searchplugin/?q={searchTerms}&enc=UTF-8 SearchScopes: HKCU - {C3FB7335-8FD3-46D3-BDFD-9A923343E753} URL = hxxp://go.web.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8 SearchScopes: HKCU - {C89738FB-E293-45FF-92B5-01EF65686D1B} URL = https://www.google.com/search?q={searchTerms} SearchScopes: HKCU - {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = hxxp://mystart.incredibar.com/mb165/?search={searchTerms}&loc=IB_DS&a=6OyHBv6JC2&i=26 SearchScopes: HKCU - {FC7E5970-0E3B-43FA-80E5-7D4E0290DA1B} URL = https://www.google.com/search?q={searchTerms} BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.) BHO: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation) BHO: DVDVideoSoftTB Toolbar -> {872b5b88-9db5-4310-bdd0-ac189557e5f5} -> C:\Users\mario\AppData\LocalLow\DVDVideoSoftTB\prxtbDVDV.dll (ClientConnect Ltd.) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO: WEB.DE MailCheck BHO -> {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} -> C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION) Toolbar: HKLM - WEB.DE MailCheck - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH) Toolbar: HKLM - DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Users\mario\AppData\LocalLow\DVDVideoSoftTB\prxtbDVDV.dll (ClientConnect Ltd.) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_67-windows-i586.cab DPF: {CAFEEFAC-0017-0000-0067-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_67-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_67-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - No File Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - No File Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Handler: webde - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 Tcpip\..\Interfaces\{5863A184-9385-4DFA-BFB2-A6562BDC40C0}: [NameServer] 212.52.97.25 193.70.152.25 Tcpip\..\Interfaces\{95112B73-AD06-42EF-A679-B7309AE7DC15}: [NameServer] 212.52.97.25 193.70.152.25 Tcpip\..\Interfaces\{9D70F6C1-8888-4D2B-A03E-3F30228CDCD5}: [NameServer] 193.70.152.25 212.52.97.25 FireFox: ======== FF ProfilePath: C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\t3k3gzn5.default FF NewTab: chrome://unitedtb/content/newtab/newtab-page.xhtml FF DefaultSearchEngine: istartsurf FF SelectedSearchEngine: istartsurf FF Homepage: www.facebook.de FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_223.dll () FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate) FF Plugin: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\t3k3gzn5.default\searchplugins\babylon1.xml FF SearchPlugin: C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\t3k3gzn5.default\searchplugins\conduit.xml FF SearchPlugin: C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\t3k3gzn5.default\searchplugins\delta.xml FF SearchPlugin: C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\t3k3gzn5.default\searchplugins\MyStart Search.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\ddg.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Browsers App - C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\t3k3gzn5.default\Extensions\herman.thorne45@outlook.com [2014-10-03] FF Extension: WEB.DE MailCheck - C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\t3k3gzn5.default\Extensions\toolbar@web.de [2014-10-03] FF Extension: DVDVideoSoftTB - C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\t3k3gzn5.default\Extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2014-09-03] FF Extension: Free YouTube Download (Free Studio) Menu - C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\t3k3gzn5.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012-11-01] FF Extension: midikar - C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\t3k3gzn5.default\Extensions\{e97a8b1d-ea32-4839-9c97-b92ab27cb15e} [2014-11-13] FF Extension: ProxTube - C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\t3k3gzn5.default\Extensions\ich@maltegoetz.de.xpi [2014-10-11] FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-11-13] FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2014-11-13] FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2001-01-01] Chrome: ======= CHR HomePage: Default -> https://www.facebook.com/logout.php CHR StartupUrls: Default -> "https://www.facebook.com/index.php?stype=lo&lh=Ac8dWS5ReYw4q_9A" CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google :inputType}{google:cursorPosition}{google:currentPageUrl}{google  ageClassification}{google:searchVersion}{google:sessionToken}{googlerefetchQuery}s ugkey={google:suggestAPIKeyParameter}CHR Profile: C:\Users\mario\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Präsentationen) - C:\Users\mario\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-20] CHR Extension: (Google Docs) - C:\Users\mario\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-20] CHR Extension: (Google Drive) - C:\Users\mario\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-20] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\mario\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-20] CHR Extension: (YouTube) - C:\Users\mario\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-20] CHR Extension: (Google-Suche) - C:\Users\mario\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-20] CHR Extension: (Google Tabellen) - C:\Users\mario\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-20] CHR Extension: (Avira Browser Safety) - C:\Users\mario\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-10-26] CHR Extension: (Avira SafeSearch) - C:\Users\mario\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldmiahjidflgnbiadknkmaimfpjkelng [2014-10-26] CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\mario\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-11] CHR Extension: (Google Wallet) - C:\Users\mario\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-20] CHR Extension: (Mehr Leistung und Videoformate für dein HTML5 <video>) - C:\Users\mario\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2014-10-20] CHR Extension: (Google Mail) - C:\Users\mario\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-20] CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-12-12] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [431920 2014-10-14] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [431920 2014-10-14] (Avira Operations GmbH & Co. KG) R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [164656 2014-10-22] (Avira Operations GmbH & Co. KG) R2 DfSdkS; C:\Program Files\Ashampoo\Ashampoo WinOptimizer 8\DfsdkS.exe [406016 2009-08-24] (mst software GmbH, Germany) [File not signed] R2 EPSON_EB_RPCV4_04; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE [153600 2009-09-14] (SEIKO EPSON CORPORATION) [File not signed] R2 EPSON_PM_RPCV4_04; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE [121856 2009-09-14] (SEIKO EPSON CORPORATION) [File not signed] R2 FsUsbExService; C:\Windows\system32\FsUsbExService.Exe [233472 2009-03-31] (Teruten) [File not signed] S2 globalUpdate; C:\Program Files\globalUpdate\Update\GoogleUpdate.exe [68608 2014-09-03] (globalUpdate) [File not signed] S3 globalUpdatem; C:\Program Files\globalUpdate\Update\GoogleUpdate.exe [68608 2014-09-03] (globalUpdate) [File not signed] R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [106248 2014-11-13] (SurfRight B.V.) R2 HWDeviceService.exe; C:\ProgramData\DatacardService\HWDeviceService.exe [271712 2011-03-14] () R2 Live Updater Service; C:\Program Files\Acer\Acer Updater\UpdaterService.exe [255376 2012-04-05] (Acer Incorporated) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.) S2 Mobile Partner. RunOuc; C:\Program Files\Mobile Partner\UpdateDog\ouc.exe [246112 2012-08-18] () S3 ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [430592 2008-04-07] (Nokia.) [File not signed] R2 WO_LiveService; C:\Program Files\Ashampoo\Ashampoo WinOptimizer 8\LiveTunerService.exe [885160 2011-09-28] () ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 51110541; C:\Windows\System32\DRIVERS\51110541.sys [128016 2009-09-25] (Kaspersky Lab) R0 51110542; C:\Windows\System32\DRIVERS\51110542.sys [37392 2009-10-22] (Kaspersky Lab) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98160 2014-10-14] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-10-14] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2014-02-25] (Avira Operations GmbH & Co. KG) R2 EpmPsd; C:\Windows\system32\drivers\epm-psd.sys [4096 2004-07-19] (Acer Value Labs, USA) [File not signed] R2 EpmShd; C:\Windows\system32\drivers\epm-shd.sys [78208 2005-04-07] (Acer Value Labs, USA) [File not signed] R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36608 2009-03-31] () [File not signed] R3 L1E; C:\Windows\System32\DRIVERS\L1E62x86.sys [48640 2009-08-23] (Atheros Communications, Inc.) R2 LiveTunerPM; C:\Program Files\Ashampoo\Ashampoo WinOptimizer 8\LiveTunerProcessMonitor32.sys [12696 2011-03-08] () R1 setup_9.0.0.722_17.12.2011_15-25drv; C:\Windows\System32\DRIVERS\5111054.sys [311312 2009-10-09] (Kaspersky Lab) R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2014-02-25] (Avira GmbH) S3 TTCinergyT2; C:\Windows\System32\drivers\TTCinergyT2BDA.sys [22528 2005-10-06] (TerraTec Electronic GmbH) S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [43520 2012-02-15] (Apple, Inc.) [File not signed] S3 zghsmdm; C:\Windows\System32\DRIVERS\zghsmdm.sys [106752 2011-01-13] (ZTE Incorporated) S3 dgderdrv; System32\drivers\dgderdrv.sys [X] S0 hitmanpro37duringboot; system32\drivers\hitmanpro37.sys [X] S3 ute4njq3; \??\C:\Windows\system32\Drivers\ute4njq3.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-13 18:37 - 2014-11-13 18:37 - 00000000 ____D () C:\31cd9b6eea04efa7fe74 2014-11-13 18:37 - 2014-11-13 18:37 - 00000000 _____ () C:\Users\mario\Downloads\avira-eu-cleaner_de_exe.82d1sna.partial 2014-11-13 18:30 - 2014-11-13 18:30 - 00045928 _____ () C:\Windows\system32\.crusader 2014-11-13 18:24 - 2014-11-13 18:24 - 00000000 _____ () C:\Users\mario\Downloads\hmpalert_exe.vo44ku4.partial 2014-11-13 18:23 - 2014-11-13 18:23 - 00000000 ____D () C:\FRST 2014-11-13 18:20 - 2014-11-13 18:20 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-11-13 18:19 - 2014-11-13 18:19 - 00000000 ____D () C:\Program Files\Common Files\Java 2014-11-13 18:13 - 2014-11-13 18:13 - 00001909 _____ () C:\Users\Public\Desktop\HitmanPro.lnk 2014-11-13 18:13 - 2014-11-13 18:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro 2014-11-13 18:13 - 2014-11-13 18:13 - 00000000 ____D () C:\Program Files\HitmanPro 2014-11-13 18:12 - 2014-11-13 18:30 - 00000000 ____D () C:\ProgramData\HitmanPro 2014-11-13 18:12 - 2014-11-05 18:50 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2014-11-13 18:12 - 2014-11-05 18:50 - 00203776 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-11-13 18:12 - 2014-11-05 18:47 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-11-13 18:12 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll 2014-11-13 18:12 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2014-11-13 18:12 - 2014-10-03 02:44 - 00475136 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll 2014-11-13 18:12 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll 2014-11-13 18:12 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll 2014-11-13 18:12 - 2014-10-03 02:44 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll 2014-11-13 18:12 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll 2014-11-13 18:12 - 2014-09-19 10:23 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-11-13 18:12 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2014-11-13 18:12 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-11-13 18:12 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2014-11-13 18:12 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2014-11-13 18:12 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-11-13 18:12 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-11-13 18:12 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2014-11-13 18:12 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2014-11-13 18:12 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL 2014-11-13 18:11 - 2014-11-13 18:12 - 10284408 _____ (SurfRight B.V.) C:\Users\mario\Downloads\hitmanpro.exe 2014-11-13 18:11 - 2014-11-07 20:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-11-13 18:11 - 2014-11-06 04:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-11-13 18:11 - 2014-11-06 04:28 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-11-13 18:11 - 2014-11-06 04:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-11-13 18:11 - 2014-11-06 04:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-11-13 18:11 - 2014-11-06 04:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-11-13 18:11 - 2014-11-06 04:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-11-13 18:11 - 2014-11-06 04:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-11-13 18:11 - 2014-11-06 04:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-11-13 18:11 - 2014-11-06 04:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-11-13 18:11 - 2014-11-06 04:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-11-13 18:11 - 2014-11-06 04:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-11-13 18:11 - 2014-11-06 03:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-11-13 18:11 - 2014-11-06 03:59 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-11-13 18:11 - 2014-11-06 03:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-11-13 18:11 - 2014-11-06 03:51 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-11-13 18:11 - 2014-11-06 03:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-11-13 18:11 - 2014-11-06 03:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-11-13 18:11 - 2014-11-06 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-11-13 18:11 - 2014-11-06 03:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-11-13 18:11 - 2014-11-06 03:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-11-13 18:11 - 2014-11-06 03:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-11-13 18:11 - 2014-11-06 03:22 - 00683008 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-11-13 18:11 - 2014-11-06 03:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-11-13 18:11 - 2014-11-06 03:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-11-13 18:11 - 2014-11-06 03:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-11-13 18:11 - 2014-11-06 03:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-11-13 18:11 - 2014-11-06 02:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-11-13 18:11 - 2014-11-06 02:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-11-13 18:11 - 2014-11-06 02:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-11-13 18:11 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll 2014-11-13 18:11 - 2014-10-14 02:56 - 00136632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2014-11-13 18:11 - 2014-10-14 02:50 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-11-13 18:11 - 2014-10-14 02:50 - 00523776 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll 2014-11-13 18:11 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2014-11-13 18:11 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2014-11-13 18:11 - 2014-10-10 01:45 - 02379264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-11-13 18:01 - 2014-11-13 18:11 - 00000000 ____D () C:\Program Files\Mozilla Firefox.bak 2014-11-13 17:56 - 2014-11-13 17:56 - 00000000 __SHD () C:\Users\mario\AppData\Local\EmieBrowserModeList 2014-11-13 17:52 - 2014-11-13 17:54 - 00000112 _____ () C:\Windows\setupact.log 2014-11-13 17:52 - 2014-11-13 17:52 - 00000000 _____ () C:\Windows\setuperr.log 2014-11-07 18:41 - 2014-11-08 18:48 - 00002125 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-11-07 18:41 - 2014-11-07 18:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2014-11-01 17:26 - 2014-11-01 17:27 - 36865528 _____ () C:\Users\mario\Downloads\WEB.DE_Firefox_Setup.exe 2014-11-01 17:25 - 2014-11-13 17:52 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-11-01 17:25 - 2014-11-01 17:25 - 00001121 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-11-01 17:25 - 2014-11-01 17:25 - 00001109 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-10-26 16:01 - 2014-10-26 16:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus 2014-10-26 16:01 - 2014-10-26 16:01 - 00000000 ____D () C:\Program Files\McAfee Security Scan 2014-10-20 18:49 - 2014-10-20 18:49 - 00000000 ____D () C:\Users\mario\AppData\Roaming\Opera Software 2014-10-20 18:49 - 2014-10-20 18:49 - 00000000 ____D () C:\Users\mario\AppData\Local\Opera Software 2014-10-20 18:47 - 2014-10-20 18:47 - 00868168 _____ (Opera Software) C:\Users\mario\Downloads\Opera_NI_stable.exe 2014-10-20 18:22 - 2014-10-26 16:01 - 00002016 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk 2014-10-20 18:22 - 2014-10-26 16:01 - 00000000 ____D () C:\ProgramData\McAfee Security Scan 2014-10-20 18:13 - 2014-09-04 06:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll 2014-10-20 18:13 - 2014-08-29 02:44 - 04922368 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2014-10-20 18:13 - 2014-08-29 02:44 - 02744320 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll 2014-10-20 18:13 - 2014-08-29 02:44 - 01050112 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe 2014-10-20 18:13 - 2014-08-29 02:44 - 00269312 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll 2014-10-20 18:13 - 2014-08-29 02:44 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll 2014-10-20 18:13 - 2014-07-17 02:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll 2014-10-20 18:13 - 2014-07-17 02:39 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe 2014-10-20 18:13 - 2014-07-17 02:39 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll 2014-10-20 18:13 - 2014-07-17 02:03 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys 2014-10-20 18:13 - 2014-07-17 02:02 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys 2014-10-20 18:13 - 2014-06-18 23:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll 2014-10-20 18:13 - 2014-06-18 23:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll 2014-10-20 18:13 - 2014-06-18 23:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll 2014-10-14 17:34 - 2014-10-14 17:34 - 00210775 _____ () C:\Users\mario\Downloads\7W8NY.zip 2014-10-14 17:28 - 2014-10-14 17:28 - 00000000 ____D () C:\Users\mario\Documents\EBAY 2014-10-14 15:46 - 2014-11-01 17:14 - 00001099 _____ () C:\Users\Public\Desktop\Avira.lnk 2014-10-14 15:45 - 2014-10-14 15:45 - 00323672 _____ (Dropbox, Inc.) C:\Users\mario\Downloads\DropboxInstaller.exe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-13 18:52 - 2014-01-24 21:56 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-11-13 18:51 - 2014-01-25 22:23 - 00000376 _____ () C:\Windows\Tasks\update-S-1-5-21-943191095-2846990741-2943127497-1001.job 2014-11-13 18:41 - 2012-05-06 19:09 - 00069120 ___SH () C:\Users\mario\Documents\Thumbs.db 2014-11-13 18:38 - 2013-08-15 10:06 - 00000000 ____D () C:\Windows\system32\MRT 2014-11-13 18:37 - 2001-01-01 00:07 - 100445232 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-11-13 18:35 - 2012-05-01 15:12 - 03550720 ___SH () C:\Users\mario\Downloads\Thumbs.db 2014-11-13 18:34 - 2013-09-02 14:29 - 00000928 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-943191095-2846990741-2943127497-1001UA.job 2014-11-13 18:29 - 2014-09-03 19:47 - 00000000 ____D () C:\ProgramData\IePluginServices 2014-11-13 18:19 - 2014-09-10 16:19 - 00000000 ____D () C:\ProgramData\Oracle 2014-11-13 18:17 - 2014-09-10 16:18 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll 2014-11-13 18:17 - 2014-09-10 16:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-11-13 18:17 - 2001-01-01 15:13 - 00000000 ____D () C:\Program Files\Java 2014-11-13 18:10 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET 2014-11-13 18:04 - 2011-12-16 18:38 - 01431970 _____ () C:\Windows\WindowsUpdate.log 2014-11-13 18:04 - 2009-07-14 05:34 - 00022576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-11-13 18:04 - 2009-07-14 05:34 - 00022576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-11-13 18:00 - 2014-04-28 15:42 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-11-13 18:00 - 2011-12-16 18:54 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-11-13 17:59 - 2012-04-04 17:07 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-11-13 17:59 - 2012-04-04 17:07 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-11-13 17:59 - 2012-02-06 19:58 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2014-11-13 17:57 - 2013-10-19 13:04 - 00000000 ___RD () C:\Users\mario\Dropbox 2014-11-13 17:57 - 2013-10-19 13:02 - 00000000 ____D () C:\Users\mario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-11-13 17:57 - 2013-10-19 12:57 - 00000000 ____D () C:\Users\mario\AppData\Roaming\Dropbox 2014-11-13 17:56 - 2014-01-24 22:01 - 00000000 ___RD () C:\Users\mario\Google Drive 2014-11-13 17:55 - 2014-09-03 19:49 - 00002750 _____ () C:\Windows\Tasks\f25128c7-bbfe-4598-b1d8-0fd17d6e8375-1.job 2014-11-13 17:55 - 2014-09-03 19:49 - 00002422 _____ () C:\Windows\Tasks\f25128c7-bbfe-4598-b1d8-0fd17d6e8375-5_user.job 2014-11-13 17:55 - 2014-09-03 19:49 - 00002422 _____ () C:\Windows\Tasks\f25128c7-bbfe-4598-b1d8-0fd17d6e8375-5.job 2014-11-13 17:55 - 2014-09-03 19:47 - 00003446 _____ () C:\Windows\Tasks\f25128c7-bbfe-4598-b1d8-0fd17d6e8375-6.job 2014-11-13 17:55 - 2014-09-03 19:47 - 00003446 _____ () C:\Windows\Tasks\f25128c7-bbfe-4598-b1d8-0fd17d6e8375-4.job 2014-11-13 17:55 - 2014-09-03 19:47 - 00003110 _____ () C:\Windows\Tasks\f25128c7-bbfe-4598-b1d8-0fd17d6e8375-7.job 2014-11-13 17:55 - 2014-09-03 19:46 - 00004472 _____ () C:\Windows\Tasks\f25128c7-bbfe-4598-b1d8-0fd17d6e8375-11.job 2014-11-13 17:55 - 2014-09-03 19:46 - 00003110 _____ () C:\Windows\Tasks\f25128c7-bbfe-4598-b1d8-0fd17d6e8375-3.job 2014-11-13 17:55 - 2014-09-03 19:46 - 00000898 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job 2014-11-13 17:55 - 2014-01-24 21:56 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-11-13 17:55 - 2012-11-10 12:00 - 00000435 _____ () C:\Windows\system32\Drivers\etc\hosts.ics 2014-11-13 17:54 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-11-13 17:54 - 2009-07-14 05:33 - 00289816 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-11-13 17:52 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE 2014-11-08 18:32 - 2011-12-16 19:10 - 00000000 ____D () C:\Users\mario\AppData\Local\Google 2014-11-07 18:42 - 2014-08-14 23:48 - 00000000 ____D () C:\Users\mario\AppData\Local\Adobe 2014-11-07 18:42 - 2012-02-06 18:47 - 00000000 ____D () C:\ProgramData\Google 2014-11-07 18:42 - 2011-12-16 19:10 - 00000000 ____D () C:\Program Files\Google 2014-11-07 17:52 - 2014-01-24 21:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive 2014-11-01 17:14 - 2014-03-14 18:40 - 00000000 ____D () C:\ProgramData\Package Cache 2014-11-01 17:14 - 2014-03-14 18:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2014-11-01 17:14 - 2014-03-14 18:40 - 00000000 ____D () C:\Program Files\Avira 2014-10-31 16:55 - 2014-01-25 22:23 - 00000376 _____ () C:\Windows\Tasks\update-sys.job 2014-10-26 16:49 - 2012-11-05 20:20 - 00000000 ___RD () C:\Users\mario\Desktop\karaoke 2014-10-26 16:28 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache 2014-10-26 16:15 - 2011-12-18 12:13 - 00000000 ____D () C:\Program Files\Opera 2014-10-20 18:30 - 2014-08-28 19:29 - 00000969 _____ () C:\Users\Public\Desktop\CCleaner.lnk 2014-10-20 18:30 - 2014-08-28 19:29 - 00000000 ____D () C:\Program Files\CCleaner 2014-10-20 17:59 - 2009-07-14 03:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories 2014-10-14 18:01 - 2012-07-21 17:59 - 00352256 ___SH () C:\Users\mario\Desktop\Thumbs.db 2014-10-14 17:39 - 2012-06-15 22:34 - 00000000 ____D () C:\Users\mario\Desktop\fotos allgemein 2014-10-14 15:37 - 2014-03-23 10:37 - 00037384 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys 2014-10-14 15:37 - 2014-03-14 18:43 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2014-10-14 15:37 - 2014-03-14 18:43 - 00098160 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys Files to move or delete: ==================== C:\Users\mario\start32bitprogram.exe Some content of TEMP: ==================== C:\Users\mario\AppData\Local\Temp\avgnt.exe C:\Users\mario\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmphzt_4y.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-11-11 17:54 ==================== End Of Log ============================Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-11-2014 01 Ran by mario at 2014-11-13 18:24:53 Running from C:\Users\mario\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QXNLI2QR Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859} AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Acer Updater (HKLM\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3502 - Acer Incorporated) Adobe Digital Editions (HKLM\...\Digital Editions) (Version: - ) Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.223 - Adobe Systems Incorporated) Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.223 - Adobe Systems Incorporated) Adobe Reader XI (11.0.09) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated) Adobe Shockwave Player 11.6 (HKLM\...\Adobe Shockwave Player) (Version: 11.6.3.633 - Adobe Systems, Inc.) AnalogX Vocal Remover (HKLM\...\AnalogX Vocal Remover) (Version: - AnalogX) Ashampoo WinOptimizer 8 v.8.13 (HKLM\...\Ashampoo WinOptimizer 8_is1) (Version: 8.1.3 - Ashampoo GmbH & Co. KG) Avira (HKLM\...\{9480d4af-12b9-4e56-8034-4031ef6ab39d}) (Version: 1.1.25.25607 - Avira Operations GmbH & Co. KG) Avira (Version: 1.1.25.25607 - Avira Operations GmbH & Co. KG) Hidden Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.7.306 - Avira) Avira System Speedup (HKLM\...\AviraSpeedup) (Version: 1.3.1.9970 - Avira System Speedup) BtwMfcMM (HKLM\...\{D5B46D30-F054-4C64-9C0F-97C8451E7D04}) (Version: 6.00.0000 - Broadcom Corporation) CCleaner (HKLM\...\CCleaner) (Version: 4.19 - Piriform) Cinergy XS Series V5.09.0304.00a (HKLM\...\Cinergy XS Series) (Version: 5.09.0304.00a - ) D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden DivX-Setup (HKLM\...\DivX Setup) (Version: 2.6.1.3 - DivX, LLC) DVBViewer TERRATEC Edition (HKLM\...\DVBViewer TERRATEC Edition_is1) (Version: - CM&V) DVDVideoSoftTB Toolbar for IE (HKLM\...\IECT2269050) (Version: 6.20.0.10 - DVDVideoSoftTB) Epson Easy Photo Print 2 (HKLM\...\{30E01116-5666-4807-8EF1-D80E9FF16717}) (Version: 2.3.2.0 - SEIKO EPSON CORPORATION) Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION2) EPSON Scan (HKLM\...\EPSON Scanner) (Version: - Seiko Epson Corporation) EPSON SX420W Series Printer Uninstall (HKLM\...\EPSON SX420W Series) (Version: - SEIKO EPSON Corporation) EpsonNet Print (HKLM\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.4j - SEIKO EPSON CORPORATION) Facebook Video Calling 3.1.0.521 (HKLM\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited) Fotogalerie (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Free Studio version 5.3.2 (HKLM\...\Free Studio_is1) (Version: - DVDVideoSoft Ltd.) Free Video to Samsung Phones Converter version 5.0.20.1031 (HKLM\...\Free Video to Samsung Phones Converter_is1) (Version: 5.0.20.1031 - DVDVideoSoft Ltd.) Free YouTube Download version 3.1.39.1015 (HKLM\...\Free YouTube Download_is1) (Version: 3.1.39.1015 - DVDVideoSoft Ltd.) Free YouTube to MP3 Converter version 3.12.20.1230 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.20.1230 - DVDVideoSoft Ltd.) Google Chrome (HKLM\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.) Google Drive (HKLM\...\{C60F3836-333A-4AE2-B526-CFDBA143A9BA}) (Version: 1.18.7821.2489 - Google, Inc.) Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.) Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.232 - SurfRight B.V.) Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle) Java 8 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation) Junk Mail filter update (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden KaraFun 1.18 (HKLM\...\KaraFun_is1) (Version: - Recisio) KaraokeMedia Home PC (Version: 1.0.0 - ECLIPSE PRODUCCIONES S.L) Hidden K-Lite Codec Pack 6.1.0 (Full) (HKLM\...\KLiteCodecPack_is1) (Version: 6.1.0 - ) Lightshot-5.1.4.17 (HKLM\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.1.4.17 - Skillbrains) McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.) Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Camera Codec Pack (HKLM\...\{908C5B2E-D684-425E-A54D-FE77D5C5A076}) (Version: 16.4.1970.0624 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation) Mobile Partner (HKLM\...\Mobile Partner) (Version: 21.003.25.02.51 - Huawei Technologies Co.,Ltd) Movie Maker (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Mozilla Firefox 33.1 (x86 de) (HKLM\...\Mozilla Firefox 33.1 (x86 de)) (Version: 33.1 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 33.0.2 - Mozilla) MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden MSVCRT110 (Version: 16.4.1108.0727 - Microsoft) Hidden MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB973685) (HKLM\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation) NVIDIA Grafiktreiber 327.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.02 - NVIDIA Corporation) NVIDIA HD-Audiotreiber 1.3.26.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.26.4 - NVIDIA Corporation) NVIDIA PhysX-Systemsoftware 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation) NVIDIA Update 1.14.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.14.17 - NVIDIA Corporation) OpenOffice.org 3.4.1 (HKLM\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation) PC Connectivity Solution (HKLM\...\{AC599724-5755-48C1-ABE7-ABB857652930}) (Version: 8.15.0.0 - Nokia) Photo Common (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Photo Gallery (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Photomizer (HKLM\...\{A00F8237-F496-44D2-0001-E3CCF8CD58AE}) (Version: 1.0.10.0827 - Engelmann Media GmbH) PMB (HKLM\...\{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}) (Version: 5.8.02.10270 - Sony Corporation) Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5983 - Realtek Semiconductor Corp.) RMPrepUSB (HKLM\...\RMPrepUSB) (Version: - ) Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.2.14014_6 - Samsung Electronics Co., Ltd.) Samsung Kies (Version: 2.6.2.14014_6 - Samsung Electronics Co., Ltd.) Hidden Samsung Kies3 (HKLM\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.14055.3 - Samsung Electronics Co., Ltd.) Samsung Kies3 (Version: 3.2.14055.3 - Samsung Electronics Co., Ltd.) Hidden Samsung Mobile phone USB driver Drive Software (HKLM\...\Samsung Mobile phone USB driver Drive) (Version: - ) Samsung New PC Studio (HKLM\...\InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}) (Version: 1.00.0000 - Samsung Electronics Co., Ltd.) Samsung New PC Studio (Version: 1.00.0000 - Samsung Electronics Co., Ltd.) Hidden SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.43.0 - SAMSUNG Electronics Co., Ltd.) SamsungConnectivityCableDriver (HKLM\...\{7E84FAC8-C518-40F9-9807-7455301D6D25}) (Version: 6.83.6.2.1 - Samsung) Skype™ 6.3 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.3.105 - Skype Technologies S.A.) swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden System Requirements Lab (HKLM\...\SystemRequirementsLab) (Version: - ) TomTom HOME (HKLM\...\{99072AB4-D795-44D5-9D65-E3C9F8322C97}) (Version: 2.9.7 - Ihr Firmenname) TomTom HOME Visual Studio Merge Modules (HKLM\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.) vanBasco's Karaoke Player (HKLM\...\VMidi) (Version: - ) VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden WEB.DE Desktop Icons (HKLM\...\1&1 Mail & Media GmbH 1und1DesktopIconsInstaller) (Version: 3.0.3.0 - 1&1 Mail & Media GmbH) WEB.DE MailCheck für Internet Explorer (HKLM\...\1&1 Mail & Media GmbH Toolbar IE8) (Version: 2.5.1.0 - 1&1 Mail & Media GmbH) WEB.DE Softwareaktualisierung (HKLM\...\1&1 Mail & Media GmbH 1und1Softwareaktualisierung) (Version: 3.0.0.55 - 1&1 Mail & Media GmbH) WIDCOMM Bluetooth Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.0.9700 - Broadcom Corporation) Winamp (HKLM\...\Winamp) (Version: 5.666 - Nullsoft, Inc) Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation) Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-943191095-2846990741-2943127497-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\mario\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-943191095-2846990741-2943127497-1001_Classes\CLSID\{1FD1FE74-9E3C-4C1C-AEEB-AAB592AD770F}\localserver32 -> C:\Users\mario\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) CustomCLSID: HKU\S-1-5-21-943191095-2846990741-2943127497-1001_Classes\CLSID\{55cbb4a1-515f-5947-9e5e-931ec3e954ea}\InprocServer32 -> C:\Users\mario\AppData\Local\PagePlace\npPagePlaceStarter.dll (Deutsche Telekom AG) CustomCLSID: HKU\S-1-5-21-943191095-2846990741-2943127497-1001_Classes\CLSID\{5E71E4F3-E8C7-4906-9626-973E418762B6}\InprocServer32 -> C:\Users\mario\AppData\Local\Facebook\Update\1.2.205.0\goopdate.dll (Facebook Inc.) CustomCLSID: HKU\S-1-5-21-943191095-2846990741-2943127497-1001_Classes\CLSID\{7B37E4E2-C62F-4914-9620-8FB5062718CC}\localserver32 -> C:\Users\mario\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-943191095-2846990741-2943127497-1001_Classes\CLSID\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}\InprocServer32 -> C:\Users\mario\AppData\LocalLow\DVDVideoSoftTB\prxtbDVDV.dll (ClientConnect Ltd.) CustomCLSID: HKU\S-1-5-21-943191095-2846990741-2943127497-1001_Classes\CLSID\{8B9F5BF4-0407-4BB2-9FED-4C0372DABD00}\localserver32 -> C:\Users\mario\AppData\Local\Facebook\Video\Skype\FacebookVideoCallingProxy.exe (Skype Limited) CustomCLSID: HKU\S-1-5-21-943191095-2846990741-2943127497-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\mario\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-943191095-2846990741-2943127497-1001_Classes\CLSID\{AB807329-7324-431B-8B36-DBD581F56E0B}\localserver32 -> C:\Users\mario\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-943191095-2846990741-2943127497-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\mario\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-943191095-2846990741-2943127497-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\mario\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-943191095-2846990741-2943127497-1001_Classes\CLSID\{CBE9C57E-FFA9-4123-8354-AD360D6DD3CC}\InprocServer32 -> C:\Users\mario\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) CustomCLSID: HKU\S-1-5-21-943191095-2846990741-2943127497-1001_Classes\CLSID\{D3F69D07-0AEE-47AF-87D0-1A67D4F70C68}\InprocServer32 -> C:\Users\mario\AppData\LocalLow\DVDVideoSoftTB\prxtbDVDV.dll (ClientConnect Ltd.) CustomCLSID: HKU\S-1-5-21-943191095-2846990741-2943127497-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\mario\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-943191095-2846990741-2943127497-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\mario\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\FileSyncApi.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-943191095-2846990741-2943127497-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\mario\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-943191095-2846990741-2943127497-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\mario\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-943191095-2846990741-2943127497-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\mario\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-943191095-2846990741-2943127497-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\mario\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-943191095-2846990741-2943127497-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\mario\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-943191095-2846990741-2943127497-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\mario\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-943191095-2846990741-2943127497-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\mario\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-943191095-2846990741-2943127497-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\mario\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) ==================== Restore Points ========================= 20-10-2014 17:24:52 Windows Update 13-11-2014 16:58:05 Windows Update 13-11-2014 17:11:32 Prüfpunkt von HitmanPro 13-11-2014 17:28:07 Prüfpunkt von HitmanPro 13-11-2014 17:29:35 Prüfpunkt von HitmanPro 13-11-2014 17:35:28 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {03CB802F-112B-49F3-87DB-868B62B43716} - System32\Tasks\f25128c7-bbfe-4598-b1d8-0fd17d6e8375-4 => C:\Program Files\Browsers Apps -\f25128c7-bbfe-4598-b1d8-0fd17d6e8375-4.exe <==== ATTENTION Task: {082530D3-26DA-42B3-96CB-6F6842A4AB66} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation) Task: {12758D70-1112-415E-8C53-061DDA7066D5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-01-24] (Google Inc.) Task: {1AE3379E-7DC5-4FB8-BD37-57D955021049} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-943191095-2846990741-2943127497-1001UA => C:\Users\mario\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-09-02] (Facebook Inc.) Task: {1DD25F6A-C164-4FAE-B82F-68B9922D3CA0} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files\globalUpdate\Update\GoogleUpdate.exe [2014-09-03] (globalUpdate) <==== ATTENTION Task: {23225D99-23E9-4883-8B96-7D892214EFC7} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation) Task: {28D377D4-0EDD-4B6C-895D-F486311630C6} - System32\Tasks\VisualBeeRecovery => C:\Users\mario\AppData\Local\VisualBeeExe\VisualBeeRecovery.exe [2012-03-14] () <==== ATTENTION Task: {2A58B47A-EA43-4758-9D74-A3627E22DBCA} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-943191095-2846990741-2943127497-1001 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe Task: {2CEC042C-FB6F-4980-AF79-C31880B2D054} - System32\Tasks\AviraSpeedup => C:\Program Files\Avira\AviraSpeedup\avira_system_speedup.exe [2014-10-03] (Avira) Task: {32007FB4-69E9-4260-8717-653C6A7C9CB0} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation) Task: {33F3912B-B39F-437F-8007-92C30BCDBD78} - System32\Tasks\{554D785F-1C63-4CC7-90FF-EA80F1D498A6} => C:\Users\mario\Desktop\wichtig\OpenOffice.org 3.3 (de) Installation Files\java\jre-windows-i586.exe [2011-01-19] (Sun Microsystems, Inc.) Task: {3F40672C-8952-433E-A489-CC0B423DBAB6} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-10-23] (Piriform Ltd) Task: {458797B4-917C-4936-A94F-72AAFEA7DA2C} - System32\Tasks\update-sys => C:\Program Files\Skillbrains\Updater\Updater.exe [2014-03-25] () Task: {5423B9D1-D22C-44A4-8EC4-F43EAD894DA2} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation) Task: {564DE98C-ED8F-43C7-9913-94D891948E88} - System32\Tasks\f25128c7-bbfe-4598-b1d8-0fd17d6e8375-5 => C:\Program Files\Browsers Apps -\f25128c7-bbfe-4598-b1d8-0fd17d6e8375-5.exe <==== ATTENTION Task: {6F4B03CE-18C9-4472-A441-8B1678289726} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-13] (Adobe Systems Incorporated) Task: {7588A398-1D8B-4835-ACCB-13CD95AB0395} - System32\Tasks\Registration 1und1 Task => C:\Program Files\1und1Softwareaktualisierung\cdsupdclient.exe [2013-06-18] (1&1 Mail & Media GmbH) Task: {77F73005-7BA9-4A2D-96FE-FADAA67DC60A} - System32\Tasks\f25128c7-bbfe-4598-b1d8-0fd17d6e8375-1 => C:\Program Files\Browsers Apps -\Browsers Apps --codedownloader.exe <==== ATTENTION Task: {788239D0-5E3C-4089-9EE3-C5367895B28B} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files\globalUpdate\Update\GoogleUpdate.exe [2014-09-03] (globalUpdate) <==== ATTENTION Task: {7A709350-60B9-4591-B61B-2580565ECAD0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-01-24] (Google Inc.) Task: {8A8F676A-92F1-45C9-9729-A40E5A3C65F1} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft) Task: {92C81F91-BE25-4066-91CB-4100579C1613} - System32\Tasks\f25128c7-bbfe-4598-b1d8-0fd17d6e8375-3 => C:\Program Files\Browsers Apps -\f25128c7-bbfe-4598-b1d8-0fd17d6e8375-3.exe <==== ATTENTION Task: {B60431CF-BBE2-4EBE-9B4C-2A998108AE2F} - System32\Tasks\f25128c7-bbfe-4598-b1d8-0fd17d6e8375-7 => C:\Program Files\Browsers Apps -\f25128c7-bbfe-4598-b1d8-0fd17d6e8375-7.exe <==== ATTENTION Task: {C1F7D1B8-EFD9-4526-8930-F4983B5586EB} - System32\Tasks\f25128c7-bbfe-4598-b1d8-0fd17d6e8375-11 => C:\Program Files\Browsers Apps -\f25128c7-bbfe-4598-b1d8-0fd17d6e8375-11.exe <==== ATTENTION Task: {D0BD6414-F12F-442F-896F-C8005C5E9FD0} - System32\Tasks\update-S-1-5-21-943191095-2846990741-2943127497-1001 => C:\Program Files\Skillbrains\Updater\Updater.exe [2014-03-25] () Task: {D1EBA97C-223E-482C-BA1B-BFE26EB10296} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-943191095-2846990741-2943127497-1001Core => C:\Users\mario\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-09-02] (Facebook Inc.) Task: {D7CE95B5-D30E-461E-BDA7-0AB604C44D48} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-943191095-2846990741-2943127497-1001 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe Task: {D8F28C98-84ED-490E-848B-B998C299BD65} - System32\Tasks\f25128c7-bbfe-4598-b1d8-0fd17d6e8375-5_user => C:\Program Files\Browsers Apps -\f25128c7-bbfe-4598-b1d8-0fd17d6e8375-5.exe <==== ATTENTION Task: {E6A0B6EE-36B8-41DE-AEDC-4C8557796757} - System32\Tasks\f25128c7-bbfe-4598-b1d8-0fd17d6e8375-6 => C:\Program Files\Browsers Apps -\f25128c7-bbfe-4598-b1d8-0fd17d6e8375-6.exe <==== ATTENTION Task: {EFBF8436-50D1-404B-ADCF-71BDEBF3D84C} - System32\Tasks\{5B97EEF1-A9C5-4A44-AE4F-4B760011545E} => C:\Users\mario\Desktop\wichtig\OpenOffice.org 3.3 (de) Installation Files\java\jre-windows-i586.exe [2011-01-19] (Sun Microsystems, Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\f25128c7-bbfe-4598-b1d8-0fd17d6e8375-1.job => C:\Program Files\Browsers Apps -\Browsers Apps --codedownloader.exe <==== ATTENTION Task: C:\Windows\Tasks\f25128c7-bbfe-4598-b1d8-0fd17d6e8375-11.job => C:\Program Files\Browsers Apps -\f25128c7-bbfe-4598-b1d8-0fd17d6e8375-11.exe <==== ATTENTION Task: C:\Windows\Tasks\f25128c7-bbfe-4598-b1d8-0fd17d6e8375-3.job => C:\Program Files\Browsers Apps -\f25128c7-bbfe-4598-b1d8-0fd17d6e8375-3.exe <==== ATTENTION Task: C:\Windows\Tasks\f25128c7-bbfe-4598-b1d8-0fd17d6e8375-4.job => C:\Program Files\Browsers Apps -\f25128c7-bbfe-4598-b1d8-0fd17d6e8375-4.exe <==== ATTENTION Task: C:\Windows\Tasks\f25128c7-bbfe-4598-b1d8-0fd17d6e8375-5.job => C:\Program Files\Browsers Apps -\f25128c7-bbfe-4598-b1d8-0fd17d6e8375-5.exe <==== ATTENTION Task: C:\Windows\Tasks\f25128c7-bbfe-4598-b1d8-0fd17d6e8375-5_user.job => C:\Program Files\Browsers Apps -\f25128c7-bbfe-4598-b1d8-0fd17d6e8375-5.exe <==== ATTENTION Task: C:\Windows\Tasks\f25128c7-bbfe-4598-b1d8-0fd17d6e8375-6.job => C:\Program Files\Browsers Apps -\f25128c7-bbfe-4598-b1d8-0fd17d6e8375-6.exe <==== ATTENTION Task: C:\Windows\Tasks\f25128c7-bbfe-4598-b1d8-0fd17d6e8375-7.job => C:\Program Files\Browsers Apps -\f25128c7-bbfe-4598-b1d8-0fd17d6e8375-7.exe <==== ATTENTION Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-943191095-2846990741-2943127497-1001Core.job => C:\Users\mario\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-943191095-2846990741-2943127497-1001UA.job => C:\Users\mario\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\update-S-1-5-21-943191095-2846990741-2943127497-1001.job => C:\Program Files\Skillbrains\Updater\Updater.exe Task: C:\Windows\Tasks\update-sys.job => C:\Program Files\Skillbrains\Updater\Updater.exe ==================== Loaded Modules (whitelisted) ============= 2011-03-14 16:27 - 2011-03-14 16:27 - 00271712 _____ () C:\ProgramData\DatacardService\HWDeviceService.exe 2012-08-18 13:15 - 2012-08-18 13:14 - 00246112 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe 2012-08-18 13:15 - 2012-08-18 13:14 - 00011362 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\mingwm10.dll 2012-08-18 13:15 - 2012-08-18 13:14 - 00043008 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\libgcc_s_dw2-1.dll 2012-08-18 13:15 - 2012-08-18 13:14 - 02415104 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtCore4.dll 2012-08-18 13:15 - 2012-08-18 13:14 - 01148416 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtNetwork4.dll 2012-08-18 13:15 - 2012-08-18 13:14 - 00384512 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QueryStrategy.dll 2012-08-18 13:15 - 2012-08-18 13:14 - 00398336 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtXml4.dll 2001-01-01 05:01 - 2011-09-28 09:45 - 00885160 _____ () C:\Program Files\Ashampoo\Ashampoo WinOptimizer 8\LiveTunerService.exe 2012-12-18 18:57 - 2013-08-30 00:08 - 00088864 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll 2014-10-23 20:19 - 2014-10-23 20:19 - 00053248 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll 2014-11-13 17:55 - 2014-11-13 17:55 - 00098816 _____ () C:\Users\mario\AppData\Local\Temp\_MEI35082\win32api.pyd 2014-11-13 17:55 - 2014-11-13 17:55 - 00110080 _____ () C:\Users\mario\AppData\Local\Temp\_MEI35082\pywintypes27.dll 2014-11-13 17:55 - 2014-11-13 17:55 - 00364544 _____ () C:\Users\mario\AppData\Local\Temp\_MEI35082\pythoncom27.dll 2014-11-13 17:55 - 2014-11-13 17:55 - 00045568 _____ () C:\Users\mario\AppData\Local\Temp\_MEI35082\_socket.pyd 2014-11-13 17:55 - 2014-11-13 17:55 - 01160704 _____ () C:\Users\mario\AppData\Local\Temp\_MEI35082\_ssl.pyd 2014-11-13 17:55 - 2014-11-13 17:55 - 00320512 _____ () C:\Users\mario\AppData\Local\Temp\_MEI35082\win32com.shell.shell.pyd 2014-11-13 17:55 - 2014-11-13 17:55 - 00713216 _____ () C:\Users\mario\AppData\Local\Temp\_MEI35082\_hashlib.pyd 2014-11-13 17:55 - 2014-11-13 17:55 - 01175040 _____ () C:\Users\mario\AppData\Local\Temp\_MEI35082\wx._core_.pyd 2014-11-13 17:55 - 2014-11-13 17:55 - 00805888 _____ () C:\Users\mario\AppData\Local\Temp\_MEI35082\wx._gdi_.pyd 2014-11-13 17:55 - 2014-11-13 17:55 - 00811008 _____ () C:\Users\mario\AppData\Local\Temp\_MEI35082\wx._windows_.pyd 2014-11-13 17:55 - 2014-11-13 17:55 - 01062400 _____ () C:\Users\mario\AppData\Local\Temp\_MEI35082\wx._controls_.pyd 2014-11-13 17:55 - 2014-11-13 17:55 - 00735232 _____ () C:\Users\mario\AppData\Local\Temp\_MEI35082\wx._misc_.pyd 2014-11-13 17:55 - 2014-11-13 17:55 - 00128512 _____ () C:\Users\mario\AppData\Local\Temp\_MEI35082\_elementtree.pyd 2014-11-13 17:55 - 2014-11-13 17:55 - 00127488 _____ () C:\Users\mario\AppData\Local\Temp\_MEI35082\pyexpat.pyd 2014-11-13 17:55 - 2014-11-13 17:55 - 00557056 _____ () C:\Users\mario\AppData\Local\Temp\_MEI35082\pysqlite2._sqlite.pyd 2014-11-13 17:55 - 2014-11-13 17:55 - 00087552 _____ () C:\Users\mario\AppData\Local\Temp\_MEI35082\_ctypes.pyd 2014-11-13 17:55 - 2014-11-13 17:55 - 00119808 _____ () C:\Users\mario\AppData\Local\Temp\_MEI35082\win32file.pyd 2014-11-13 17:55 - 2014-11-13 17:55 - 00108544 _____ () C:\Users\mario\AppData\Local\Temp\_MEI35082\win32security.pyd 2014-11-13 17:55 - 2014-11-13 17:55 - 00007168 _____ () C:\Users\mario\AppData\Local\Temp\_MEI35082\hashobjs_ext.pyd 2014-11-13 17:55 - 2014-11-13 17:55 - 00167936 _____ () C:\Users\mario\AppData\Local\Temp\_MEI35082\win32gui.pyd 2014-11-13 17:55 - 2014-11-13 17:55 - 00018432 _____ () C:\Users\mario\AppData\Local\Temp\_MEI35082\win32event.pyd 2014-11-13 17:55 - 2014-11-13 17:55 - 00038912 _____ () C:\Users\mario\AppData\Local\Temp\_MEI35082\win32inet.pyd 2014-11-13 17:55 - 2014-11-13 17:55 - 00011264 _____ () C:\Users\mario\AppData\Local\Temp\_MEI35082\win32crypt.pyd 2014-11-13 17:55 - 2014-11-13 17:55 - 00070656 _____ () C:\Users\mario\AppData\Local\Temp\_MEI35082\wx._html2.pyd 2014-11-13 17:55 - 2014-11-13 17:55 - 00027136 _____ () C:\Users\mario\AppData\Local\Temp\_MEI35082\_multiprocessing.pyd 2014-11-13 17:55 - 2014-11-13 17:55 - 00035840 _____ () C:\Users\mario\AppData\Local\Temp\_MEI35082\win32process.pyd 2014-11-13 17:55 - 2014-11-13 17:55 - 00686080 _____ () C:\Users\mario\AppData\Local\Temp\_MEI35082\unicodedata.pyd 2014-11-13 17:55 - 2014-11-13 17:55 - 00122368 _____ () C:\Users\mario\AppData\Local\Temp\_MEI35082\wx._wizard.pyd 2014-11-13 17:55 - 2014-11-13 17:55 - 00024064 _____ () C:\Users\mario\AppData\Local\Temp\_MEI35082\win32pipe.pyd 2014-11-13 17:55 - 2014-11-13 17:55 - 00025600 _____ () C:\Users\mario\AppData\Local\Temp\_MEI35082\win32pdh.pyd 2014-11-13 17:55 - 2014-11-13 17:55 - 00525640 _____ () C:\Users\mario\AppData\Local\Temp\_MEI35082\windows._lib_cacheinvalidation.pyd 2014-11-13 17:55 - 2014-11-13 17:55 - 00010240 _____ () C:\Users\mario\AppData\Local\Temp\_MEI35082\select.pyd 2014-11-13 17:55 - 2014-11-13 17:55 - 00017408 _____ () C:\Users\mario\AppData\Local\Temp\_MEI35082\win32profile.pyd 2014-11-13 17:55 - 2014-11-13 17:55 - 00022528 _____ () C:\Users\mario\AppData\Local\Temp\_MEI35082\win32ts.pyd 2014-11-13 17:55 - 2014-11-13 17:55 - 00078336 _____ () C:\Users\mario\AppData\Local\Temp\_MEI35082\wx._animate.pyd 2014-11-13 17:56 - 2014-11-13 17:56 - 00043008 _____ () c:\users\mario\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmphzt_4y.dll 2013-08-23 20:01 - 2013-08-23 20:01 - 25100288 _____ () C:\Users\mario\AppData\Roaming\Dropbox\bin\libcef.dll 2012-08-10 16:51 - 2012-08-10 16:51 - 00985088 _____ () C:\Program Files\OpenOffice.org 3\program\libxml2.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ========================= Accounts: ========================== Administrator (S-1-5-21-943191095-2846990741-2943127497-500 - Administrator - Disabled) Gast (S-1-5-21-943191095-2846990741-2943127497-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-943191095-2846990741-2943127497-1008 - Limited - Enabled) mario (S-1-5-21-943191095-2846990741-2943127497-1001 - Administrator - Enabled) => C:\Users\mario UpdatusUser (S-1-5-21-943191095-2846990741-2943127497-1005 - Limited - Enabled) => C:\Users\UpdatusUser ==================== Faulty Device Manager Devices ============= Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (11/13/2014 05:58:40 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: iexplore.exe, Version: 11.0.9600.17420, Zeitstempel: 0x545ad233 Name des fehlerhaften Moduls: nvd3dum.dll, Version: 9.18.13.2702, Zeitstempel: 0x521fbdc1 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00697af3 ID des fehlerhaften Prozesses: 0x1524 Startzeit der fehlerhaften Anwendung: 0xiexplore.exe0 Pfad der fehlerhaften Anwendung: iexplore.exe1 Pfad des fehlerhaften Moduls: iexplore.exe2 Berichtskennung: iexplore.exe3 Error: (11/13/2014 06:30:26 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "RegSetValueExW(0x0000014c,SYSTEM\CurrentControlSet\Services\VSS\Diag\VssvcPublisher,0,REG_BINARY,01D9FAF0.64)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert . Error: (11/13/2014 06:30:26 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "RegSetValueExW(0x000009c4,(null),0,REG_BINARY,0498F170.64)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert . Vorgang: BackupShutdown-Ereignis Kontext: Ausführungskontext: Writer Generatorklassen-ID: {cd3f2362-8bef-46c7-9181-d62844cdc0b2} Generatorname: MSSearch Service Writer Generatorinstanz-ID: {cc3f4313-4eba-4fbf-8702-5ef03b72e175} Error: (11/13/2014 06:30:26 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "RegSetValueExW(0x000007d4,(null),0,REG_BINARY,018FEBF8.64)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert . Vorgang: BackupShutdown-Ereignis Kontext: Ausführungskontext: Writer Generatorklassen-ID: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0} Generatorname: WMI Writer Generatorinstanz-ID: {7f6105d1-3504-48e4-b88c-fcad8cfbfa7b} Error: (11/13/2014 06:30:26 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "RegSetValueExW(0x000004b0,(null),0,REG_BINARY,0309EA98.64)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert . Vorgang: BackupShutdown-Ereignis Kontext: Ausführungskontext: Writer Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220} Generatorname: System Writer Generatorinstanz-ID: {6c0a7c25-135f-468a-bd78-637ea44f3b1e} Error: (11/13/2014 06:30:26 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "RegSetValueExW(0x000007d4,(null),0,REG_BINARY,018FEBE4.64)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert . Vorgang: BackupShutdown-Ereignis Kontext: Ausführungskontext: Writer Generatorklassen-ID: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0} Generatorname: WMI Writer Generatorinstanz-ID: {7f6105d1-3504-48e4-b88c-fcad8cfbfa7b} Error: (11/13/2014 06:30:26 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "RegSetValueExW(0x000001f4,(null),0,REG_BINARY,0102F638.64)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert . Vorgang: BackupShutdown-Ereignis Kontext: Ausführungskontext: Writer Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f} Generatorname: Shadow Copy Optimization Writer Generatorinstanz-ID: {46240fb9-d5ee-44f5-ba12-3feda14c5a04} Error: (11/13/2014 06:30:26 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "RegSetValueExW(0x000009c4,(null),0,REG_BINARY,0498F15C.64)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert . Vorgang: BackupShutdown-Ereignis Kontext: Ausführungskontext: Writer Generatorklassen-ID: {cd3f2362-8bef-46c7-9181-d62844cdc0b2} Generatorname: MSSearch Service Writer Generatorinstanz-ID: {cc3f4313-4eba-4fbf-8702-5ef03b72e175} Error: (11/13/2014 06:30:26 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "RegSetValueExW(0x000004b0,(null),0,REG_BINARY,0309EA84.64)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert . Vorgang: BackupShutdown-Ereignis Kontext: Ausführungskontext: Writer Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220} Generatorname: System Writer Generatorinstanz-ID: {6c0a7c25-135f-468a-bd78-637ea44f3b1e} Error: (11/13/2014 06:30:26 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "RegSetValueExW(0x000001a8,(null),0,REG_BINARY,00DCF6B8.64)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert . Vorgang: BackupShutdown-Ereignis Kontext: Ausführungskontext: Writer Generatorklassen-ID: {afbab4a2-367d-4d15-a586-71dbb18f8485} Generatorname: Registry Writer Generatorinstanz-ID: {42e004be-5b65-46d4-81c4-14072086eed5} System errors: ============= Error: (11/13/2014 05:56:01 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC) Error: (11/13/2014 05:54:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Mobile Partner. OUC" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (11/13/2014 05:54:47 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Mobile Partner. OUC erreicht. Error: (11/13/2014 05:59:13 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} Error: (11/13/2014 05:57:30 PM) (Source: Service Control Manager) (EventID: 7024) (User: ) Description: Der Dienst "HitmanPro 3.7 Crusader (Boot)" wurde mit folgendem dienstspezifischem Fehler beendet: %%0. Error: (11/13/2014 05:54:12 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC) Error: (11/13/2014 05:53:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Mobile Partner. OUC" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (11/13/2014 05:53:22 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Mobile Partner. OUC erreicht. Error: (11/13/2014 06:29:56 PM) (Source: Service Control Manager) (EventID: 7006) (User: ) Description: Der Aufruf "ScRegSetValueExW" ist für "DeleteFlag" aufgrund folgenden Fehlers fehlgeschlagen: %%5 Error: (11/13/2014 06:29:56 PM) (Source: Service Control Manager) (EventID: 7006) (User: ) Description: Der Aufruf "ScRegSetValueExW" ist für "DeleteFlag" aufgrund folgenden Fehlers fehlgeschlagen: %%5 Microsoft Office Sessions: ========================= Error: (11/13/2014 05:58:40 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: iexplore.exe11.0.9600.17420545ad233nvd3dum.dll9.18.13.2702521fbdc1c000000500697af3152401cfff6322663768C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\nvd3dum.dll50cec5db-6b56-11e4-932c-00a0d1ad0be0 Error: (11/13/2014 06:30:26 PM) (Source: VSS) (EventID: 8193) (User: ) Description: RegSetValueExW(0x0000014c,SYSTEM\CurrentControlSet\Services\VSS\Diag\VssvcPublisher,0,REG_BINARY,01D9FAF0.64)0x80070005, Zugriff verweigert Error: (11/13/2014 06:30:26 PM) (Source: VSS) (EventID: 8193) (User: ) Description: RegSetValueExW(0x000009c4,(null),0,REG_BINARY,0498F170.64)0x80070005, Zugriff verweigert Vorgang: BackupShutdown-Ereignis Kontext: Ausführungskontext: Writer Generatorklassen-ID: {cd3f2362-8bef-46c7-9181-d62844cdc0b2} Generatorname: MSSearch Service Writer Generatorinstanz-ID: {cc3f4313-4eba-4fbf-8702-5ef03b72e175} Error: (11/13/2014 06:30:26 PM) (Source: VSS) (EventID: 8193) (User: ) Description: RegSetValueExW(0x000007d4,(null),0,REG_BINARY,018FEBF8.64)0x80070005, Zugriff verweigert Vorgang: BackupShutdown-Ereignis Kontext: Ausführungskontext: Writer Generatorklassen-ID: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0} Generatorname: WMI Writer Generatorinstanz-ID: {7f6105d1-3504-48e4-b88c-fcad8cfbfa7b} Error: (11/13/2014 06:30:26 PM) (Source: VSS) (EventID: 8193) (User: ) Description: RegSetValueExW(0x000004b0,(null),0,REG_BINARY,0309EA98.64)0x80070005, Zugriff verweigert Vorgang: BackupShutdown-Ereignis Kontext: Ausführungskontext: Writer Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220} Generatorname: System Writer Generatorinstanz-ID: {6c0a7c25-135f-468a-bd78-637ea44f3b1e} Error: (11/13/2014 06:30:26 PM) (Source: VSS) (EventID: 8193) (User: ) Description: RegSetValueExW(0x000007d4,(null),0,REG_BINARY,018FEBE4.64)0x80070005, Zugriff verweigert Vorgang: BackupShutdown-Ereignis Kontext: Ausführungskontext: Writer Generatorklassen-ID: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0} Generatorname: WMI Writer Generatorinstanz-ID: {7f6105d1-3504-48e4-b88c-fcad8cfbfa7b} Error: (11/13/2014 06:30:26 PM) (Source: VSS) (EventID: 8193) (User: ) Description: RegSetValueExW(0x000001f4,(null),0,REG_BINARY,0102F638.64)0x80070005, Zugriff verweigert Vorgang: BackupShutdown-Ereignis Kontext: Ausführungskontext: Writer Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f} Generatorname: Shadow Copy Optimization Writer Generatorinstanz-ID: {46240fb9-d5ee-44f5-ba12-3feda14c5a04} Error: (11/13/2014 06:30:26 PM) (Source: VSS) (EventID: 8193) (User: ) Description: RegSetValueExW(0x000009c4,(null),0,REG_BINARY,0498F15C.64)0x80070005, Zugriff verweigert Vorgang: BackupShutdown-Ereignis Kontext: Ausführungskontext: Writer Generatorklassen-ID: {cd3f2362-8bef-46c7-9181-d62844cdc0b2} Generatorname: MSSearch Service Writer Generatorinstanz-ID: {cc3f4313-4eba-4fbf-8702-5ef03b72e175} Error: (11/13/2014 06:30:26 PM) (Source: VSS) (EventID: 8193) (User: ) Description: RegSetValueExW(0x000004b0,(null),0,REG_BINARY,0309EA84.64)0x80070005, Zugriff verweigert Vorgang: BackupShutdown-Ereignis Kontext: Ausführungskontext: Writer Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220} Generatorname: System Writer Generatorinstanz-ID: {6c0a7c25-135f-468a-bd78-637ea44f3b1e} Error: (11/13/2014 06:30:26 PM) (Source: VSS) (EventID: 8193) (User: ) Description: RegSetValueExW(0x000001a8,(null),0,REG_BINARY,00DCF6B8.64)0x80070005, Zugriff verweigert Vorgang: BackupShutdown-Ereignis Kontext: Ausführungskontext: Writer Generatorklassen-ID: {afbab4a2-367d-4d15-a586-71dbb18f8485} Generatorname: Registry Writer Generatorinstanz-ID: {42e004be-5b65-46d4-81c4-14072086eed5} CodeIntegrity Errors: =================================== Date: 2014-01-24 21:39:55.566 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-01-09 19:41:39.944 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-01-09 19:41:21.676 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-01-09 19:43:05.386 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-01-09 19:42:17.164 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. ==================== Memory info =========================== Processor: Intel(R) Core(TM)2 Duo CPU P8400 @ 2.26GHz Percentage of memory in use: 48% Total physical RAM: 3068.96 MB Available physical RAM: 1583.61 MB Total Pagefile: 6136.22 MB Available Pagefile: 4220.81 MB Total Virtual: 2047.88 MB Available Virtual: 1906.34 MB ==================== Drives ================================ Drive c: (ACER) (Fixed) (Total:465.76 GB) (Free:231.42 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: (DVDVolume) (CDROM) (Total:4.01 GB) (Free:0 GB) UDF ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 4EBF5754) Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS) ==================== End Of Log ============================ |
|
16.11.2014, 12:36
| #2 | |
| /// TB-Ausbilder   | Frst und addition logfiles Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen. Bitte beachte folgende Hinweise:
Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:  So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
Danke für deine Mitarbeit! Zukünftig bitte beachten: Zitat:
Bitte alle Tools direkt auf den Desktop downloaden bzw. dorthin verschieben und vom Desktop starten, da unsere Anleitungen daraufhin ausgelegt sind. Zudem lassen sich dann am Ende der Bereinigung alle verwendeten Tools sehr einfach entfernen. Alle Tools bis zum Ende der Bereinigung auf dem Desktop lassen, evtl. benötigen wir manche öfter.
|
|
16.11.2014, 14:24
| #3 |
| | Frst und addition logfiles FRST Additions Logfile:
__________________Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-11-2014 01
Ran by mario at 2014-11-13 18:36:56
Running from C:\Users\mario\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Acer Updater (HKLM\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3502 - Acer Incorporated)
Adobe Digital Editions (HKLM\...\Digital Editions) (Version: - )
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM\...\Adobe Shockwave Player) (Version: 11.6.3.633 - Adobe Systems, Inc.)
AnalogX Vocal Remover (HKLM\...\AnalogX Vocal Remover) (Version: - AnalogX)
Ashampoo WinOptimizer 8 v.8.13 (HKLM\...\Ashampoo WinOptimizer 8_is1) (Version: 8.1.3 - Ashampoo GmbH & Co. KG)
Avira (HKLM\...\{9480d4af-12b9-4e56-8034-4031ef6ab39d}) (Version: 1.1.25.25607 - Avira Operations GmbH & Co. KG)
Avira (Version: 1.1.25.25607 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.7.306 - Avira)
Avira System Speedup (HKLM\...\AviraSpeedup) (Version: 1.3.1.9970 - Avira System Speedup)
BtwMfcMM (HKLM\...\{D5B46D30-F054-4C64-9C0F-97C8451E7D04}) (Version: 6.00.0000 - Broadcom Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 4.19 - Piriform)
Cinergy XS Series V5.09.0304.00a (HKLM\...\Cinergy XS Series) (Version: 5.09.0304.00a - )
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DivX-Setup (HKLM\...\DivX Setup) (Version: 2.6.1.3 - DivX, LLC)
DVBViewer TERRATEC Edition (HKLM\...\DVBViewer TERRATEC Edition_is1) (Version: - CM&V)
DVDVideoSoftTB Toolbar for IE (HKLM\...\IECT2269050) (Version: 6.20.0.10 - DVDVideoSoftTB)
Epson Easy Photo Print 2 (HKLM\...\{30E01116-5666-4807-8EF1-D80E9FF16717}) (Version: 2.3.2.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION2)
EPSON Scan (HKLM\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
EPSON SX420W Series Printer Uninstall (HKLM\...\EPSON SX420W Series) (Version: - SEIKO EPSON Corporation)
EpsonNet Print (HKLM\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.4j - SEIKO EPSON CORPORATION)
Facebook Video Calling 3.1.0.521 (HKLM\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Fotogalerie (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Free Studio version 5.3.2 (HKLM\...\Free Studio_is1) (Version: - DVDVideoSoft Ltd.)
Free Video to Samsung Phones Converter version 5.0.20.1031 (HKLM\...\Free Video to Samsung Phones Converter_is1) (Version: 5.0.20.1031 - DVDVideoSoft Ltd.)
Free YouTube Download version 3.1.39.1015 (HKLM\...\Free YouTube Download_is1) (Version: 3.1.39.1015 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.20.1230 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.20.1230 - DVDVideoSoft Ltd.)
Google Chrome (HKLM\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Drive (HKLM\...\{C60F3836-333A-4AE2-B526-CFDBA143A9BA}) (Version: 1.18.7821.2489 - Google, Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.232 - SurfRight B.V.)
Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java 8 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Junk Mail filter update (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
KaraFun 1.18 (HKLM\...\KaraFun_is1) (Version: - Recisio)
KaraokeMedia Home PC (Version: 1.0.0 - ECLIPSE PRODUCCIONES S.L) Hidden
K-Lite Codec Pack 6.1.0 (Full) (HKLM\...\KLiteCodecPack_is1) (Version: 6.1.0 - )
Lightshot-5.1.4.17 (HKLM\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.1.4.17 - Skillbrains)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Camera Codec Pack (HKLM\...\{908C5B2E-D684-425E-A54D-FE77D5C5A076}) (Version: 16.4.1970.0624 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)
Mobile Partner (HKLM\...\Mobile Partner) (Version: 21.003.25.02.51 - Huawei Technologies Co.,Ltd)
Movie Maker (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 33.1 (x86 de) (HKLM\...\Mozilla Firefox 33.1 (x86 de)) (Version: 33.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 33.0.2 - Mozilla)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (Version: 16.4.1108.0727 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
NVIDIA Grafiktreiber 327.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.02 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.26.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.26.4 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Update 1.14.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.14.17 - NVIDIA Corporation)
OpenOffice.org 3.4.1 (HKLM\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
PC Connectivity Solution (HKLM\...\{AC599724-5755-48C1-ABE7-ABB857652930}) (Version: 8.15.0.0 - Nokia)
Photo Common (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Photo Gallery (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Photomizer (HKLM\...\{A00F8237-F496-44D2-0001-E3CCF8CD58AE}) (Version: 1.0.10.0827 - Engelmann Media GmbH)
PMB (HKLM\...\{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}) (Version: 5.8.02.10270 - Sony Corporation)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5983 - Realtek Semiconductor Corp.)
RMPrepUSB (HKLM\...\RMPrepUSB) (Version: - )
Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.2.14014_6 - Samsung Electronics Co., Ltd.)
Samsung Kies (Version: 2.6.2.14014_6 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies3 (HKLM\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.14055.3 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (Version: 3.2.14055.3 - Samsung Electronics Co., Ltd.) Hidden
Samsung Mobile phone USB driver Drive Software (HKLM\...\Samsung Mobile phone USB driver Drive) (Version: - )
Samsung New PC Studio (HKLM\...\InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}) (Version: 1.00.0000 - Samsung Electronics Co., Ltd.)
Samsung New PC Studio (Version: 1.00.0000 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.43.0 - SAMSUNG Electronics Co., Ltd.)
SamsungConnectivityCableDriver (HKLM\...\{7E84FAC8-C518-40F9-9807-7455301D6D25}) (Version: 6.83.6.2.1 - Samsung)
Skype™ 6.3 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.3.105 - Skype Technologies S.A.)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Requirements Lab (HKLM\...\SystemRequirementsLab) (Version: - )
TomTom HOME (HKLM\...\{99072AB4-D795-44D5-9D65-E3C9F8322C97}) (Version: 2.9.7 - Ihr Firmenname)
TomTom HOME Visual Studio Merge Modules (HKLM\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
vanBasco's Karaoke Player (HKLM\...\VMidi) (Version: - )
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
WEB.DE Desktop Icons (HKLM\...\1&1 Mail & Media GmbH 1und1DesktopIconsInstaller) (Version: 3.0.3.0 - 1&1 Mail & Media GmbH)
WEB.DE MailCheck für Internet Explorer (HKLM\...\1&1 Mail & Media GmbH Toolbar IE8) (Version: 2.5.1.0 - 1&1 Mail & Media GmbH)
WEB.DE Softwareaktualisierung (HKLM\...\1&1 Mail & Media GmbH 1und1Softwareaktualisierung) (Version: 3.0.0.55 - 1&1 Mail & Media GmbH)
WIDCOMM Bluetooth Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.0.9700 - Broadcom Corporation)
Winamp (HKLM\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-943191095-2846990741-2943127497-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\mario\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-943191095-2846990741-2943127497-1001_Classes\CLSID\{1FD1FE74-9E3C-4C1C-AEEB-AAB592AD770F}\localserver32 -> C:\Users\mario\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-943191095-2846990741-2943127497-1001_Classes\CLSID\{55cbb4a1-515f-5947-9e5e-931ec3e954ea}\InprocServer32 -> C:\Users\mario\AppData\Local\PagePlace\npPagePlaceStarter.dll (Deutsche Telekom AG)
CustomCLSID: HKU\S-1-5-21-943191095-2846990741-2943127497-1001_Classes\CLSID\{5E71E4F3-E8C7-4906-9626-973E418762B6}\InprocServer32 -> C:\Users\mario\AppData\Local\Facebook\Update\1.2.205.0\goopdate.dll (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-943191095-2846990741-2943127497-1001_Classes\CLSID\{7B37E4E2-C62F-4914-9620-8FB5062718CC}\localserver32 -> C:\Users\mario\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-943191095-2846990741-2943127497-1001_Classes\CLSID\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}\InprocServer32 -> C:\Users\mario\AppData\LocalLow\DVDVideoSoftTB\prxtbDVDV.dll (ClientConnect Ltd.)
CustomCLSID: HKU\S-1-5-21-943191095-2846990741-2943127497-1001_Classes\CLSID\{8B9F5BF4-0407-4BB2-9FED-4C0372DABD00}\localserver32 -> C:\Users\mario\AppData\Local\Facebook\Video\Skype\FacebookVideoCallingProxy.exe (Skype Limited)
CustomCLSID: HKU\S-1-5-21-943191095-2846990741-2943127497-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\mario\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-943191095-2846990741-2943127497-1001_Classes\CLSID\{AB807329-7324-431B-8B36-DBD581F56E0B}\localserver32 -> C:\Users\mario\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-943191095-2846990741-2943127497-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\mario\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-943191095-2846990741-2943127497-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\mario\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-943191095-2846990741-2943127497-1001_Classes\CLSID\{CBE9C57E-FFA9-4123-8354-AD360D6DD3CC}\InprocServer32 -> C:\Users\mario\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CustomCLSID: HKU\S-1-5-21-943191095-2846990741-2943127497-1001_Classes\CLSID\{D3F69D07-0AEE-47AF-87D0-1A67D4F70C68}\InprocServer32 -> C:\Users\mario\AppData\LocalLow\DVDVideoSoftTB\prxtbDVDV.dll (ClientConnect Ltd.)
CustomCLSID: HKU\S-1-5-21-943191095-2846990741-2943127497-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\mario\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-943191095-2846990741-2943127497-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\mario\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\FileSyncApi.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-943191095-2846990741-2943127497-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\mario\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-943191095-2846990741-2943127497-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\mario\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-943191095-2846990741-2943127497-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\mario\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-943191095-2846990741-2943127497-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\mario\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-943191095-2846990741-2943127497-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\mario\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-943191095-2846990741-2943127497-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\mario\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-943191095-2846990741-2943127497-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\mario\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-943191095-2846990741-2943127497-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\mario\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
==================== Restore Points =========================
20-10-2014 17:24:52 Windows Update
13-11-2014 16:58:05 Windows Update
13-11-2014 17:11:32 Prüfpunkt von HitmanPro
13-11-2014 17:28:07 Prüfpunkt von HitmanPro
13-11-2014 17:29:35 Prüfpunkt von HitmanPro
13-11-2014 17:35:28 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {03CB802F-112B-49F3-87DB-868B62B43716} - System32\Tasks\f25128c7-bbfe-4598-b1d8-0fd17d6e8375-4 => C:\Program Files\Browsers Apps -\f25128c7-bbfe-4598-b1d8-0fd17d6e8375-4.exe <==== ATTENTION
Task: {082530D3-26DA-42B3-96CB-6F6842A4AB66} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {12758D70-1112-415E-8C53-061DDA7066D5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-01-24] (Google Inc.)
Task: {1AE3379E-7DC5-4FB8-BD37-57D955021049} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-943191095-2846990741-2943127497-1001UA => C:\Users\mario\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-09-02] (Facebook Inc.)
Task: {1DD25F6A-C164-4FAE-B82F-68B9922D3CA0} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files\globalUpdate\Update\GoogleUpdate.exe [2014-09-03] (globalUpdate) <==== ATTENTION
Task: {23225D99-23E9-4883-8B96-7D892214EFC7} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {28D377D4-0EDD-4B6C-895D-F486311630C6} - System32\Tasks\VisualBeeRecovery => C:\Users\mario\AppData\Local\VisualBeeExe\VisualBeeRecovery.exe [2012-03-14] () <==== ATTENTION
Task: {2A58B47A-EA43-4758-9D74-A3627E22DBCA} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-943191095-2846990741-2943127497-1001 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {2CEC042C-FB6F-4980-AF79-C31880B2D054} - System32\Tasks\AviraSpeedup => C:\Program Files\Avira\AviraSpeedup\avira_system_speedup.exe [2014-10-03] (Avira)
Task: {32007FB4-69E9-4260-8717-653C6A7C9CB0} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {33F3912B-B39F-437F-8007-92C30BCDBD78} - System32\Tasks\{554D785F-1C63-4CC7-90FF-EA80F1D498A6} => C:\Users\mario\Desktop\wichtig\OpenOffice.org 3.3 (de) Installation Files\java\jre-windows-i586.exe [2011-01-19] (Sun Microsystems, Inc.)
Task: {3F40672C-8952-433E-A489-CC0B423DBAB6} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-10-23] (Piriform Ltd)
Task: {458797B4-917C-4936-A94F-72AAFEA7DA2C} - System32\Tasks\update-sys => C:\Program Files\Skillbrains\Updater\Updater.exe [2014-03-25] ()
Task: {5423B9D1-D22C-44A4-8EC4-F43EAD894DA2} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {564DE98C-ED8F-43C7-9913-94D891948E88} - System32\Tasks\f25128c7-bbfe-4598-b1d8-0fd17d6e8375-5 => C:\Program Files\Browsers Apps -\f25128c7-bbfe-4598-b1d8-0fd17d6e8375-5.exe <==== ATTENTION
Task: {6F4B03CE-18C9-4472-A441-8B1678289726} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-13] (Adobe Systems Incorporated)
Task: {7588A398-1D8B-4835-ACCB-13CD95AB0395} - System32\Tasks\Registration 1und1 Task => C:\Program Files\1und1Softwareaktualisierung\cdsupdclient.exe [2013-06-18] (1&1 Mail & Media GmbH)
Task: {77F73005-7BA9-4A2D-96FE-FADAA67DC60A} - System32\Tasks\f25128c7-bbfe-4598-b1d8-0fd17d6e8375-1 => C:\Program Files\Browsers Apps -\Browsers Apps --codedownloader.exe <==== ATTENTION
Task: {788239D0-5E3C-4089-9EE3-C5367895B28B} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files\globalUpdate\Update\GoogleUpdate.exe [2014-09-03] (globalUpdate) <==== ATTENTION
Task: {7A709350-60B9-4591-B61B-2580565ECAD0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-01-24] (Google Inc.)
Task: {8A8F676A-92F1-45C9-9729-A40E5A3C65F1} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft)
Task: {92C81F91-BE25-4066-91CB-4100579C1613} - System32\Tasks\f25128c7-bbfe-4598-b1d8-0fd17d6e8375-3 => C:\Program Files\Browsers Apps -\f25128c7-bbfe-4598-b1d8-0fd17d6e8375-3.exe <==== ATTENTION
Task: {B60431CF-BBE2-4EBE-9B4C-2A998108AE2F} - System32\Tasks\f25128c7-bbfe-4598-b1d8-0fd17d6e8375-7 => C:\Program Files\Browsers Apps -\f25128c7-bbfe-4598-b1d8-0fd17d6e8375-7.exe <==== ATTENTION
Task: {C1F7D1B8-EFD9-4526-8930-F4983B5586EB} - System32\Tasks\f25128c7-bbfe-4598-b1d8-0fd17d6e8375-11 => C:\Program Files\Browsers Apps -\f25128c7-bbfe-4598-b1d8-0fd17d6e8375-11.exe <==== ATTENTION
Task: {D0BD6414-F12F-442F-896F-C8005C5E9FD0} - System32\Tasks\update-S-1-5-21-943191095-2846990741-2943127497-1001 => C:\Program Files\Skillbrains\Updater\Updater.exe [2014-03-25] ()
Task: {D1EBA97C-223E-482C-BA1B-BFE26EB10296} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-943191095-2846990741-2943127497-1001Core => C:\Users\mario\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-09-02] (Facebook Inc.)
Task: {D7CE95B5-D30E-461E-BDA7-0AB604C44D48} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-943191095-2846990741-2943127497-1001 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {D8F28C98-84ED-490E-848B-B998C299BD65} - System32\Tasks\f25128c7-bbfe-4598-b1d8-0fd17d6e8375-5_user => C:\Program Files\Browsers Apps -\f25128c7-bbfe-4598-b1d8-0fd17d6e8375-5.exe <==== ATTENTION
Task: {E6A0B6EE-36B8-41DE-AEDC-4C8557796757} - System32\Tasks\f25128c7-bbfe-4598-b1d8-0fd17d6e8375-6 => C:\Program Files\Browsers Apps -\f25128c7-bbfe-4598-b1d8-0fd17d6e8375-6.exe <==== ATTENTION
Task: {EFBF8436-50D1-404B-ADCF-71BDEBF3D84C} - System32\Tasks\{5B97EEF1-A9C5-4A44-AE4F-4B760011545E} => C:\Users\mario\Desktop\wichtig\OpenOffice.org 3.3 (de) Installation Files\java\jre-windows-i586.exe [2011-01-19] (Sun Microsystems, Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\f25128c7-bbfe-4598-b1d8-0fd17d6e8375-1.job => C:\Program Files\Browsers Apps -\Browsers Apps --codedownloader.exe <==== ATTENTION
Task: C:\Windows\Tasks\f25128c7-bbfe-4598-b1d8-0fd17d6e8375-11.job => C:\Program Files\Browsers Apps -\f25128c7-bbfe-4598-b1d8-0fd17d6e8375-11.exe <==== ATTENTION
Task: C:\Windows\Tasks\f25128c7-bbfe-4598-b1d8-0fd17d6e8375-3.job => C:\Program Files\Browsers Apps -\f25128c7-bbfe-4598-b1d8-0fd17d6e8375-3.exe <==== ATTENTION
Task: C:\Windows\Tasks\f25128c7-bbfe-4598-b1d8-0fd17d6e8375-4.job => C:\Program Files\Browsers Apps -\f25128c7-bbfe-4598-b1d8-0fd17d6e8375-4.exe <==== ATTENTION
Task: C:\Windows\Tasks\f25128c7-bbfe-4598-b1d8-0fd17d6e8375-5.job => C:\Program Files\Browsers Apps -\f25128c7-bbfe-4598-b1d8-0fd17d6e8375-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\f25128c7-bbfe-4598-b1d8-0fd17d6e8375-5_user.job => C:\Program Files\Browsers Apps -\f25128c7-bbfe-4598-b1d8-0fd17d6e8375-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\f25128c7-bbfe-4598-b1d8-0fd17d6e8375-6.job => C:\Program Files\Browsers Apps -\f25128c7-bbfe-4598-b1d8-0fd17d6e8375-6.exe <==== ATTENTION
Task: C:\Windows\Tasks\f25128c7-bbfe-4598-b1d8-0fd17d6e8375-7.job => C:\Program Files\Browsers Apps -\f25128c7-bbfe-4598-b1d8-0fd17d6e8375-7.exe <==== ATTENTION
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-943191095-2846990741-2943127497-1001Core.job => C:\Users\mario\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-943191095-2846990741-2943127497-1001UA.job => C:\Users\mario\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\update-S-1-5-21-943191095-2846990741-2943127497-1001.job => C:\Program Files\Skillbrains\Updater\Updater.exe
Task: C:\Windows\Tasks\update-sys.job => C:\Program Files\Skillbrains\Updater\Updater.exe
==================== Loaded Modules (whitelisted) =============
2011-03-14 16:27 - 2011-03-14 16:27 - 00271712 _____ () C:\ProgramData\DatacardService\HWDeviceService.exe
2012-08-18 13:15 - 2012-08-18 13:14 - 00246112 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
2012-08-18 13:15 - 2012-08-18 13:14 - 00011362 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\mingwm10.dll
2012-08-18 13:15 - 2012-08-18 13:14 - 00043008 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\libgcc_s_dw2-1.dll
2012-08-18 13:15 - 2012-08-18 13:14 - 02415104 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtCore4.dll
2012-08-18 13:15 - 2012-08-18 13:14 - 01148416 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtNetwork4.dll
2012-08-18 13:15 - 2012-08-18 13:14 - 00384512 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QueryStrategy.dll
2012-08-18 13:15 - 2012-08-18 13:14 - 00398336 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtXml4.dll
2001-01-01 05:01 - 2011-09-28 09:45 - 00885160 _____ () C:\Program Files\Ashampoo\Ashampoo WinOptimizer 8\LiveTunerService.exe
2012-12-18 18:57 - 2013-08-30 00:08 - 00088864 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2014-11-13 17:55 - 2014-11-13 17:55 - 00098816 _____ () C:\Users\mario\AppData\Local\Temp\_MEI35082\win32api.pyd
2014-11-13 17:55 - 2014-11-13 17:55 - 00110080 _____ () C:\Users\mario\AppData\Local\Temp\_MEI35082\pywintypes27.dll
2014-11-13 17:55 - 2014-11-13 17:55 - 00364544 _____ () C:\Users\mario\AppData\Local\Temp\_MEI35082\pythoncom27.dll
2014-11-13 17:55 - 2014-11-13 17:55 - 00045568 _____ () C:\Users\mario\AppData\Local\Temp\_MEI35082\_socket.pyd
2014-11-13 17:55 - 2014-11-13 17:55 - 01160704 _____ () C:\Users\mario\AppData\Local\Temp\_MEI35082\_ssl.pyd
2014-11-13 17:55 - 2014-11-13 17:55 - 00320512 _____ () C:\Users\mario\AppData\Local\Temp\_MEI35082\win32com.shell.shell.pyd
2014-11-13 17:55 - 2014-11-13 17:55 - 00713216 _____ () C:\Users\mario\AppData\Local\Temp\_MEI35082\_hashlib.pyd
2014-11-13 17:55 - 2014-11-13 17:55 - 01175040 _____ () C:\Users\mario\AppData\Local\Temp\_MEI35082\wx._core_.pyd
2014-11-13 17:55 - 2014-11-13 17:55 - 00805888 _____ () C:\Users\mario\AppData\Local\Temp\_MEI35082\wx._gdi_.pyd
2014-11-13 17:55 - 2014-11-13 17:55 - 00811008 _____ () C:\Users\mario\AppData\Local\Temp\_MEI35082\wx._windows_.pyd
2014-11-13 17:55 - 2014-11-13 17:55 - 01062400 _____ () C:\Users\mario\AppData\Local\Temp\_MEI35082\wx._controls_.pyd
2014-11-13 17:55 - 2014-11-13 17:55 - 00735232 _____ () C:\Users\mario\AppData\Local\Temp\_MEI35082\wx._misc_.pyd
2014-11-13 17:55 - 2014-11-13 17:55 - 00128512 _____ () C:\Users\mario\AppData\Local\Temp\_MEI35082\_elementtree.pyd
2014-11-13 17:55 - 2014-11-13 17:55 - 00127488 _____ () C:\Users\mario\AppData\Local\Temp\_MEI35082\pyexpat.pyd
2014-11-13 17:55 - 2014-11-13 17:55 - 00557056 _____ () C:\Users\mario\AppData\Local\Temp\_MEI35082\pysqlite2._sqlite.pyd
2014-11-13 17:55 - 2014-11-13 17:55 - 00087552 _____ () C:\Users\mario\AppData\Local\Temp\_MEI35082\_ctypes.pyd
2014-11-13 17:55 - 2014-11-13 17:55 - 00119808 _____ () C:\Users\mario\AppData\Local\Temp\_MEI35082\win32file.pyd
2014-11-13 17:55 - 2014-11-13 17:55 - 00108544 _____ () C:\Users\mario\AppData\Local\Temp\_MEI35082\win32security.pyd
2014-11-13 17:55 - 2014-11-13 17:55 - 00007168 _____ () C:\Users\mario\AppData\Local\Temp\_MEI35082\hashobjs_ext.pyd
2014-11-13 17:55 - 2014-11-13 17:55 - 00167936 _____ () C:\Users\mario\AppData\Local\Temp\_MEI35082\win32gui.pyd
2014-11-13 17:55 - 2014-11-13 17:55 - 00018432 _____ () C:\Users\mario\AppData\Local\Temp\_MEI35082\win32event.pyd
2014-11-13 17:55 - 2014-11-13 17:55 - 00038912 _____ () C:\Users\mario\AppData\Local\Temp\_MEI35082\win32inet.pyd
2014-11-13 17:55 - 2014-11-13 17:55 - 00011264 _____ () C:\Users\mario\AppData\Local\Temp\_MEI35082\win32crypt.pyd
2014-11-13 17:55 - 2014-11-13 17:55 - 00070656 _____ () C:\Users\mario\AppData\Local\Temp\_MEI35082\wx._html2.pyd
2014-11-13 17:55 - 2014-11-13 17:55 - 00027136 _____ () C:\Users\mario\AppData\Local\Temp\_MEI35082\_multiprocessing.pyd
2014-11-13 17:55 - 2014-11-13 17:55 - 00035840 _____ () C:\Users\mario\AppData\Local\Temp\_MEI35082\win32process.pyd
2014-11-13 17:55 - 2014-11-13 17:55 - 00686080 _____ () C:\Users\mario\AppData\Local\Temp\_MEI35082\unicodedata.pyd
2014-11-13 17:55 - 2014-11-13 17:55 - 00122368 _____ () C:\Users\mario\AppData\Local\Temp\_MEI35082\wx._wizard.pyd
2014-11-13 17:55 - 2014-11-13 17:55 - 00024064 _____ () C:\Users\mario\AppData\Local\Temp\_MEI35082\win32pipe.pyd
2014-11-13 17:55 - 2014-11-13 17:55 - 00025600 _____ () C:\Users\mario\AppData\Local\Temp\_MEI35082\win32pdh.pyd
2014-11-13 17:55 - 2014-11-13 17:55 - 00525640 _____ () C:\Users\mario\AppData\Local\Temp\_MEI35082\windows._lib_cacheinvalidation.pyd
2014-11-13 17:55 - 2014-11-13 17:55 - 00010240 _____ () C:\Users\mario\AppData\Local\Temp\_MEI35082\select.pyd
2014-11-13 17:55 - 2014-11-13 17:55 - 00017408 _____ () C:\Users\mario\AppData\Local\Temp\_MEI35082\win32profile.pyd
2014-11-13 17:55 - 2014-11-13 17:55 - 00022528 _____ () C:\Users\mario\AppData\Local\Temp\_MEI35082\win32ts.pyd
2014-11-13 17:55 - 2014-11-13 17:55 - 00078336 _____ () C:\Users\mario\AppData\Local\Temp\_MEI35082\wx._animate.pyd
2014-11-13 17:56 - 2014-11-13 17:56 - 00043008 _____ () c:\users\mario\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmphzt_4y.dll
2013-08-23 20:01 - 2013-08-23 20:01 - 25100288 _____ () C:\Users\mario\AppData\Roaming\Dropbox\bin\libcef.dll
2012-08-10 16:51 - 2012-08-10 16:51 - 00985088 _____ () C:\Program Files\OpenOffice.org 3\program\libxml2.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
========================= Accounts: ==========================
Administrator (S-1-5-21-943191095-2846990741-2943127497-500 - Administrator - Disabled)
Gast (S-1-5-21-943191095-2846990741-2943127497-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-943191095-2846990741-2943127497-1008 - Limited - Enabled)
mario (S-1-5-21-943191095-2846990741-2943127497-1001 - Administrator - Enabled) => C:\Users\mario
UpdatusUser (S-1-5-21-943191095-2846990741-2943127497-1005 - Limited - Enabled) => C:\Users\UpdatusUser
==================== Faulty Device Manager Devices =============
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (11/13/2014 06:42:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Gmer-19357.exe, Version: 2.1.19357.0, Zeitstempel: 0x52e7ea83
Name des fehlerhaften Moduls: Gmer-19357.exe, Version: 2.1.19357.0, Zeitstempel: 0x52e7ea83
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00012298
ID des fehlerhaften Prozesses: 0xb88
Startzeit der fehlerhaften Anwendung: 0xGmer-19357.exe0
Pfad der fehlerhaften Anwendung: Gmer-19357.exe1
Pfad des fehlerhaften Moduls: Gmer-19357.exe2
Berichtskennung: Gmer-19357.exe3
Error: (11/13/2014 05:58:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: iexplore.exe, Version: 11.0.9600.17420, Zeitstempel: 0x545ad233
Name des fehlerhaften Moduls: nvd3dum.dll, Version: 9.18.13.2702, Zeitstempel: 0x521fbdc1
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00697af3
ID des fehlerhaften Prozesses: 0x1524
Startzeit der fehlerhaften Anwendung: 0xiexplore.exe0
Pfad der fehlerhaften Anwendung: iexplore.exe1
Pfad des fehlerhaften Moduls: iexplore.exe2
Berichtskennung: iexplore.exe3
Error: (11/13/2014 06:30:26 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "RegSetValueExW(0x0000014c,SYSTEM\CurrentControlSet\Services\VSS\Diag\VssvcPublisher,0,REG_BINARY,01D9FAF0.64)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Error: (11/13/2014 06:30:26 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "RegSetValueExW(0x000009c4,(null),0,REG_BINARY,0498F170.64)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Vorgang:
BackupShutdown-Ereignis
Kontext:
Ausführungskontext: Writer
Generatorklassen-ID: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
Generatorname: MSSearch Service Writer
Generatorinstanz-ID: {cc3f4313-4eba-4fbf-8702-5ef03b72e175}
Error: (11/13/2014 06:30:26 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "RegSetValueExW(0x000007d4,(null),0,REG_BINARY,018FEBF8.64)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Vorgang:
BackupShutdown-Ereignis
Kontext:
Ausführungskontext: Writer
Generatorklassen-ID: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
Generatorname: WMI Writer
Generatorinstanz-ID: {7f6105d1-3504-48e4-b88c-fcad8cfbfa7b}
Error: (11/13/2014 06:30:26 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "RegSetValueExW(0x000004b0,(null),0,REG_BINARY,0309EA98.64)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Vorgang:
BackupShutdown-Ereignis
Kontext:
Ausführungskontext: Writer
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {6c0a7c25-135f-468a-bd78-637ea44f3b1e}
Error: (11/13/2014 06:30:26 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "RegSetValueExW(0x000007d4,(null),0,REG_BINARY,018FEBE4.64)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Vorgang:
BackupShutdown-Ereignis
Kontext:
Ausführungskontext: Writer
Generatorklassen-ID: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
Generatorname: WMI Writer
Generatorinstanz-ID: {7f6105d1-3504-48e4-b88c-fcad8cfbfa7b}
Error: (11/13/2014 06:30:26 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "RegSetValueExW(0x000001f4,(null),0,REG_BINARY,0102F638.64)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Vorgang:
BackupShutdown-Ereignis
Kontext:
Ausführungskontext: Writer
Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Generatorname: Shadow Copy Optimization Writer
Generatorinstanz-ID: {46240fb9-d5ee-44f5-ba12-3feda14c5a04}
Error: (11/13/2014 06:30:26 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "RegSetValueExW(0x000009c4,(null),0,REG_BINARY,0498F15C.64)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Vorgang:
BackupShutdown-Ereignis
Kontext:
Ausführungskontext: Writer
Generatorklassen-ID: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
Generatorname: MSSearch Service Writer
Generatorinstanz-ID: {cc3f4313-4eba-4fbf-8702-5ef03b72e175}
Error: (11/13/2014 06:30:26 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "RegSetValueExW(0x000004b0,(null),0,REG_BINARY,0309EA84.64)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Vorgang:
BackupShutdown-Ereignis
Kontext:
Ausführungskontext: Writer
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {6c0a7c25-135f-468a-bd78-637ea44f3b1e}
System errors:
=============
Error: (11/13/2014 06:42:50 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0
Error: (11/13/2014 05:56:01 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (11/13/2014 05:54:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Mobile Partner. OUC" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (11/13/2014 05:54:47 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Mobile Partner. OUC erreicht.
Error: (11/13/2014 05:59:13 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
Error: (11/13/2014 05:57:30 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "HitmanPro 3.7 Crusader (Boot)" wurde mit folgendem dienstspezifischem Fehler beendet: %%0.
Error: (11/13/2014 05:54:12 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (11/13/2014 05:53:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Mobile Partner. OUC" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (11/13/2014 05:53:22 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Mobile Partner. OUC erreicht.
Error: (11/13/2014 06:29:56 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "DeleteFlag" aufgrund folgenden Fehlers fehlgeschlagen:
%%5
Microsoft Office Sessions:
=========================
Error: (11/13/2014 06:42:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Gmer-19357.exe2.1.19357.052e7ea83Gmer-19357.exe2.1.19357.052e7ea83c000000500012298b8801cfff6868e43098C:\Users\mario\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HGQ67DI0\Gmer-19357.exeC:\Users\mario\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HGQ67DI0\Gmer-19357.exe669951f5-6b5c-11e4-9395-00a0d1ad0be0
Error: (11/13/2014 05:58:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.17420545ad233nvd3dum.dll9.18.13.2702521fbdc1c000000500697af3152401cfff6322663768C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\nvd3dum.dll50cec5db-6b56-11e4-932c-00a0d1ad0be0
Error: (11/13/2014 06:30:26 PM) (Source: VSS) (EventID: 8193) (User: )
Description: RegSetValueExW(0x0000014c,SYSTEM\CurrentControlSet\Services\VSS\Diag\VssvcPublisher,0,REG_BINARY,01D9FAF0.64)0x80070005, Zugriff verweigert
Error: (11/13/2014 06:30:26 PM) (Source: VSS) (EventID: 8193) (User: )
Description: RegSetValueExW(0x000009c4,(null),0,REG_BINARY,0498F170.64)0x80070005, Zugriff verweigert
Vorgang:
BackupShutdown-Ereignis
Kontext:
Ausführungskontext: Writer
Generatorklassen-ID: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
Generatorname: MSSearch Service Writer
Generatorinstanz-ID: {cc3f4313-4eba-4fbf-8702-5ef03b72e175}
Error: (11/13/2014 06:30:26 PM) (Source: VSS) (EventID: 8193) (User: )
Description: RegSetValueExW(0x000007d4,(null),0,REG_BINARY,018FEBF8.64)0x80070005, Zugriff verweigert
Vorgang:
BackupShutdown-Ereignis
Kontext:
Ausführungskontext: Writer
Generatorklassen-ID: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
Generatorname: WMI Writer
Generatorinstanz-ID: {7f6105d1-3504-48e4-b88c-fcad8cfbfa7b}
Error: (11/13/2014 06:30:26 PM) (Source: VSS) (EventID: 8193) (User: )
Description: RegSetValueExW(0x000004b0,(null),0,REG_BINARY,0309EA98.64)0x80070005, Zugriff verweigert
Vorgang:
BackupShutdown-Ereignis
Kontext:
Ausführungskontext: Writer
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {6c0a7c25-135f-468a-bd78-637ea44f3b1e}
Error: (11/13/2014 06:30:26 PM) (Source: VSS) (EventID: 8193) (User: )
Description: RegSetValueExW(0x000007d4,(null),0,REG_BINARY,018FEBE4.64)0x80070005, Zugriff verweigert
Vorgang:
BackupShutdown-Ereignis
Kontext:
Ausführungskontext: Writer
Generatorklassen-ID: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
Generatorname: WMI Writer
Generatorinstanz-ID: {7f6105d1-3504-48e4-b88c-fcad8cfbfa7b}
Error: (11/13/2014 06:30:26 PM) (Source: VSS) (EventID: 8193) (User: )
Description: RegSetValueExW(0x000001f4,(null),0,REG_BINARY,0102F638.64)0x80070005, Zugriff verweigert
Vorgang:
BackupShutdown-Ereignis
Kontext:
Ausführungskontext: Writer
Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Generatorname: Shadow Copy Optimization Writer
Generatorinstanz-ID: {46240fb9-d5ee-44f5-ba12-3feda14c5a04}
Error: (11/13/2014 06:30:26 PM) (Source: VSS) (EventID: 8193) (User: )
Description: RegSetValueExW(0x000009c4,(null),0,REG_BINARY,0498F15C.64)0x80070005, Zugriff verweigert
Vorgang:
BackupShutdown-Ereignis
Kontext:
Ausführungskontext: Writer
Generatorklassen-ID: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
Generatorname: MSSearch Service Writer
Generatorinstanz-ID: {cc3f4313-4eba-4fbf-8702-5ef03b72e175}
Error: (11/13/2014 06:30:26 PM) (Source: VSS) (EventID: 8193) (User: )
Description: RegSetValueExW(0x000004b0,(null),0,REG_BINARY,0309EA84.64)0x80070005, Zugriff verweigert
Vorgang:
BackupShutdown-Ereignis
Kontext:
Ausführungskontext: Writer
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {6c0a7c25-135f-468a-bd78-637ea44f3b1e}
CodeIntegrity Errors:
===================================
Date: 2014-01-24 21:39:55.566
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-01-09 19:41:39.944
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-01-09 19:41:21.676
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-01-09 19:43:05.386
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-01-09 19:42:17.164
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Processor: Intel(R) Core(TM)2 Duo CPU P8400 @ 2.26GHz
Percentage of memory in use: 41%
Total physical RAM: 3068.96 MB
Available physical RAM: 1789.59 MB
Total Pagefile: 6136.22 MB
Available Pagefile: 4598.27 MB
Total Virtual: 2047.88 MB
Available Virtual: 1913.53 MB
==================== Drives ================================
Drive c: (ACER) (Fixed) (Total:465.76 GB) (Free:231.36 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DVDVolume) (CDROM) (Total:4.01 GB) (Free:0 GB) UDF
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 4EBF5754)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)
==================== End Of Log ============================
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-11-2014 01
Ran by mario (administrator) on MARIO-PC on 13-11-2014 18:36:00
Running from C:\Users\mario\Desktop
Loaded Profiles: mario & UpdatusUser (Available profiles: mario & UpdatusUser)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(mst software GmbH, Germany) C:\Program Files\Ashampoo\Ashampoo WinOptimizer 8\DfSdkS.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE
(Teruten) C:\Windows\System32\FsUsbExService.Exe
() C:\ProgramData\DatacardService\HWDeviceService.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
() C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
(Sony Corporation) C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
(TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
() C:\Program Files\Ashampoo\Ashampoo WinOptimizer 8\LiveTunerService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Ashampoo Development GmbH & Co. KG) C:\Program Files\Ashampoo\Ashampoo WinOptimizer 8\LiveTuner.exe
(Sony Corporation) C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
(1und1 Mail und Media GmbH) C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
(Skillbrains) C:\Users\mario\AppData\Local\Skillbrains\lightshot\5.1.4.17\Lightshot.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Avira) C:\Program Files\Avira\AviraSpeedup\avira_system_speedup.exe
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(Dropbox, Inc.) C:\Users\mario\AppData\Roaming\Dropbox\bin\Dropbox.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_15_0_0_223_ActiveX.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [8092192 2009-11-17] (Realtek Semiconductor)
HKLM\...\Run: [Ashampoo WinOptimizer Live-Tuner] => C:\Program Files\Ashampoo\Ashampoo WinOptimizer 8\LiveTuner.exe [2656680 2011-09-28] (Ashampoo Development GmbH & Co. KG)
HKLM\...\Run: [NPSStartup] => [X]
HKLM\...\Run: [PMBVolumeWatcher] => C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe [651832 2011-08-24] (Sony Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [703736 2014-10-14] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [KiesTrayAgent] => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [310064 2014-06-14] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [MailCheck IE Broker] => C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe [1810496 2014-04-24] (1und1 Mail und Media GmbH)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [124208 2014-10-22] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKU\S-1-5-21-943191095-2846990741-2943127497-1001\...\Run: [EPSON1A5D7B (Epson Stylus SX420W)] => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIGCE.EXE [200704 2009-09-14] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-943191095-2846990741-2943127497-1001\...\Run: [AutoStartNPSAgent] => C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe [102400 2009-04-02] (Samsung Electronics Co., Ltd.)
HKU\S-1-5-21-943191095-2846990741-2943127497-1001\...\Run: [EPSON SX420W Series] => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIGCE.EXE [200704 2009-09-14] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-943191095-2846990741-2943127497-1001\...\Run: [] => C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [843568 2014-06-14] (Samsung)
HKU\S-1-5-21-943191095-2846990741-2943127497-1001\...\Run: [Facebook Update] => C:\Users\mario\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-09-02] (Facebook Inc.)
HKU\S-1-5-21-943191095-2846990741-2943127497-1001\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [22869088 2014-10-21] (Google)
HKU\S-1-5-21-943191095-2846990741-2943127497-1001\...\Run: [LightShot] => C:\Users\mario\AppData\Local\Skillbrains\lightshot\Lightshot.exe [226560 2014-06-18] ()
HKU\S-1-5-21-943191095-2846990741-2943127497-1001\...\Run: [TomTomHOME.exe] => C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [248208 2013-08-27] (TomTom)
HKU\S-1-5-21-943191095-2846990741-2943127497-1001\...\Run: [AviraSpeedup] => C:\Program Files\Avira\AviraSpeedup\avira_system_speedup.exe [5395192 2014-10-03] (Avira)
HKU\S-1-5-21-943191095-2846990741-2943127497-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [4825880 2014-10-23] (Piriform Ltd)
HKU\S-1-5-21-943191095-2846990741-2943127497-1001\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2014-11-07] (Google Inc.)
HKU\S-1-5-21-943191095-2846990741-2943127497-1001\...\MountPoints2: E - E:\AutoRun.exe
HKU\S-1-5-21-943191095-2846990741-2943127497-1001\...\MountPoints2: {2e6f69a6-e937-11e1-bbef-001e101f7f74} - E:\AutoRun.exe
HKU\S-1-5-21-943191095-2846990741-2943127497-1001\...\MountPoints2: {b0f9344c-df70-11d4-9acf-00a0d1ad0be0} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\index.html
HKU\S-1-5-21-943191095-2846990741-2943127497-1001\...\MountPoints2: {b817d815-e92d-11e1-95fe-00a0d1ad0be0} - E:\AutoRun.exe
HKU\S-1-5-21-943191095-2846990741-2943127497-1001\...\MountPoints2: {b817d82c-e92d-11e1-95fe-00a0d1ad0be0} - E:\AutoRun.exe
HKU\S-1-5-21-943191095-2846990741-2943127497-1001\...\MountPoints2: {b817d84b-e92d-11e1-95fe-00a0d1ad0be0} - E:\AutoRun.exe
HKU\S-1-5-18\...\Run: [AviraSpeedup] => C:\Program Files\Avira\AviraSpeedup\avira_system_speedup.exe [5395192 2014-10-03] (Avira)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\mario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\mario\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\mario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
ShellIconOverlayIdentifiers: [GDriveBlacklistedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedEditOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedViewOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSyncedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSyncingOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
BootExecute: autocheck autochk * bootdelete
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.facebook.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x4C56FBDE1CBCCC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartsurf.com/?type=hp&ts=1409769840&from=tugs&uid=ST9500325AS_5VE0Z7EZXXXX5VE0Z7EZ
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1409769840&from=tugs&uid=ST9500325AS_5VE0Z7EZXXXX5VE0Z7EZ&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartsurf.com/?type=hp&ts=1409769840&from=tugs&uid=ST9500325AS_5VE0Z7EZXXXX5VE0Z7EZ
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.istartsurf.com/?type=hp&ts=1409769840&from=tugs&uid=ST9500325AS_5VE0Z7EZXXXX5VE0Z7EZ
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartsurf.com/web/?type=ds&ts=1409769840&from=tugs&uid=ST9500325AS_5VE0Z7EZXXXX5VE0Z7EZ&q={searchTerms}
URLSearchHook: HKLM - DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Users\mario\AppData\LocalLow\DVDVideoSoftTB\prxtbDVDV.dll (ClientConnect Ltd.)
URLSearchHook: HKCU - DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Users\mario\AppData\LocalLow\DVDVideoSoftTB\prxtbDVDV.dll (ClientConnect Ltd.)
HKU\S-1-5-21-943191095-2846990741-2943127497-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.istartsurf.com/?type=sc&ts=1409769840&from=tugs&uid=ST9500325AS_5VE0Z7EZXXXX5VE0Z7EZ
SearchScopes: HKCU - {22FAACBA-E5CE-4A7E-8C1A-32B5C840F4D9} URL = hxxp://de.search.yahoo.com/search?fr=mcafee&p={SearchTerms}
SearchScopes: HKCU - {462DBD11-50B6-4729-A19B-6CEFEB16DCD0} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKCU - {4B0E8FA1-5355-41B8-981D-A32F6C1D8362} URL = hxxp://go.gmx.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKCU - {99F56934-85E6-4298-83E6-529910F9802A} URL = hxxp://go.mail.com/tb/en-us/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKCU - {C3FB7335-8FD3-46D3-BDFD-9A923343E753} URL = hxxp://go.web.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKCU - {C89738FB-E293-45FF-92B5-01EF65686D1B} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = hxxp://mystart.incredibar.com/mb165/?search={searchTerms}&loc=IB_DS&a=6OyHBv6JC2&i=26
SearchScopes: HKCU - {FC7E5970-0E3B-43FA-80E5-7D4E0290DA1B} URL = https://www.google.com/search?q={searchTerms}
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: DVDVideoSoftTB Toolbar -> {872b5b88-9db5-4310-bdd0-ac189557e5f5} -> C:\Users\mario\AppData\LocalLow\DVDVideoSoftTB\prxtbDVDV.dll (ClientConnect Ltd.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: WEB.DE MailCheck BHO -> {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} -> C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
Toolbar: HKLM - WEB.DE MailCheck - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
Toolbar: HKLM - DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Users\mario\AppData\LocalLow\DVDVideoSoftTB\prxtbDVDV.dll (ClientConnect Ltd.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_67-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0067-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_67-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_67-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: webde - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{5863A184-9385-4DFA-BFB2-A6562BDC40C0}: [NameServer] 212.52.97.25 193.70.152.25
Tcpip\..\Interfaces\{95112B73-AD06-42EF-A679-B7309AE7DC15}: [NameServer] 212.52.97.25 193.70.152.25
Tcpip\..\Interfaces\{9D70F6C1-8888-4D2B-A03E-3F30228CDCD5}: [NameServer] 193.70.152.25 212.52.97.25
FireFox:
========
FF ProfilePath: C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\t3k3gzn5.default
FF NewTab: chrome://unitedtb/content/newtab/newtab-page.xhtml
FF DefaultSearchEngine: istartsurf
FF SelectedSearchEngine: istartsurf
FF Homepage: www.facebook.de
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF Plugin: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\t3k3gzn5.default\searchplugins\babylon1.xml
FF SearchPlugin: C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\t3k3gzn5.default\searchplugins\conduit.xml
FF SearchPlugin: C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\t3k3gzn5.default\searchplugins\delta.xml
FF SearchPlugin: C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\t3k3gzn5.default\searchplugins\MyStart Search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\ddg.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Browsers App - C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\t3k3gzn5.default\Extensions\herman.thorne45@outlook.com [2014-10-03]
FF Extension: WEB.DE MailCheck - C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\t3k3gzn5.default\Extensions\toolbar@web.de [2014-10-03]
FF Extension: DVDVideoSoftTB - C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\t3k3gzn5.default\Extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2014-09-03]
FF Extension: Free YouTube Download (Free Studio) Menu - C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\t3k3gzn5.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012-11-01]
FF Extension: midikar - C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\t3k3gzn5.default\Extensions\{e97a8b1d-ea32-4839-9c97-b92ab27cb15e} [2014-11-13]
FF Extension: ProxTube - C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\t3k3gzn5.default\Extensions\ich@maltegoetz.de.xpi [2014-10-11]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-11-13]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2014-11-13]
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2001-01-01]
Chrome:
=======
CHR HomePage: Default -> https://www.facebook.com/logout.php
CHR StartupUrls: Default -> "https://www.facebook.com/index.php?stype=lo&lh=Ac8dWS5ReYw4q_9A"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\mario\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\mario\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-20]
CHR Extension: (Google Docs) - C:\Users\mario\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-20]
CHR Extension: (Google Drive) - C:\Users\mario\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-20]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\mario\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-20]
CHR Extension: (YouTube) - C:\Users\mario\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-20]
CHR Extension: (Google-Suche) - C:\Users\mario\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-20]
CHR Extension: (Google Tabellen) - C:\Users\mario\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-20]
CHR Extension: (Avira Browser Safety) - C:\Users\mario\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-10-26]
CHR Extension: (Avira SafeSearch) - C:\Users\mario\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldmiahjidflgnbiadknkmaimfpjkelng [2014-10-26]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\mario\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-11]
CHR Extension: (Google Wallet) - C:\Users\mario\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-20]
CHR Extension: (Mehr Leistung und Videoformate für dein HTML5 <video>) - C:\Users\mario\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2014-10-20]
CHR Extension: (Google Mail) - C:\Users\mario\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-20]
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-12-12]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [431920 2014-10-14] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [431920 2014-10-14] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [164656 2014-10-22] (Avira Operations GmbH & Co. KG)
R2 DfSdkS; C:\Program Files\Ashampoo\Ashampoo WinOptimizer 8\DfsdkS.exe [406016 2009-08-24] (mst software GmbH, Germany) [File not signed]
R2 EPSON_EB_RPCV4_04; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE [153600 2009-09-14] (SEIKO EPSON CORPORATION) [File not signed]
R2 EPSON_PM_RPCV4_04; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE [121856 2009-09-14] (SEIKO EPSON CORPORATION) [File not signed]
R2 FsUsbExService; C:\Windows\system32\FsUsbExService.Exe [233472 2009-03-31] (Teruten) [File not signed]
S2 globalUpdate; C:\Program Files\globalUpdate\Update\GoogleUpdate.exe [68608 2014-09-03] (globalUpdate) [File not signed]
S3 globalUpdatem; C:\Program Files\globalUpdate\Update\GoogleUpdate.exe [68608 2014-09-03] (globalUpdate) [File not signed]
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [106248 2014-11-13] (SurfRight B.V.)
R2 HWDeviceService.exe; C:\ProgramData\DatacardService\HWDeviceService.exe [271712 2011-03-14] ()
R2 Live Updater Service; C:\Program Files\Acer\Acer Updater\UpdaterService.exe [255376 2012-04-05] (Acer Incorporated)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)
S2 Mobile Partner. RunOuc; C:\Program Files\Mobile Partner\UpdateDog\ouc.exe [246112 2012-08-18] ()
S3 ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [430592 2008-04-07] (Nokia.) [File not signed]
R2 WO_LiveService; C:\Program Files\Ashampoo\Ashampoo WinOptimizer 8\LiveTunerService.exe [885160 2011-09-28] ()
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 51110541; C:\Windows\System32\DRIVERS\51110541.sys [128016 2009-09-25] (Kaspersky Lab)
R0 51110542; C:\Windows\System32\DRIVERS\51110542.sys [37392 2009-10-22] (Kaspersky Lab)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98160 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2014-02-25] (Avira Operations GmbH & Co. KG)
R2 EpmPsd; C:\Windows\system32\drivers\epm-psd.sys [4096 2004-07-19] (Acer Value Labs, USA) [File not signed]
R2 EpmShd; C:\Windows\system32\drivers\epm-shd.sys [78208 2005-04-07] (Acer Value Labs, USA) [File not signed]
R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36608 2009-03-31] () [File not signed]
R3 L1E; C:\Windows\System32\DRIVERS\L1E62x86.sys [48640 2009-08-23] (Atheros Communications, Inc.)
R2 LiveTunerPM; C:\Program Files\Ashampoo\Ashampoo WinOptimizer 8\LiveTunerProcessMonitor32.sys [12696 2011-03-08] ()
R1 setup_9.0.0.722_17.12.2011_15-25drv; C:\Windows\System32\DRIVERS\5111054.sys [311312 2009-10-09] (Kaspersky Lab)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2014-02-25] (Avira GmbH)
S3 TTCinergyT2; C:\Windows\System32\drivers\TTCinergyT2BDA.sys [22528 2005-10-06] (TerraTec Electronic GmbH)
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [43520 2012-02-15] (Apple, Inc.) [File not signed]
S3 zghsmdm; C:\Windows\System32\DRIVERS\zghsmdm.sys [106752 2011-01-13] (ZTE Incorporated)
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S0 hitmanpro37duringboot; system32\drivers\hitmanpro37.sys [X]
S3 ute4njq3; \??\C:\Windows\system32\Drivers\ute4njq3.sys [X]
U3 fwdoypod; \??\C:\Users\mario\AppData\Local\Temp\fwdoypod.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-13 18:37 - 2014-11-13 18:37 - 00000000 ____D () C:\31cd9b6eea04efa7fe74
2014-11-13 18:37 - 2014-11-13 18:37 - 00000000 _____ () C:\Users\mario\Downloads\avira-eu-cleaner_de_exe.82d1sna.partial
2014-11-13 18:36 - 2014-11-13 18:36 - 00029741 _____ () C:\Users\mario\Desktop\FRST.txt
2014-11-13 18:30 - 2014-11-13 18:30 - 00045928 _____ () C:\Windows\system32\.crusader
2014-11-13 18:24 - 2014-11-13 18:24 - 00000000 _____ () C:\Users\mario\Downloads\hmpalert_exe.vo44ku4.partial
2014-11-13 18:23 - 2014-11-13 18:36 - 00000000 ____D () C:\FRST
2014-11-13 18:22 - 2014-11-13 18:23 - 00000000 ____D () C:\AdwCleaner
2014-11-13 18:20 - 2014-11-13 18:20 - 00000000 ____D () C:\Users\mario\Desktop\Neuer Ordner
2014-11-13 18:20 - 2014-11-13 18:20 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-11-13 18:19 - 2014-11-13 18:19 - 00380416 _____ () C:\Users\mario\Desktop\Gmer-19357.exe
2014-11-13 18:19 - 2014-11-13 18:19 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-11-13 18:17 - 2014-11-13 18:17 - 01108480 _____ (Farbar) C:\Users\mario\Downloads\FRST.exe
2014-11-13 18:17 - 2014-11-13 18:17 - 01108480 _____ (Farbar) C:\Users\mario\Desktop\FRST.exe
2014-11-13 18:17 - 2014-11-13 18:17 - 00050477 _____ () C:\Users\mario\Desktop\Defogger.exe
2014-11-13 18:13 - 2014-11-13 18:13 - 00001909 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2014-11-13 18:13 - 2014-11-13 18:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2014-11-13 18:13 - 2014-11-13 18:13 - 00000000 ____D () C:\Program Files\HitmanPro
2014-11-13 18:12 - 2014-11-13 18:30 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-11-13 18:12 - 2014-11-05 18:50 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-11-13 18:12 - 2014-11-05 18:50 - 00203776 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-11-13 18:12 - 2014-11-05 18:47 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-11-13 18:12 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-13 18:12 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-13 18:12 - 2014-10-03 02:44 - 00475136 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-13 18:12 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-13 18:12 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-13 18:12 - 2014-10-03 02:44 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-13 18:12 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-13 18:12 - 2014-09-19 10:23 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-13 18:12 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-13 18:12 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-13 18:12 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-13 18:12 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-13 18:12 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-13 18:12 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-13 18:12 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-13 18:12 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-13 18:12 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-13 18:11 - 2014-11-13 18:12 - 10284408 _____ (SurfRight B.V.) C:\Users\mario\Downloads\hitmanpro.exe
2014-11-13 18:11 - 2014-11-07 20:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-13 18:11 - 2014-11-06 04:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-13 18:11 - 2014-11-06 04:28 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-13 18:11 - 2014-11-06 04:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-13 18:11 - 2014-11-06 04:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-13 18:11 - 2014-11-06 04:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-13 18:11 - 2014-11-06 04:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-13 18:11 - 2014-11-06 04:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-13 18:11 - 2014-11-06 04:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-13 18:11 - 2014-11-06 04:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-13 18:11 - 2014-11-06 04:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-13 18:11 - 2014-11-06 04:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-13 18:11 - 2014-11-06 03:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-13 18:11 - 2014-11-06 03:59 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-13 18:11 - 2014-11-06 03:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-13 18:11 - 2014-11-06 03:51 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-13 18:11 - 2014-11-06 03:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-13 18:11 - 2014-11-06 03:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-13 18:11 - 2014-11-06 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-13 18:11 - 2014-11-06 03:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-13 18:11 - 2014-11-06 03:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-13 18:11 - 2014-11-06 03:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-13 18:11 - 2014-11-06 03:22 - 00683008 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-13 18:11 - 2014-11-06 03:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-13 18:11 - 2014-11-06 03:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-13 18:11 - 2014-11-06 03:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-13 18:11 - 2014-11-06 03:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-13 18:11 - 2014-11-06 02:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-13 18:11 - 2014-11-06 02:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-13 18:11 - 2014-11-06 02:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-13 18:11 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-13 18:11 - 2014-10-14 02:56 - 00136632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-13 18:11 - 2014-10-14 02:50 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-13 18:11 - 2014-10-14 02:50 - 00523776 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-13 18:11 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-13 18:11 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-13 18:11 - 2014-10-10 01:45 - 02379264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-13 18:08 - 2014-11-13 18:08 - 02140160 _____ () C:\Users\mario\Desktop\AdwCleaner_4.101.exe
2014-11-13 18:01 - 2014-11-13 18:11 - 00000000 ____D () C:\Program Files\Mozilla Firefox.bak
2014-11-13 17:56 - 2014-11-13 17:56 - 00000000 __SHD () C:\Users\mario\AppData\Local\EmieBrowserModeList
2014-11-13 17:52 - 2014-11-13 17:53 - 00000907 _____ () C:\Windows\setupact.log
2014-11-13 17:52 - 2014-11-13 17:52 - 00000000 _____ () C:\Windows\setuperr.log
2014-11-07 18:41 - 2014-11-08 18:48 - 00002125 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-11-07 18:41 - 2014-11-07 18:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-11-01 17:26 - 2014-11-01 17:27 - 36865528 _____ () C:\Users\mario\Downloads\WEB.DE_Firefox_Setup.exe
2014-11-01 17:25 - 2014-11-13 17:52 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-11-01 17:25 - 2014-11-01 17:25 - 00001121 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-11-01 17:25 - 2014-11-01 17:25 - 00001109 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-10-26 16:01 - 2014-10-26 16:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2014-10-26 16:01 - 2014-10-26 16:01 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-10-20 18:49 - 2014-10-20 18:49 - 00000000 ____D () C:\Users\mario\AppData\Roaming\Opera Software
2014-10-20 18:49 - 2014-10-20 18:49 - 00000000 ____D () C:\Users\mario\AppData\Local\Opera Software
2014-10-20 18:47 - 2014-10-20 18:47 - 00868168 _____ (Opera Software) C:\Users\mario\Downloads\Opera_NI_stable.exe
2014-10-20 18:22 - 2014-10-26 16:01 - 00002016 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2014-10-20 18:22 - 2014-10-26 16:01 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-10-20 18:13 - 2014-09-04 06:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-20 18:13 - 2014-08-29 02:44 - 04922368 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-20 18:13 - 2014-08-29 02:44 - 02744320 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-10-20 18:13 - 2014-08-29 02:44 - 01050112 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-20 18:13 - 2014-08-29 02:44 - 00269312 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2014-10-20 18:13 - 2014-08-29 02:44 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-10-20 18:13 - 2014-07-17 02:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-20 18:13 - 2014-07-17 02:39 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-20 18:13 - 2014-07-17 02:39 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-20 18:13 - 2014-07-17 02:03 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-20 18:13 - 2014-07-17 02:02 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-20 18:13 - 2014-06-18 23:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-20 18:13 - 2014-06-18 23:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-20 18:13 - 2014-06-18 23:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-14 17:34 - 2014-10-14 17:34 - 00210775 _____ () C:\Users\mario\Downloads\7W8NY.zip
2014-10-14 17:28 - 2014-10-14 17:28 - 00000000 ____D () C:\Users\mario\Documents\EBAY
2014-10-14 15:46 - 2014-11-01 17:14 - 00001099 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-10-14 15:45 - 2014-10-14 15:45 - 00323672 _____ (Dropbox, Inc.) C:\Users\mario\Downloads\DropboxInstaller.exe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-13 18:52 - 2014-01-24 21:56 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-13 18:52 - 2014-01-24 21:56 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-13 18:51 - 2014-01-25 22:23 - 00000376 _____ () C:\Windows\Tasks\update-S-1-5-21-943191095-2846990741-2943127497-1001.job
2014-11-13 18:47 - 2014-09-03 19:47 - 00003446 _____ () C:\Windows\Tasks\f25128c7-bbfe-4598-b1d8-0fd17d6e8375-6.job
2014-11-13 18:41 - 2012-05-06 19:09 - 00069120 ___SH () C:\Users\mario\Documents\Thumbs.db
2014-11-13 18:38 - 2013-08-15 10:06 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-13 18:37 - 2001-01-01 00:07 - 100445232 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-13 18:35 - 2012-05-01 15:12 - 03550720 ___SH () C:\Users\mario\Downloads\Thumbs.db
2014-11-13 18:34 - 2013-09-02 14:29 - 00000928 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-943191095-2846990741-2943127497-1001UA.job
2014-11-13 18:29 - 2014-09-03 19:47 - 00000000 ____D () C:\ProgramData\IePluginServices
2014-11-13 18:28 - 2011-12-16 18:38 - 01432430 _____ () C:\Windows\WindowsUpdate.log
2014-11-13 18:19 - 2014-09-10 16:19 - 00000000 ____D () C:\ProgramData\Oracle
2014-11-13 18:17 - 2014-09-10 16:18 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-11-13 18:17 - 2014-09-10 16:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-11-13 18:17 - 2001-01-01 15:13 - 00000000 ____D () C:\Program Files\Java
2014-11-13 18:10 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-11-13 18:04 - 2009-07-14 05:34 - 00022576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-13 18:04 - 2009-07-14 05:34 - 00022576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-13 18:00 - 2014-04-28 15:42 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-11-13 17:59 - 2012-04-04 17:07 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-11-13 17:59 - 2012-04-04 17:07 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-13 17:59 - 2012-02-06 19:58 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-11-13 17:57 - 2013-10-19 13:04 - 00000000 ___RD () C:\Users\mario\Dropbox
2014-11-13 17:57 - 2013-10-19 13:02 - 00000000 ____D () C:\Users\mario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-11-13 17:57 - 2013-10-19 12:57 - 00000000 ____D () C:\Users\mario\AppData\Roaming\Dropbox
2014-11-13 17:56 - 2014-01-24 22:01 - 00000000 ___RD () C:\Users\mario\Google Drive
2014-11-13 17:55 - 2014-09-03 19:49 - 00002750 _____ () C:\Windows\Tasks\f25128c7-bbfe-4598-b1d8-0fd17d6e8375-1.job
2014-11-13 17:55 - 2014-09-03 19:49 - 00002422 _____ () C:\Windows\Tasks\f25128c7-bbfe-4598-b1d8-0fd17d6e8375-5_user.job
2014-11-13 17:55 - 2014-09-03 19:49 - 00002422 _____ () C:\Windows\Tasks\f25128c7-bbfe-4598-b1d8-0fd17d6e8375-5.job
2014-11-13 17:55 - 2014-09-03 19:47 - 00003446 _____ () C:\Windows\Tasks\f25128c7-bbfe-4598-b1d8-0fd17d6e8375-4.job
2014-11-13 17:55 - 2014-09-03 19:47 - 00003110 _____ () C:\Windows\Tasks\f25128c7-bbfe-4598-b1d8-0fd17d6e8375-7.job
2014-11-13 17:55 - 2014-09-03 19:46 - 00004472 _____ () C:\Windows\Tasks\f25128c7-bbfe-4598-b1d8-0fd17d6e8375-11.job
2014-11-13 17:55 - 2014-09-03 19:46 - 00003110 _____ () C:\Windows\Tasks\f25128c7-bbfe-4598-b1d8-0fd17d6e8375-3.job
2014-11-13 17:55 - 2014-09-03 19:46 - 00000898 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2014-11-13 17:55 - 2012-11-10 12:00 - 00000435 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-11-13 17:54 - 2011-12-16 18:54 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-13 17:54 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-13 17:54 - 2009-07-14 05:33 - 00289816 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-13 17:52 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-11-08 18:32 - 2011-12-16 19:10 - 00000000 ____D () C:\Users\mario\AppData\Local\Google
2014-11-07 18:42 - 2014-08-14 23:48 - 00000000 ____D () C:\Users\mario\AppData\Local\Adobe
2014-11-07 18:42 - 2012-02-06 18:47 - 00000000 ____D () C:\ProgramData\Google
2014-11-07 18:42 - 2011-12-16 19:10 - 00000000 ____D () C:\Program Files\Google
2014-11-07 17:52 - 2014-01-24 21:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-11-01 17:14 - 2014-03-14 18:40 - 00000000 ____D () C:\ProgramData\Package Cache
2014-11-01 17:14 - 2014-03-14 18:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-11-01 17:14 - 2014-03-14 18:40 - 00000000 ____D () C:\Program Files\Avira
2014-10-31 16:55 - 2014-01-25 22:23 - 00000376 _____ () C:\Windows\Tasks\update-sys.job
2014-10-26 16:49 - 2012-11-05 20:20 - 00000000 ___RD () C:\Users\mario\Desktop\karaoke
2014-10-26 16:28 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache
2014-10-26 16:15 - 2011-12-18 12:13 - 00000000 ____D () C:\Program Files\Opera
2014-10-20 18:30 - 2014-08-28 19:29 - 00000969 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-10-20 18:30 - 2014-08-28 19:29 - 00000000 ____D () C:\Program Files\CCleaner
2014-10-20 17:59 - 2009-07-14 03:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-10-14 18:01 - 2012-07-21 17:59 - 00352256 ___SH () C:\Users\mario\Desktop\Thumbs.db
2014-10-14 17:39 - 2012-06-15 22:34 - 00000000 ____D () C:\Users\mario\Desktop\fotos allgemein
2014-10-14 15:37 - 2014-03-23 10:37 - 00037384 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-10-14 15:37 - 2014-03-14 18:43 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-10-14 15:37 - 2014-03-14 18:43 - 00098160 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
Files to move or delete:
====================
C:\Users\mario\start32bitprogram.exe
Some content of TEMP:
====================
C:\Users\mario\AppData\Local\Temp\avgnt.exe
C:\Users\mario\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmphzt_4y.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-11-11 17:54
==================== End Of Log ============================
--- --- --- |
|
16.11.2014, 14:30
| #4 |
| | Gmer-19357.exe funktioniert nicht mehr |
|
16.11.2014, 15:47
| #5 |
| | Frst und addition logfilesCode:
ATTFilter # AdwCleaner v4.101 - Bericht erstellt am 13/11/2014 um 17:55:36
# Aktualisiert 09/11/2014 von Xplode
# Database : 2014-11-16.1 [Live]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzername : mario - MARIO-PC
# Gestartet von : C:\Users\mario\Desktop\AdwCleaner_4.101.exe
# Option : Löschen
***** [ Dienste ] *****
[#] Dienst Gelöscht : globalUpdate
[#] Dienst Gelöscht : globalUpdatem
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\IBUpdaterService
Ordner Gelöscht : C:\ProgramData\IePluginServices
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\ProgramData\VisualBee
Ordner Gelöscht : C:\ProgramData\WindowsMangerProtect
Ordner Gelöscht : C:\Program Files\Free Offers from Freeze.com
Ordner Gelöscht : C:\Program Files\globalUpdate
Ordner Gelöscht : C:\Program Files\Perion
Ordner Gelöscht : C:\Program Files\Uncompressor
Ordner Gelöscht : C:\Program Files\Skillbrains
Ordner Gelöscht : C:\Program Files\Common Files\DVDVideoSoft\TB
Ordner Gelöscht : C:\Users\mario\AppData\Local\eSupport.com
Ordner Gelöscht : C:\Users\mario\AppData\Local\FileTypeAssistant
Ordner Gelöscht : C:\Users\mario\AppData\Local\globalUpdate
Ordner Gelöscht : C:\Users\mario\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\mario\AppData\Local\VisualBeeClient
Ordner Gelöscht : C:\Users\mario\AppData\Local\VisualBeeExe
Ordner Gelöscht : C:\Users\mario\AppData\Local\Skillbrains
Ordner Gelöscht : C:\Users\mario\AppData\LocalLow\DVDVideoSoftTB
Ordner Gelöscht : C:\Users\mario\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\t3k3gzn5.default\Extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
Ordner Gelöscht : C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\t3k3gzn5.default\Extensions\{ACAA314B-EEBA-48E4-AD47-84E31C44796C}
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\t3k3gzn5.default\foxydeal.sqlite
Datei Gelöscht : C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\t3k3gzn5.default\invalidprefs.js
Datei Gelöscht : C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\t3k3gzn5.default\searchplugins\babylon1.xml
Datei Gelöscht : C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\t3k3gzn5.default\searchplugins\Conduit.xml
Datei Gelöscht : C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\t3k3gzn5.default\searchplugins\delta.xml
Datei Gelöscht : C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\t3k3gzn5.default\searchplugins\MyStart Search.xml
***** [ Tasks ] *****
Task Gelöscht : globalUpdateUpdateTaskMachineCore
Task Gelöscht : globalUpdateUpdateTaskMachineUA
Task Gelöscht : update-sys
Task Gelöscht : VisualBeeRecovery
Task Gelöscht : f25128c7-bbfe-4598-b1d8-0fd17d6e8375-1
Task Gelöscht : f25128c7-bbfe-4598-b1d8-0fd17d6e8375-11
Task Gelöscht : f25128c7-bbfe-4598-b1d8-0fd17d6e8375-3
Task Gelöscht : f25128c7-bbfe-4598-b1d8-0fd17d6e8375-4
Task Gelöscht : f25128c7-bbfe-4598-b1d8-0fd17d6e8375-5
Task Gelöscht : f25128c7-bbfe-4598-b1d8-0fd17d6e8375-5_user
Task Gelöscht : f25128c7-bbfe-4598-b1d8-0fd17d6e8375-6
Task Gelöscht : f25128c7-bbfe-4598-b1d8-0fd17d6e8375-7
Task Gelöscht : update-S-1-5-21-943191095-2846990741-2943127497-1001
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Schlüssel Gelöscht : HKCU\Software\92db8bb135bf15
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IECT2269050
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2269050
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C424171E-592A-415A-9EB1-DFD6D95D3530}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D3F69D07-0AEE-47AF-87D0-1A67D4F70C68}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DF84E609-C3A4-49CB-A160-61767DAF8899}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C424171E-592A-415A-9EB1-DFD6D95D3530}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C424171E-592A-415A-9EB1-DFD6D95D3530}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3F69D07-0AEE-47AF-87D0-1A67D4F70C68}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{C424171E-592A-415A-9EB1-DFD6D95D3530}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{C424171E-592A-415A-9EB1-DFD6D95D3530}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Daten Wiederhergestellt : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}
Schlüssel Gelöscht : HKCU\Software\Bitberry
Schlüssel Gelöscht : HKCU\Software\filescout
Schlüssel Gelöscht : HKCU\Software\GlobalUpdate
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\InstalledBrowserExtensions
Schlüssel Gelöscht : HKCU\Software\Myfree Codec
Schlüssel Gelöscht : HKCU\Software\SupHpUISoft
Schlüssel Gelöscht : HKCU\Software\visualbee
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\DVDVideoSoftTB
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Re_Markable
Schlüssel Gelöscht : HKLM\SOFTWARE\Freeze.com
Schlüssel Gelöscht : HKLM\SOFTWARE\GlobalUpdate
Schlüssel Gelöscht : HKLM\SOFTWARE\InstalledBrowserExtensions
Schlüssel Gelöscht : HKLM\SOFTWARE\istartsurfSoftware
Schlüssel Gelöscht : HKLM\SOFTWARE\Myfree Codec
Schlüssel Gelöscht : HKLM\SOFTWARE\SupDp
Schlüssel Gelöscht : HKLM\SOFTWARE\supWindowsMangerProtect
Schlüssel Gelöscht : HKLM\SOFTWARE\Tarma Installer
Schlüssel Gelöscht : HKLM\SOFTWARE\Uniblue
Schlüssel Gelöscht : HKLM\SOFTWARE\visualbee
Schlüssel Gelöscht : HKLM\SOFTWARE\Web Assistant
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\VisualBee for Microsoft PowerPoint
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17420
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
-\\ Mozilla Firefox v33.1 (x86 de)
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2269050.FF19Solved", "true");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2269050.UserID", "UN31842352869106280");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2269050.autoDisableScopes", 0);
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2269050.fullUserID", "UN31842352869106280.IN.20140903204440");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2269050.installDate", "03/09/2014 20:44:42");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2269050.installSessionId", "-1");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2269050.installSp", "FALSE");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2269050.installerVersion", "1.8.1.4");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2269050.searchRevert", "false");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2269050.searchUninstallUserMode", "7");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2269050.searchUserMode", "7");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2269050.toolbarInstallDate", "03-09-2014 20:44:40");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2269050.versionFromInstaller", "10.33.0.17");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2269050.xpeMode", "-1");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264..clientLogIsEnabled", false);
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.AppTrackingLastCheckTime", "Mon Jun 18 2012 14:15:39 GMT+0200");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.BrowserCompStateIsOpen_9094358578321763345", true);
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.CT2800264", "CT2800264");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.CurrentServerDate", "21-6-2014");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.DSChangedManually", false);
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.DSInstall", true);
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.DSProtectChoice", true);
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.DSProtectCount", 2);
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.DialogsAlignMode", "LTR");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.DialogsGetterLastCheckTime", "Sun Jun 15 2014 20:06:41 GMT+0200");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.DownloadReferralCookieData", "{\"BannerName\":\"Toolbar_Image_cover8\",\"BannerTypeId\":\"1\",\"BannerCulture\":\"it\",\"DownloadTime\":\"5/13/2012 1:37:36 PM\",\"SourceId\":3,\"O[...]
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.EMailNotifierPollDate", "Sun May 13 2012 12:38:31 GMT+0200");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.FeedLastCount129305646665600165", 7);
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.FeedPollDate129305646665600165", "Thu Nov 15 2012 21:18:47 GMT+0100");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.FirstServerDate", "13-5-2012");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.FirstTime", "true");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.FirstTimeFF3", "true");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.FirstTimeHiddenVer", true);
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.FixPageNotFoundErrors", false);
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.GroupingServerCheckInterval", 1440);
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.HPChangedManually", false);
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.HPInstall", true);
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.HPProtectChoice", true);
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.HPProtectCount", 1);
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.HasUserGlobalKeys", true);
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.HomePageProtectorEnabled", false);
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.HomepageBeforeUnload", "www.facebook.de");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.Initialize", true);
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.InitializeCommonPrefs", true);
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.InstallationAndCookieDataSentCount", 3);
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.InstallationType", "DirectDownload");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.InstalledDate", "Sun May 13 2012 12:38:21 GMT+0200");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.InvalidateCache", false);
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.IsAlertDBUpdated", true);
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.IsGrouping", false);
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.IsInitSetupIni", true);
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.IsMulticommunity", false);
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.IsOpenThankYouPage", true);
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.IsOpenUninstallPage", true);
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.IsProtectorsInit", true);
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.LanguagePackLastCheckTime", "Sat Jun 21 2014 20:07:33 GMT+0200");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.LanguagePackReloadIntervalMM", 1440);
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.LastLogin_3.12.2.3", "Mon May 21 2012 19:14:54 GMT+0200");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.LastLogin_3.13.0.6", "Tue Jul 10 2012 21:33:56 GMT+0200");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.LastLogin_3.14.1.0", "Thu Sep 06 2012 20:37:51 GMT+0200");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.LastLogin_3.15.1.0", "Thu Mar 14 2013 17:51:03 GMT+0100");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.LastLogin_3.18.0.7", "Fri Jul 26 2013 11:27:55 GMT+0200");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.LastLogin_3.19.0.3", "Sat Jun 21 2014 20:07:33 GMT+0200");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.LatestVersion", "3.20.0.4");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.Locale", "it");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.MCDetectTooltipHeight", "83");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.MCDetectTooltipShow", false);
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.MCDetectTooltipWidth", "295");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.MyStuffEnabledAtInstallation", true);
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.OriginalFirstVersion", "3.12.2.3");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.RadioIsPodcast", false);
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.RadioLastCheckTime", "Thu Nov 15 2012 21:15:46 GMT+0100");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.RadioLastUpdateIPServer", "3");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.RadioLastUpdateServer", "0");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.RadioMediaID", "8546");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.RadioMediaType", "Media Player");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.RadioMenuSelectedID", "EBRadioMenu_CT28002648546");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.RadioShrinkedFromSetup", false);
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.RadioStationName", "Radio%208");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.RadioStationURL", "hxxp://stream.radio8.de:8000/live.m3u");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.RestartDialogFirstTime", "false");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.RestartDialogShouldDisplay", "false");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.SavedHomepage", "hxxp://www.web.de/");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.SearchCaption", "midikar Customized Web Search");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.SearchEngine", "Cercahxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TERM&ctid=CT2800264&octid=EB_ORIGINAL_CTID&SearchSource=1");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.SearchEngineBeforeUnload", "midikar Customized Web Search");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.SearchFromAddressBarIsInit", true);
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.SearchInNewTabEnabled", true);
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.SearchInNewTabIntervalMM", 1440);
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.SearchInNewTabLastCheckTime", "Sat Jun 21 2014 20:07:31 GMT+0200");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID&UM=UM_ID");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.SearchProtectorEnabled", true);
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.SearchProtectorToolbarDisabled", false);
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.SendProtectorDataViaLogin", true);
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.ServiceMapLastCheckTime", "Sat Jun 21 2014 20:07:33 GMT+0200");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.SettingsLastCheckTime", "Sat Jun 21 2014 20:07:31 GMT+0200");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.SettingsLastUpdate", "1402616209");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.ThirdPartyComponentsInterval", 504);
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.ThirdPartyComponentsLastCheck", "Thu Nov 15 2012 21:15:43 GMT+0100");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.ThirdPartyComponentsLastUpdate", "1331806005");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.ToolbarShrinkedFromSetup", false);
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2800264");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,codefuel.com,tbccint.com,trovi.com,seccint.com,cpccint.com,appstrm.com,OurTool[...]
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.UserID", "UN14905874797491858");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.ValidationData_Search", 2);
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.ValidationData_Toolbar", 2);
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.WeatherNetwork", "");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.WeatherPollDate", "Sun May 13 2012 12:38:34 GMT+0200");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.WeatherUnit", "C");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.addressBarTakeOverEnabledInHidden", "true");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.alertChannelId", "1192341");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.approveUntrustedApps", false);
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.components.1000034", false);
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.components.1000082", true);
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.components.1000234", false);
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.components.129305655612006965", false);
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.components.129305660177631855", false);
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.components.129305720656850485", false);
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.components.2702552438180782012", false);
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.components.9094358578321763345", false);
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.countryCode", "DE");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.enableAlerts", "always");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.firstTimeDialogOpened", true);
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.fixPageNotFoundErrorByUser", "false");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.fixPageNotFoundErrorInHidden", "true");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.fullUserID", "UN14905874797491858.UP.20140621201038");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com;social.tbccint.com;apps.tbccint.com;services.a[...]
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.globalFirstTimeInfoLastCheckTime", "Thu Nov 15 2012 21:15:46 GMT+0100");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.homepageProtectorEnableByLogin", true);
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.homepageuserchanged", true);
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.initDone", true);
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.installType", "DirectDownload");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.isAppTrackingManagerOn", false);
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.isCheckedStartAsHidden", true);
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":true}");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.isFirstRadioInstallation", false);
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.isPerformedSmartBarTransition", "true");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.keyword", true);
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://www.trovigo.com/?gd=&ctid=CT2800264&octid=CT2800264&ISID=ISID_ID&SearchSource=15&CUI=UN14905874797491858&Lay=1&UM=[...]
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.lastVersion", "10.35.0.503");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.mam_gk_installer_preapproved.enc", "ZmFsc2U=");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.myStuffEnabled", "?xml version=\"1.0\" encoding=\"UTF-8\"?>\r\n<launchitems>\n <launchitem>\n <name>Amazon</name> \n <description>Amazon.de</description> \n <icon>hxxp://dl.web[...]
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.myStuffPublihserMinWidth", 400);
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.myStuffSearchUrl", "hxxp://appstrm.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.myStuffServiceIntervalMM", 1440);
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.navigateToUrlOnSearch", false);
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"hxxps%3A%2F%2Fforum.vodafone.de%2Ft5%2FMobilfunk-Rechnung%2FAchtung-Gef%25C3%25A4lschte-Onlinerechnung-unterwegs%2Ftd-p%2F275134%[...]
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.oldAppsList", "129305640340600543,129305640340600544,111,129305647423413314,129305655705132135,129305646665600165,129305646854507065,129305655612006965,129305656053881385,12930566[...]
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.originalHomepage", "hxxp://www.web.de/");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.originalSearchEngine", "WEB.DE Suche");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.originalSearchEngineName", "WEB.DE Suche");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.performedDomainChangesMigration", "true");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.revertSettingsEnabled", true);
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.search.searchCount", 2);
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.searchFromAddressBarEnabledByUser", "true");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.searchInNewTabEnabledByUser", "true");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.searchInNewTabEnabledInHidden", "true");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.searchProtectorDialogDelayInSec", 10);
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.searchProtectorEnableByLogin", true);
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.searchSuggestEnabledByUser", "true");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT2800264\"}");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://midikar.OurToolbar.com//xpi\"}");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"midikar \"}");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.serviceLayer_services_Configuration_lastUpdate", "1415898078305");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.serviceLayer_services_login_10.31.0.526_lastUpdate", "1406941426325");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.serviceLayer_services_login_10.33.0.505_lastUpdate", "1408309833262");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.serviceLayer_services_login_10.33.0.517_lastUpdate", "1412343559675");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.serviceLayer_services_login_10.34.0.503_lastUpdate", "1415898074197");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.serviceLayer_services_login_10.35.0.503_lastUpdate", "1415898715387");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.serviceLayer_services_searchAPI_lastUpdate", "1415898075264");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.serviceLayer_services_serviceMap_lastUpdate", "1415898074770");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.serviceLayer_services_toolbarSettings_lastUpdate", "1415898077444");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.serviceLayer_services_translation_lastUpdate", "1415898074887");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.settingsINI", true);
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.smartbar.CTID", "CT2800264");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.smartbar.Uninstall", "0");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.smartbar.homepage", true);
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.smartbar.toolbarName", "midikar ");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.testingCtid", "");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.toolbarAppMetaDataLastCheckTime", "Sat Jun 21 2014 20:07:33 GMT+0200");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.toolbarBornServerTime", "13-5-2012");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.toolbarContextMenuLastCheckTime", "Sat Nov 10 2012 11:45:33 GMT+0100");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.toolbarCurrentServerTime", "15-11-2014");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.toolbarLoginClientTime", "Sun Jun 22 2014 10:04:11 GMT+0200");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.undefined", "Wed May 16 2012 20:44:13 GMT+0200");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264.usagesFlag", 2);
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CT2800264_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1415900585480,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CommunityToolbar.ConduitSearchList", "midikar Customized Web Search");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2800264/CT2800264", "\"3949656d6c558a54a1470860f0240c943\"");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1192341/1188018/DE", "\"0\"");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2800264", "\"1367217578\"");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=it", "r102DOoprcLtdBX24qpcuA==");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=it", "PQ8DgYXtwScf0zmqUD0bXg==");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=it", "vIOfGCrwfz2V2iu8Bpw9Nw==");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=it", "7vvKnJ+PAzXNpHgTSgnofQ==");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"8076e3ce381dcd1:0\"");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12.2.3", "\"4ead38b3e6bcd1:0\"");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13.0.6", "\"0d648794549cd1:0\"");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14.1.0", "\"0e0a4327275cd1:0\"");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15.1.0", "\"0343677cfb1cd1:0\"");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.18.0.7", "\"97e416bb586ce1:0\"");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.19.0.3", "\"dfe74040abc2ce1:0\"");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2800264", "\"a238378f7d0708034a0defa297cb8b8b\"");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=it", "\"8f9da57f00b7b6c2d4ad8cc4a3785283\"");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\mario\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\t3k3gzn5.default\\conduitCommon\\modules\\3.15.1.0");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.15.1.0");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://pianoapp.net/piano/piano.html", "745x391");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CommunityToolbar.ToolbarsList", "CT2800264");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CommunityToolbar.ToolbarsList2", "CT2800264");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CommunityToolbar.ToolbarsList4", "CT2800264");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Sun May 13 2012 12:38:21 GMT+0200");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CommunityToolbar.globalUserId", "afd48f27-a67a-4fd6-b643-d977939a8cfa");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2800264");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Sat Nov 10 2012 11:45:36 GMT+0100");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CommunityToolbar.notifications.alertEnabled", true);
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Thu Nov 15 2012 21:15:56 GMT+0100");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CommunityToolbar.notifications.locale", "en");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Thu Nov 15 2012 21:15:47 GMT+0100");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CommunityToolbar.notifications.userId", "f3aa3d57-6283-4516-bcb4-4d43774c567f");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("CommunityToolbar.originalHomepage", "hxxp://www.web.de/");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("Smartbar.ConduitSearchEngineList", "midikar Customized Web Search");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("Smartbar.TBHomepagesList", "hxxp://search.qasite.com/?CUI=UN14905874797491858&ctid=CT2800264&SearchSource=13");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("Smartbar.TBSearchEngineList", "midikar Customized Web Search");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("Smartbar.keywordURLSelectedCTID", "CT2800264");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("browser.newtab.url", "chrome://unitedtb/content/newtab/newtab-page.xhtml");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("browser.search.defaultenginename", "istartsurf");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("browser.search.defaultthis.engineName", "midikar Customized Web Search");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("browser.search.selectedEngine", "istartsurf");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("extensions.BabylonToolbar.admin", false);
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("extensions.BabylonToolbar.aflt", "babsst");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("extensions.BabylonToolbar.autoRvrt", "false");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("extensions.BabylonToolbar.dfltLng", "en");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("extensions.BabylonToolbar.excTlbr", false);
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("extensions.BabylonToolbar.id", "b45b59cd0000000000000022fa12bf21");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("extensions.BabylonToolbar.instlDay", "15686");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("extensions.BabylonToolbar.instlRef", "sst");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("extensions.BabylonToolbar.rvrt", "false");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("extensions.BabylonToolbar.tlbrId", "base");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=b45b59cd0000000000000022fa12bf21&q=");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("extensions.BabylonToolbar.vrsn", "1.8.4.9");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("extensions.BabylonToolbar.vrsni", "1.8.4.9");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.babExt", "");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=116295&tt=5012_7");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.excTlbr", false);
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.newTab", false);
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.4.918:35:00");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("extensions.ahermanthorne45outlookcom61787.61787.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssfiles.com%22%5D%7D%2C%22dealply_p%22%3A%7B%2[...]
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("extensions.crossrider.bic", "1483cd9c243e5034229c45584bcec900");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("extensions.delta.admin", false);
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("extensions.delta.aflt", "babsst");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("extensions.delta.autoRvrt", "false");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("extensions.delta.dfltLng", "de");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("extensions.delta.excTlbr", false);
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("extensions.delta.ffxUnstlRst", true);
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("extensions.delta.id", "b45b59cd0000000000000022fa12bf21");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("extensions.delta.instlDay", "15943");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("extensions.delta.instlRef", "sst");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("extensions.delta.newTab", false);
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("extensions.delta.prdct", "delta");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("extensions.delta.prtnrId", "delta");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("extensions.delta.rvrt", "false");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("extensions.delta.smplGrp", "none");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("extensions.delta.tlbrId", "base");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("extensions.delta.tlbrSrchUrl", "");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("extensions.delta.vrsn", "1.8.24.6");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("extensions.delta.vrsnTs", "1.8.24.621:19:21");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("extensions.delta.vrsni", "1.8.24.6");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("extensions.delta_i.babExt", "");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("extensions.delta_i.babTrack", "affID=121284&tsp=4986");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("extensions.delta_i.srcExt", "ss");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar.admin", false);
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar.aflt", "orgnl");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar.cntry", "DE");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar.dfltLng", "");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar.dfltSrch", false);
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar.did", "10665");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar.envrmnt", "production");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar.excTlbr", false);
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar.hdrMd5", "0F2A58ECF8E1E4F7A6A3CE016DCA496A");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar.hmpg", false);
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar.id", "b45b59cd0000000000000022fa12bf21");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar.installerproductid", "26");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar.instlDay", "15532");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar.instlRef", "");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar.isDcmntCmplt", false);
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar.lastVrsnTs", "1.5.11.1411:51:39");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar.mntrvrsn", "1.2.0");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar.newTab", false);
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar.noFFXTlbr", false);
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar.ppd", "");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar.prdct", "incredibar");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar.productid", "26");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar.prtnrId", "Incredibar");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar.sg", "none");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar.smplGrp", "none");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar.tlbrId", "base");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6OyHBv6JC2&loc=IB_TB&i=26&search=");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar.upn2", "6OyHBv6JC2");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar.upn2n", "92261736220153802");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar.vrsn", "1.5.11.14");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar.vrsnTs", "1.5.11.1411:51:39");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar.vrsni", "1.5.11.14");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar_i.aflt", "orgnl");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar_i.dfltLng", "");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar_i.did", "10665");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar_i.excTlbr", false);
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar_i.id", "b45b59cd0000000000000022fa12bf21");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar_i.installerproductid", "26");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar_i.instlDay", "15532");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar_i.instlRef", "");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar_i.ms_url_id", "");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar_i.newTab", false);
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar_i.ppd", "");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar_i.prdct", "incredibar");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar_i.productid", "26");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar_i.smplGrp", "none");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar_i.tlbrId", "base");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6OyHBv6JC2&loc=IB_TB&i=26&search=");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar_i.upn2", "6OyHBv6JC2");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar_i.upn2n", "92261736220153802");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1411:51:39");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("smartbar.addressBarOwnerCTID", "CT2800264");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("smartbar.defaultSearchOwnerCTID", "CT2800264");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("smartbar.homePageOwnerCTID", "CT2800264");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("smartbar.machineId", "DBYHGWG/HO0RA8ONBPK2HGVX4NGASU4FMDHSTQEUASTT010GIDNG5XLPODPN5THLWDUH+NESYM2IVZWXBPRDYG");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.CT2800264.mam_gk_currentVersion", "312E31332E302E3137");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.CT2800264.mam_gk_currentVersion.storedInFile", false);
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.CT2800264.mam_gk_migrated_from_ls", "31");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.CT2800264.mam_gk_migrated_from_ls.storedInFile", false);
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.CT2800264.mam_gk_userBornDate", "4E2F41");
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.CT2800264.mam_gk_userBornDate.storedInFile", false);
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_whiteList", "{\"search.babylon.com\":\"q\",\"search.sweetim.com\":\"q\",\"search.imesh.net\":\"q\",\"www.search-results.com\":\"q\",\"h[...]
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}.ScriptData_WSG_blackList", "form=CONTLBbabsrc=toolbarbabsrc=tb_ssinvocationType=tb50-ie-aolsoftonic-tbsbox-en-usinvocationType=tb50-ff-aolsoftonic[...]
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}.ScriptData_WSG_referrer", "hxxp://search.babylon.com/?affID=116295&tt=5012_7&babsrc=HP_ss&mntrId=b45b59cd0000000000000022fa12bf21/8641363376981521"[...]
[t3k3gzn5.default\prefs.js] - Zeile gelöscht : user_pref("{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}.ScriptData_WSG_whiteList", "{\"search.babylon.com\":\"q\",\"search.imesh.net\":\"q\",\"www.search-results.com\":\"q\",\"home.mywebsearch.com\":\"searc[...]
-\\ Google Chrome v38.0.2125.111
[C:\Users\mario\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://mystart.incredibar.com/mb165/?search={searchTerms}&loc=IB_DS&a=6OyHBv6JC2&i=26
[C:\Users\mario\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://mystart.incredibar.com/mb165/?search={searchTerms}&loc=IB_DS&a=6OyHBv6JC2&i=26
[C:\Users\mario\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.istartsurf.com/web/?type=ds&ts=1409769840&from=tugs&uid=ST9500325AS_5VE0Z7EZXXXX5VE0Z7EZ&q={searchTerms}
[C:\Users\mario\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://search.conduit.com/Results.aspx?ctid=CT3323737&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP9385EA14-748B-4658-8197-6EB31ED94CF2&q={searchTerms}&SSPV=T2101164_sp_ie
[C:\Users\mario\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://search.conduit.com/Results.aspx?ctid=CT3323737&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP9385EA14-748B-4658-8197-6EB31ED94CF2&q={searchTerms}&SSPV=T2101164_sp_ie
[C:\Users\mario\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://trovi.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050&CUI=UN26911323135272187&UM=7
[C:\Users\mario\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://trovi.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050&CUI=UN26911323135272187&UM=7
[C:\Users\mario\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www2.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=B45B0022FA12BF21&affID=121284&tsp=4986
-\\ Opera v0.0.0.0
[C:\Users\mario\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://mystart.incredibar.com/mb165/?search={searchTerms}&loc=IB_DS&a=6OyHBv6JC2&i=26
[C:\Users\mario\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://mystart.incredibar.com/mb165/?search={searchTerms}&loc=IB_DS&a=6OyHBv6JC2&i=26
[C:\Users\mario\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.istartsurf.com/web/?type=ds&ts=1409769840&from=tugs&uid=ST9500325AS_5VE0Z7EZXXXX5VE0Z7EZ&q={searchTerms}
[C:\Users\mario\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://search.conduit.com/Results.aspx?ctid=CT3323737&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP9385EA14-748B-4658-8197-6EB31ED94CF2&q={searchTerms}&SSPV=T2101164_sp_ie
[C:\Users\mario\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://search.conduit.com/Results.aspx?ctid=CT3323737&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP9385EA14-748B-4658-8197-6EB31ED94CF2&q={searchTerms}&SSPV=T2101164_sp_ie
[C:\Users\mario\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://trovi.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050&CUI=UN26911323135272187&UM=7
[C:\Users\mario\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://trovi.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050&CUI=UN26911323135272187&UM=7
[C:\Users\mario\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www2.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=B45B0022FA12BF21&affID=121284&tsp=4986
*************************
AdwCleaner[R0].txt - [55819 octets] - [13/11/2014 18:22:11]
AdwCleaner[R1].txt - [56884 octets] - [13/11/2014 17:53:45]
AdwCleaner[S0].txt - [61256 octets] - [13/11/2014 17:55:36]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [61317 octets] ##########
|
|
17.11.2014, 20:09
| #6 |
| /// TB-Ausbilder | Frst und addition logfiles Servus, von AdwCleaner hab ich doch gar nichts gesagt...  Alle Schritte bitte ausführen, auch AdwCleaner nochmal: Schritt 1 Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Schritt 2 Downloade Dir bitte  Malwarebytes Anti-Malware
Schritt 3 Bitte deaktiviere dein Anti-Viren-Programm, da es das Ergebnis beeinflussen oder ggf. die Bereinigung stören kann. Bitte lade dir zoek.exe von hier: http://hijackthis.nl/smeenk/ und speichere die Datei auf deinem Desktop.
Schritt 4
Bitte poste mit deiner nächsten Antwort
|
|
17.11.2014, 22:06
| #7 |
| | LOGDATEI AdwCleaner,MBAM undZoek SERVUS ICH HOFFE DAS ICH DIESMAL ALLES RICHTIG GEMACHT HABE VIELEN DANK FÜR DEIN BEMÜHEN P.S MUSS AUFTEILEN WEIL NICHT ALLES PASST Code:
ATTFilter # AdwCleaner v4.101 - Bericht erstellt am 17/11/2014 um 20:40:30
# Aktualisiert 09/11/2014 von Xplode
# Database : 2014-11-16.1 [Live]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzername : mario - MARIO-PC
# Gestartet von : C:\Users\mario\Desktop\AdwCleaner_4.101.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
***** [ Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17420
-\\ Mozilla Firefox v33.1 (x86 de)
-\\ Google Chrome v38.0.2125.111
[C:\Users\mario\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://search.conduit.com/Results.aspx?ctid=CT3323737&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP9385EA14-748B-4658-8197-6EB31ED94CF2&q={searchTerms}&SSPV=T2101164_sp_ie
[C:\Users\mario\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://search.conduit.com/Results.aspx?ctid=CT3323737&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP9385EA14-748B-4658-8197-6EB31ED94CF2&q={searchTerms}&SSPV=T2101164_sp_ie
[C:\Users\mario\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://mystart.incredibar.com/mb165/?search={searchTerms}&loc=IB_DS&a=6OyHBv6JC2&i=26
[C:\Users\mario\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://mystart.incredibar.com/mb165/?search={searchTerms}&loc=IB_DS&a=6OyHBv6JC2&i=26
[C:\Users\mario\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://trovi.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050&CUI=UN26911323135272187&UM=7
[C:\Users\mario\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://trovi.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050&CUI=UN26911323135272187&UM=7
[C:\Users\mario\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.istartsurf.com/web/?type=ds&ts=1409769840&from=tugs&uid=ST9500325AS_5VE0Z7EZXXXX5VE0Z7EZ&q={searchTerms}
[C:\Users\mario\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www2.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=B45B0022FA12BF21&affID=121284&tsp=4986
-\\ Opera v0.0.0.0
[C:\Users\mario\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://search.conduit.com/Results.aspx?ctid=CT3323737&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP9385EA14-748B-4658-8197-6EB31ED94CF2&q={searchTerms}&SSPV=T2101164_sp_ie
[C:\Users\mario\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://search.conduit.com/Results.aspx?ctid=CT3323737&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP9385EA14-748B-4658-8197-6EB31ED94CF2&q={searchTerms}&SSPV=T2101164_sp_ie
[C:\Users\mario\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://mystart.incredibar.com/mb165/?search={searchTerms}&loc=IB_DS&a=6OyHBv6JC2&i=26
[C:\Users\mario\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://mystart.incredibar.com/mb165/?search={searchTerms}&loc=IB_DS&a=6OyHBv6JC2&i=26
[C:\Users\mario\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://trovi.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050&CUI=UN26911323135272187&UM=7
[C:\Users\mario\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://trovi.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050&CUI=UN26911323135272187&UM=7
[C:\Users\mario\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.istartsurf.com/web/?type=ds&ts=1409769840&from=tugs&uid=ST9500325AS_5VE0Z7EZXXXX5VE0Z7EZ&q={searchTerms}
[C:\Users\mario\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www2.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=B45B0022FA12BF21&affID=121284&tsp=4986
*************************
AdwCleaner[R0].txt - [55819 octets] - [13/11/2014 18:22:11]
AdwCleaner[R1].txt - [56884 octets] - [13/11/2014 17:53:45]
AdwCleaner[R2].txt - [3026 octets] - [13/11/2014 18:50:59]
AdwCleaner[R3].txt - [3086 octets] - [17/11/2014 20:34:01]
AdwCleaner[R4].txt - [2947 octets] - [17/11/2014 20:37:44]
AdwCleaner[S0].txt - [61398 octets] - [13/11/2014 17:55:36]
AdwCleaner[S1].txt - [4671 octets] - [17/11/2014 20:40:30]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [4731 octets] ##########
Malwarebytes Anti-Malware
www.malwarebytes.org
Suchlauf Datum: 17.11.2014
Suchlauf-Zeit: 20:44:49
Logdatei: mbam.txt
Administrator: Ja
Version: 2.00.3.1025
Malware Datenbank: v2014.11.17.06
Rootkit Datenbank: v2014.11.12.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Selbstschutz: Deaktiviert
Betriebssystem: Windows 7 Service Pack 1
CPU: x86
Dateisystem: NTFS
Benutzer: mario
Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 334789
Verstrichene Zeit: 21 Min, 56 Sek
Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert
Prozesse: 0
(Keine schädliche Elemente erkannt)
Module: 0
(Keine schädliche Elemente erkannt)
Registrierungsschlüssel: 6
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, In Quarantäne, [35a5310ba7d5a393ed50f3ca22e0fa06],
PUP.Optional.BrowsersApp.A, HKLM\SOFTWARE\Browsers Apps -, In Quarantäne, [617945f78eeee74f7919d96ef90ad32d],
PUP.Optional.BrowsersApp.A, HKLM\SOFTWARE\Browsers Apps --nv, In Quarantäne, [5a804bf1790396a08210153247bc9a66],
PUP.Optional.Incredibar.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\dlnembnfbcpjnepmfjmngjenhhajpdfd, In Quarantäne, [687259e315672c0a4ff7bfa10ef5a759],
PUP.Optional.BrowsersApp.A, HKU\S-1-5-21-943191095-2846990741-2943127497-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Browsers Apps -, Löschen bei Neustart, [c11953e9413b96a0830dca7d4fb4f60a],
PUP.Optional.FastStart.A, HKU\S-1-5-21-943191095-2846990741-2943127497-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\EXTENDS, Löschen bei Neustart, [11c9b488b9c3092d36e357e906fd6c94],
Registrierungswerte: 1
PUP.Optional.FastStart.A, HKU\S-1-5-21-943191095-2846990741-2943127497-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\EXTENDS|appid, faststartff@gmail.com, Löschen bei Neustart, [11c9b488b9c3092d36e357e906fd6c94]
Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)
Ordner: 14
PUP.Optional.BrowsersApp.A, C:\Program Files\Browsers Apps -, In Quarantäne, [538740fcadcf50e61fcb939121e220e0],
PUP.Optional.CrossRider.A, C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\t3k3gzn5.default\extensions\herman.thorne45@outlook.com, In Quarantäne, [6e6cdc602f4df83e18daf232ff04857b],
PUP.Optional.CrossRider.A, C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\t3k3gzn5.default\extensions\herman.thorne45@outlook.com\chrome, In Quarantäne, [6e6cdc602f4df83e18daf232ff04857b],
PUP.Optional.CrossRider.A, C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\t3k3gzn5.default\extensions\herman.thorne45@outlook.com\chrome\content, In Quarantäne, [6e6cdc602f4df83e18daf232ff04857b],
PUP.Optional.CrossRider.A, C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\t3k3gzn5.default\extensions\herman.thorne45@outlook.com\chrome\content\api, In Quarantäne, [6e6cdc602f4df83e18daf232ff04857b],
PUP.Optional.CrossRider.A, C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\t3k3gzn5.default\extensions\herman.thorne45@outlook.com\chrome\content\core, In Quarantäne, [6e6cdc602f4df83e18daf232ff04857b],
PUP.Optional.CrossRider.A, C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\t3k3gzn5.default\extensions\herman.thorne45@outlook.com\defaults, In Quarantäne, [6e6cdc602f4df83e18daf232ff04857b],
PUP.Optional.CrossRider.A, C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\t3k3gzn5.default\extensions\herman.thorne45@outlook.com\defaults\preferences, In Quarantäne, [6e6cdc602f4df83e18daf232ff04857b],
PUP.Optional.CrossRider.A, C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\t3k3gzn5.default\extensions\herman.thorne45@outlook.com\extensionData, In Quarantäne, [6e6cdc602f4df83e18daf232ff04857b],
PUP.Optional.CrossRider.A, C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\t3k3gzn5.default\extensions\herman.thorne45@outlook.com\extensionData\plugins, In Quarantäne, [6e6cdc602f4df83e18daf232ff04857b],
PUP.Optional.CrossRider.A, C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\t3k3gzn5.default\extensions\herman.thorne45@outlook.com\extensionData\userCode, In Quarantäne, [6e6cdc602f4df83e18daf232ff04857b],
PUP.Optional.CrossRider.A, C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\t3k3gzn5.default\extensions\herman.thorne45@outlook.com\locale, In Quarantäne, [6e6cdc602f4df83e18daf232ff04857b],
PUP.Optional.CrossRider.A, C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\t3k3gzn5.default\extensions\herman.thorne45@outlook.com\locale\en-US, In Quarantäne, [6e6cdc602f4df83e18daf232ff04857b],
PUP.Optional.CrossRider.A, C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\t3k3gzn5.default\extensions\herman.thorne45@outlook.com\skin, In Quarantäne, [6e6cdc602f4df83e18daf232ff04857b],
Dateien: 118
PUP.Optional.CrossRider.A, C:\Program Files\Browsers Apps -\utils.exe, In Quarantäne, [a634c3791d5f0036a8682d2cdb25a55b],
PUP.Optional.BrowsersApp.A, C:\Program Files\Browsers Apps -\1293297481.mxaddon, In Quarantäne, [538740fcadcf50e61fcb939121e220e0],
PUP.Optional.BrowsersApp.A, C:\Program Files\Browsers Apps -\586cb011-dfe6-48ed-a55b-603dfa1c2c43.crx, In Quarantäne, [538740fcadcf50e61fcb939121e220e0],
PUP.Optional.BrowsersApp.A, C:\Program Files\Browsers Apps -\bgNova.html, In Quarantäne, [538740fcadcf50e61fcb939121e220e0],
PUP.Optional.BrowsersApp.A, C:\Program Files\Browsers Apps -\d83a4f25-76ec-4752-b903-d899c1c6e70d.crx, In Quarantäne, [538740fcadcf50e61fcb939121e220e0],
PUP.Optional.BrowsersApp.A, C:\Program Files\Browsers Apps -\f25128c7-bbfe-4598-b1d8-0fd17d6e8375.crx, In Quarantäne, [538740fcadcf50e61fcb939121e220e0],
PUP.Optional.BrowsersApp.A, C:\Program Files\Browsers Apps -\f25128c7-bbfe-4598-b1d8-0fd17d6e8375.xpi, In Quarantäne, [538740fcadcf50e61fcb939121e220e0],
PUP.Optional.CrossRider.A, C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\t3k3gzn5.default\extensions\herman.thorne45@outlook.com\chrome.manifest, In Quarantäne, [6e6cdc602f4df83e18daf232ff04857b],
PUP.Optional.CrossRider.A, C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\t3k3gzn5.default\extensions\herman.thorne45@outlook.com\install.rdf, In Quarantäne, [6e6cdc602f4df83e18daf232ff04857b],
PUP.Optional.CrossRider.A, C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\t3k3gzn5.default\extensions\herman.thorne45@outlook.com\chrome\content\1c98dd9ad88422d47798db4e15ecc8fa.js, In Quarantäne, [6e6cdc602f4df83e18daf232ff04857b],
PUP.Optional.CrossRider.A, C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\t3k3gzn5.default\extensions\herman.thorne45@outlook.com\chrome\content\540d9a1655ed970f91047a9d430cce6b.js, In Quarantäne, [6e6cdc602f4df83e18daf232ff04857b],
PUP.Optional.CrossRider.A, C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\t3k3gzn5.default\extensions\herman.thorne45@outlook.com\chrome\content\62663c062d45b9309ad169e7adede775.js, In Quarantäne, [6e6cdc602f4df83e18daf232ff04857b],
PUP.Optional.CrossRider.A, C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\t3k3gzn5.default\extensions\herman.thorne45@outlook.com\chrome\content\8eda338f31e460cf24973a5524b98c93.js, In Quarantäne, [6e6cdc602f4df83e18daf232ff04857b],
PUP.Optional.CrossRider.A, C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\t3k3gzn5.default\extensions\herman.thorne45@outlook.com\chrome\content\a912d99f4d410bff2f4e91c1d3097fd6.js, In Quarantäne, [6e6cdc602f4df83e18daf232ff04857b],
PUP.Optional.CrossRider.A, C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\t3k3gzn5.default\extensions\herman.thorne45@outlook.com\chrome\content\background.html, In Quarantäne, [6e6cdc602f4df83e18daf232ff04857b],
PUP.Optional.CrossRider.A, C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\t3k3gzn5.default\extensions\herman.thorne45@outlook.com\chrome\content\browser.xul, In Quarantäne, [6e6cdc602f4df83e18daf232ff04857b],
PUP.Optional.CrossRider.A, C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\t3k3gzn5.default\extensions\herman.thorne45@outlook.com\chrome\content\dialog.js, In Quarantäne, [6e6cdc602f4df83e18daf232ff04857b],
PUP.Optional.CrossRider.A, C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\t3k3gzn5.default\extensions\herman.thorne45@outlook.com\chrome\content\e0306f9460bdb810ddfe7f694cf60745.js, In Quarantäne, [6e6cdc602f4df83e18daf232ff04857b],
PUP.Optional.CrossRider.A, C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\t3k3gzn5.default\extensions\herman.thorne45@outlook.com\chrome\content\ffCoreFilesIndex.txt, In Quarantäne, [6e6cdc602f4df83e18daf232ff04857b],
PUP.Optional.CrossRider.A, C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\t3k3gzn5.default\extensions\herman.thorne45@outlook.com\chrome\content\options.js, In Quarantäne, [6e6cdc602f4df83e18daf232ff04857b],
PUP.Optional.CrossRider.A, C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\t3k3gzn5.default\extensions\herman.thorne45@outlook.com\chrome\content\options.xul, In Quarantäne, [6e6cdc602f4df83e18daf232ff04857b],
PUP.Optional.CrossRider.A, C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\t3k3gzn5.default\extensions\herman.thorne45@outlook.com\chrome\content\search_dialog.xul, In Quarantäne, [6e6cdc602f4df83e18daf232ff04857b],
PUP.Optional.CrossRider.A, C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\t3k3gzn5.default\extensions\herman.thorne45@outlook.com\chrome\content\api\6b327879e27fc05b2682b4b81087c027.js, In Quarantäne, [6e6cdc602f4df83e18daf232ff04857b],
PUP.Optional.CrossRider.A, C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\t3k3gzn5.default\extensions\herman.thorne45@outlook.com\chrome\content\api\2667369bd2324d78506a58cb581df976.js, In Quarantäne, [6e6cdc602f4df83e18daf232ff04857b],
PUP.Optional.CrossRider.A, C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\t3k3gzn5.default\extensions\herman.thorne45@outlook.com\chrome\content\api\2e5156511dfbf58f2cc4fdfb4a8f58d8.js, In Quarantäne, [6e6cdc602f4df83e18daf232ff04857b],
PUP.Optional.CrossRider.A, C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\t3k3gzn5.default\extensions\herman.thorne45@outlook.com\chrome\content\api\32e48605d68f24060c800893210cee45.js, In Quarantäne, [6e6cdc602f4df83e18daf232ff04857b],
PUP.Optional.CrossRider.A, C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\t3k3gzn5.default\extensions\herman.thorne45@outlook.com\chrome\content\api\41b469fd88fd5b8b5dfba158fbf32d81.js, In Quarantäne, [6e6cdc602f4df83e18daf232ff04857b],
PUP.Optional.CrossRider.A, C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\t3k3gzn5.default\extensions\herman.thorne45@outlook.com\chrome\content\api\47245268f2a2207f4eb26fcb1ba6fdbc.js, In Quarantäne, [6e6cdc602f4df83e18daf232ff04857b],
PUP.Optional.CrossRider.A, C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\t3k3gzn5.default\extensions\herman.thorne45@outlook.com\chrome\content\api\47a2a97a30165200439da30817645394.js, In Quarantäne, [6e6cdc602f4df83e18daf232ff04857b],
PUP.Optional.CrossRider.A, C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\t3k3gzn5.default\extensions\herman.thorne45@outlook.com\chrome\content\api\5f9568a0fe560de2f7144672dc3d8186.js, In Quarantäne, [6e6cdc602f4df83e18daf232ff04857b],
PUP.Optional.CrossRider.A, C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\t3k3gzn5.default\extensions\herman.thorne45@outlook.com\chrome\content\api\6384e7fff2737eae8691c9fc3c5fe7b3.js, In Quarantäne, [6e6cdc602f4df83e18daf232ff04857b],
PUP.Optional.CrossRider.A, C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\t3k3gzn5.default\extensions\herman.thorne45@outlook.com\chrome\content\api\8981527b3ffe94ab1fcd2caa56a9c73a.js, In Quarantäne, [6e6cdc602f4df83e18daf232ff04857b],
PUP.Optional.CrossRider.A, C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\t3k3gzn5.default\extensions\herman.thorne45@outlook.com\chrome\content\api\b528e12f6139d26374acb05f20497f63.js, In Quarantäne, [6e6cdc602f4df83e18daf232ff04857b],
PUP.Optional.CrossRider.A, C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\t3k3gzn5.default\extensions\herman.thorne45@outlook.com\chrome\content\api\c28f804e081686b9c4a4bf38ca3d5388.js, In Quarantäne, [6e6cdc602f4df83e18daf232ff04857b],
PUP.Optional.CrossRider.A, C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\t3k3gzn5.default\extensions\herman.thorne45@outlook.com\chrome\content\api\ca2e8b4b1ad0ae2f19d66962cc204da9.js, In Quarantäne, [6e6cdc602f4df83e18daf232ff04857b],
PUP.Optional.CrossRider.A, C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\t3k3gzn5.default\extensions\herman.thorne45@outlook.com\chrome\content\api\d2edec92ae3a2ac6cea32d3d9f96ee83.js, In Quarantäne, [6e6cdc602f4df83e18daf232ff04857b],
PUP.Optional.CrossRider.A, C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\t3k3gzn5.default\extensions\herman.thorne45@outlook.com\chrome\content\api\e61cf5d14ec54d959d818a9f12f1f3cc.js, In Quarantäne, [6e6cdc602f4df83e18daf232ff04857b],
PUP.Optional.CrossRider.A, C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\t3k3gzn5.default\extensions\herman.thorne45@outlook.com\chrome\content\api\fd495d719e396ac8a93e6b1a2c1c37f7.js, In Quarantäne, [6e6cdc602f4df83e18daf232ff04857b],
PUP.Optional.CrossRider.A, C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\t3k3gzn5.default\extensions\herman.thorne45@outlook.com\chrome\content\core\928ac70cbc7ad4ae96b71df9c5e9e6f0.js, In Quarantäne, [6e6cdc602f4df83e18daf232ff04857b],
PUP.Optional.CrossRider.A, C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\t3k3gzn5.default\extensions\herman.thorne45@outlook.com\chrome\content\core\02f2de2e29ad2e8f4a6f2c472c1b421a.js, In Quarantäne, [6e6cdc602f4df83e18daf232ff04857b],
PUP.Optional.CrossRider.A, C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\t3k3gzn5.default\extensions\herman.thorne45@outlook.com\chrome\content\core\1a59d687db0a7cf240fd7d07b2816f46.js, In Quarantäne, [6e6cdc602f4df83e18daf232ff04857b],
PUP.Optional.CrossRider.A, C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\t3k3gzn5.default\extensions\herman.thorne45@outlook.com\chrome\content\core\1c2a8671fac81a43b7f48261293ae4f0.js, In Quarantäne, [6e6cdc602f4df83e18daf232ff04857b],
PUP.Optional.CrossRider.A, C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\t3k3gzn5.default\extensions\herman.thorne45@outlook.com\chrome\content\core\21a1f4bfc22c3f68b75719f46d594ecb.js, In Quarantäne, [6e6cdc602f4df83e18daf232ff04857b],
PUP.Optional.CrossRider.A, C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\t3k3gzn5.default\extensions\herman.thorne45@outlook.com\chrome\content\core\35a45eb9b9c703a75d8a0c8c5cf6879b.js, In Quarantäne, [6e6cdc602f4df83e18daf232ff04857b],
PUP.Optional.CrossRider.A, C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\t3k3gzn5.default\extensions\herman.thorne45@outlook.com\chrome\content\core\391d585a3a86999ddcc1fb0fa5076f11.js, In Quarantäne, [6e6cdc602f4df83e18daf232ff04857b],
PUP.Optional.CrossRider.A, C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\t3k3gzn5.default\extensions\herman.thorne45@outlook.com\chrome\content\core\48d096a2e2b8ec7f59084f162ca008f3.js, In Quarantäne, [6e6cdc602f4df83e18daf232ff04857b],
PUP.Optional.CrossRider.A, C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\t3k3gzn5.default\extensions\herman.thorne45@outlook.com\chrome\content\core\5e4558400c1b5f2dd84b62ad2983eded.js, In Quarantäne, [6e6cdc602f4df83e18daf232ff04857b],
PUP.Optional.CrossRider.A, C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\t3k3gzn5.default\extensions\herman.thorne45@outlook.com\chrome\content\core\64b483dacea8367633b669dfb462514f.js, In Quarantäne, [6e6cdc602f4df83e18daf232ff04857b],
PUP.Optional.CrossRider.A, C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\t3k3gzn5.default\extensions\herman.thorne45@outlook.com\chrome\content\core\6d05abdcedf4d1baa11de3b63bacb006.js, In Quarantäne, [6e6cdc602f4df83e18daf232ff04857b],
PUP.Optional.CrossRider.A, C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\t3k3gzn5.default\extensions\herman.thorne45@outlook.com\chrome\content\core\74558931c0cb496483a93efe5d04c9f8.js, In Quarantäne, [6e6cdc602f4df83e18daf232ff04857b],
PUP.Optional.CrossRider.A, C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\t3k3gzn5.default\extensions\herman.thorne45@outlook.com\chrome\content\core\7554b21d77076388189248e639dc8fa6.js, In Quarantäne, [6e6cdc602f4df83e18daf232ff04857b],
PUP.Optional.CrossRider.A, C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\t3k3gzn5.default\extensions\herman.thorne45@outlook.com\chrome\content\core\8021aa483b948842ad191d5de2d09c75.js, In Quarantäne, [6e6cdc602f4df83e18daf232ff04857b],
PUP.Optional.CrossRider.A, C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\t3k3gzn5.default\extensions\herman.thorne45@outlook.com\chrome\content\core\ab852cf106ea1212d6e1de5508f266ae.js, In Quarantäne, [6e6cdc602f4df83e18daf232ff04857b],
PUP.Optional.CrossRider.A, C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\t3k3gzn5.default\extensions\herman.thorne45@outlook.com\chrome\content\core\b65c2ed99499fb5f478fd01f09306267.js, In Quarantäne, [6e6cdc602f4df83e18daf232ff04857b],
PUP.Optional.CrossRider.A, C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\t3k3gzn5.default\extensions\herman.thorne45@outlook.com\chrome\content\core\c75791c209fbe102449dabf5564ff9d0.js, In Quarantäne, [6e6cdc602f4df83e18daf232ff04857b],
PUP.Optional.CrossRider.A, C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\t3k3gzn5.default\extensions\herman.thorne45@outlook.com\chrome\content\core\ced14a434f9bf07b3b3c41fb0bcbbdd1.js, In Quarantäne, [6e6cdc602f4df83e18daf232ff04857b],
PUP.Optional.CrossRider.A, C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\t3k3gzn5.default\extensions\herman.thorne45@outlook.com\chrome\content\core\e219fc25935380d3efaa7bebd4868199.js, In Quarantäne, [6e6cdc602f4df83e18daf232ff04857b],
PUP.Optional.CrossRider.A, C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\t3k3gzn5.default\extensions\herman.thorne45@outlook.com\chrome\content\core\ea86c006d49cbf65aca3e8263a88ef96.js, In Quarantäne, [6e6cdc602f4df83e18daf232ff04857b],
PUP.Optional.CrossRider.A, C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\t3k3gzn5.default\extensions\herman.thorne45@outlook.com\chrome\content\core\installer.js, In Quarantäne, [6e6cdc602f4df83e18daf232ff04857b],
PUP.Optional.CrossRider.A, C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\t3k3gzn5.default\extensions\herman.thorne45@outlook.com\defaults\preferences\prefs.js, In Quarantäne, [6e6cdc602f4df83e18daf232ff04857b],
PUP.Optional.CrossRider.A, C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\t3k3gzn5.default\extensions\herman.thorne45@outlook.com\extensionData\manifest.xml, In Quarantäne, [6e6cdc602f4df83e18daf232ff04857b],
PUP.Optional.CrossRider.A, C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\t3k3gzn5.default\extensions\herman.thorne45@outlook.com\extensionData\plugins.json, In Quarantäne, [6e6cdc602f4df83e18daf232ff04857b],
PUP.Optional.CrossRider.A, C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\t3k3gzn5.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\102.js, In Quarantäne, [6e6cdc602f4df83e18daf232ff04857b],
PUP.Optional.CrossRider.A, C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\t3k3gzn5.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\104.js, In Quarantäne, [6e6cdc602f4df83e18daf232ff04857b],
PUP.Optional.CrossRider.A, C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\t3k3gzn5.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\13.js, In Quarantäne, [6e6cdc602f4df83e18daf232ff04857b],
PUP.Optional.CrossRider.A, C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\t3k3gzn5.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\14.js, In Quarantäne, [6e6cdc602f4df83e18daf232ff04857b],
PUP.Optional.CrossRider.A, C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\t3k3gzn5.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\16.js, In Quarantäne, [6e6cdc602f4df83e18daf232ff04857b],
PUP.Optional.CrossRider.A, C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\t3k3gzn5.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\17.js, In Quarantäne, [6e6cdc602f4df83e18daf232ff04857b],
PUP.Optional.CrossRider.A, C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\t3k3gzn5.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\180.js, In Quarantäne, [6e6cdc602f4df83e18daf232ff04857b],
PUP.Optional.CrossRider.A, C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\t3k3gzn5.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\184.js, In Quarantäne, [6e6cdc602f4df83e18daf232ff04857b],
PUP.Optional.CrossRider.A, C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\t3k3gzn5.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\192.js, In Quarantäne, [6e6cdc602f4df83e18daf232ff04857b],
PUP.Optional.CrossRider.A, C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\t3k3gzn5.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\193.js, In Quarantäne, [6e6cdc602f4df83e18daf232ff04857b],
PUP.Optional.CrossRider.A, C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\t3k3gzn5.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\195.js, In Quarantäne, [6e6cdc602f4df83e18daf232ff04857b],
PUP.Optional.CrossRider.A, C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\t3k3gzn5.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\220.js, In Quarantäne, [6e6cdc602f4df83e18daf232ff04857b],
PUP.Optional.CrossRider.A, C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\t3k3gzn5.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\221.js, In Quarantäne, [6e6cdc602f4df83e18daf232ff04857b],
PUP.Optional.CrossRider.A, C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\t3k3gzn5.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\223.js, In Quarantäne, [6e6cdc602f4df83e18daf232ff04857b],
PUP.Optional.CrossRider.A, C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\t3k3gzn5.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\226.js, In Quarantäne, [6e6cdc602f4df83e18daf232ff04857b],
PUP.Optional.CrossRider.A, C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\t3k3gzn5.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\233.js, In Quarantäne, [6e6cdc602f4df83e18daf232ff04857b],
PUP.Optional.CrossRider.A, C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\t3k3gzn5.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\242.js, In Quarantäne, [6e6cdc602f4df83e18daf232ff04857b],
PUP.Optional.CrossRider.A, C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\t3k3gzn5.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\244.js, In Quarantäne, [6e6cdc602f4df83e18daf232ff04857b],
PUP.Optional.CrossRider.A, C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\t3k3gzn5.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\246.js, In Quarantäne, [6e6cdc602f4df83e18daf232ff04857b],
PUP.Optional.CrossRider.A, C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\t3k3gzn5.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\260.js, In Quarantäne, [6e6cdc602f4df83e18daf232ff04857b],
PUP.Optional.CrossRider.A, C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\t3k3gzn5.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\262.js, In Quarantäne, [6e6cdc602f4df83e18daf232ff04857b],
PUP.Optional.CrossRider.A, C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\t3k3gzn5.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\263.js, In Quarantäne, [6e6cdc602f4df83e18daf232ff04857b],
PUP.Optional.CrossRider.A, C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\t3k3gzn5.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\268.js, In Quarantäne, [6e6cdc602f4df83e18daf232ff04857b],
PUP.Optional.CrossRider.A, C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\t3k3gzn5.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\273.js, In Quarantäne, [6e6cdc602f4df83e18daf232ff04857b],
PUP.Optional.CrossRider.A, C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\t3k3gzn5.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\275.js, In Quarantäne, [6e6cdc602f4df83e18daf232ff04857b],
PUP.Optional.CrossRider.A, C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\t3k3gzn5.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\281.js, In Quarantäne, [6e6cdc602f4df83e18daf232ff04857b],
PUP.Optional.CrossRider.A, C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\t3k3gzn5.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\289.js, In Quarantäne, [6e6cdc602f4df83e18daf232ff04857b],
PUP.Optional.CrossRider.A, C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\t3k3gzn5.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\300.js, In Quarantäne, [6e6cdc602f4df83e18daf232ff04857b],
PUP.Optional.CrossRider.A, C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\t3k3gzn5.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\302.js, In Quarantäne, [6e6cdc602f4df83e18daf232ff04857b],
PUP.Optional.CrossRider.A, C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\t3k3gzn5.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\314.js, In Quarantäne, [6e6cdc602f4df83e18daf232ff04857b],
PUP.Optional.CrossRider.A, C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\t3k3gzn5.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\324.js, In Quarantäne, [6e6cdc602f4df83e18daf232ff04857b],
PUP.Optional.CrossRider.A, C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\t3k3gzn5.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\4.js, In Quarantäne, [6e6cdc602f4df83e18daf232ff04857b],
PUP.Optional.CrossRider.A, C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\t3k3gzn5.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\47.js, In Quarantäne, [6e6cdc602f4df83e18daf232ff04857b],
PUP.Optional.CrossRider.A, C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\t3k3gzn5.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\64.js, In Quarantäne, [6e6cdc602f4df83e18daf232ff04857b],
PUP.Optional.CrossRider.A, C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\t3k3gzn5.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\7.js, In Quarantäne, [6e6cdc602f4df83e18daf232ff04857b],
PUP.Optional.CrossRider.A, C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\t3k3gzn5.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\78.js, In Quarantäne, [6e6cdc602f4df83e18daf232ff04857b],
PUP.Optional.CrossRider.A, C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\t3k3gzn5.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\9.js, In Quarantäne, [6e6cdc602f4df83e18daf232ff04857b],
PUP.Optional.CrossRider.A, C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\t3k3gzn5.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\91.js, In Quarantäne, [6e6cdc602f4df83e18daf232ff04857b],
PUP.Optional.CrossRider.A, C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\t3k3gzn5.default\extensions\herman.thorne45@outlook.com\extensionData\plugins\93.js, In Quarantäne, [6e6cdc602f4df83e18daf232ff04857b],
PUP.Optional.CrossRider.A, C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\t3k3gzn5.default\extensions\herman.thorne45@outlook.com\extensionData\userCode\background.js, In Quarantäne, [6e6cdc602f4df83e18daf232ff04857b],
PUP.Optional.CrossRider.A, C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\t3k3gzn5.default\extensions\herman.thorne45@outlook.com\extensionData\userCode\extension.js, In Quarantäne, [6e6cdc602f4df83e18daf232ff04857b],
PUP.Optional.CrossRider.A, C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\t3k3gzn5.default\extensions\herman.thorne45@outlook.com\locale\en-US\translations.dtd, In Quarantäne, [6e6cdc602f4df83e18daf232ff04857b],
PUP.Optional.CrossRider.A, C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\t3k3gzn5.default\extensions\herman.thorne45@outlook.com\skin\button1.png, In Quarantäne, [6e6cdc602f4df83e18daf232ff04857b],
PUP.Optional.CrossRider.A, C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\t3k3gzn5.default\extensions\herman.thorne45@outlook.com\skin\button2.png, In Quarantäne, [6e6cdc602f4df83e18daf232ff04857b],
PUP.Optional.CrossRider.A, C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\t3k3gzn5.default\extensions\herman.thorne45@outlook.com\skin\button3.png, In Quarantäne, [6e6cdc602f4df83e18daf232ff04857b],
PUP.Optional.CrossRider.A, C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\t3k3gzn5.default\extensions\herman.thorne45@outlook.com\skin\button4.png, In Quarantäne, [6e6cdc602f4df83e18daf232ff04857b],
PUP.Optional.CrossRider.A, C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\t3k3gzn5.default\extensions\herman.thorne45@outlook.com\skin\button5.png, In Quarantäne, [6e6cdc602f4df83e18daf232ff04857b],
PUP.Optional.CrossRider.A, C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\t3k3gzn5.default\extensions\herman.thorne45@outlook.com\skin\crossrider_statusbar.png, In Quarantäne, [6e6cdc602f4df83e18daf232ff04857b],
PUP.Optional.CrossRider.A, C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\t3k3gzn5.default\extensions\herman.thorne45@outlook.com\skin\icon128.png, In Quarantäne, [6e6cdc602f4df83e18daf232ff04857b],
PUP.Optional.CrossRider.A, C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\t3k3gzn5.default\extensions\herman.thorne45@outlook.com\skin\icon16.png, In Quarantäne, [6e6cdc602f4df83e18daf232ff04857b],
PUP.Optional.CrossRider.A, C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\t3k3gzn5.default\extensions\herman.thorne45@outlook.com\skin\icon24.png, In Quarantäne, [6e6cdc602f4df83e18daf232ff04857b],
PUP.Optional.CrossRider.A, C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\t3k3gzn5.default\extensions\herman.thorne45@outlook.com\skin\icon48.png, In Quarantäne, [6e6cdc602f4df83e18daf232ff04857b],
PUP.Optional.CrossRider.A, C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\t3k3gzn5.default\extensions\herman.thorne45@outlook.com\skin\panelarrow-up.png, In Quarantäne, [6e6cdc602f4df83e18daf232ff04857b],
PUP.Optional.CrossRider.A, C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\t3k3gzn5.default\extensions\herman.thorne45@outlook.com\skin\popup.html, In Quarantäne, [6e6cdc602f4df83e18daf232ff04857b],
PUP.Optional.CrossRider.A, C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\t3k3gzn5.default\extensions\herman.thorne45@outlook.com\skin\skin.css, In Quarantäne, [6e6cdc602f4df83e18daf232ff04857b],
PUP.Optional.CrossRider.A, C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\t3k3gzn5.default\extensions\herman.thorne45@outlook.com\skin\update.css, In Quarantäne, [6e6cdc602f4df83e18daf232ff04857b],
Physische Sektoren: 0
(Keine schädliche Elemente erkannt)
(end)
Zoek.exe v5.0.0.0 Updated 16-November-2014
Tool run by mario on 17.11.2014 at 20:43:45,44.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\mario\Desktop\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
17.11.2014 20:47:49 Zoek.exe System Restore Point Created Succesfully.
==== FireFox Fix ======================
Deleted from C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\t3k3gzn5.default\prefs.js:
user_pref("browser.startup.homepage", "www.facebook.de");
Added to C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\t3k3gzn5.default\prefs.js:
user_pref("browser.startup.homepage", "hxxp://www.google.com");
user_pref("browser.search.defaulturl", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "hxxp://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);
Deleted from C:\Users\mario\AppData\Roaming\Netscape\Navigator\Profiles\pkg54glr.default\prefs.js:
Added to C:\Users\mario\AppData\Roaming\Netscape\Navigator\Profiles\pkg54glr.default\prefs.js:
user_pref("browser.startup.homepage", "hxxp://www.google.com");
user_pref("browser.search.defaulturl", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "hxxp://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);
Deleted from C:\Users\mario\AppData\Roaming\TomTom\HOME\Profiles\f2bgtlj1.default\prefs.js:
Added to C:\Users\mario\AppData\Roaming\TomTom\HOME\Profiles\f2bgtlj1.default\prefs.js:
user_pref("browser.startup.homepage", "hxxp://www.google.com");
user_pref("browser.search.defaulturl", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "hxxp://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);
==== Deleting Files \ Folders ======================
"C:\user.js" deleted
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{23fcfd51-4958-4f00-80a3-ae97e717ed8b}"="C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5" [01.01.2001 02:09]
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"{e4f94d1e-2f53-401e-8885-681602c0ddd8}"="C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi" [04.04.2014 11:36]
==== Firefox Extensions ======================
ProfilePath: C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\t3k3gzn5.default
- Undetermined - {ACAA314B-EEBA-48e4-AD47-84E31C44796C}
- Undetermined - toolbar@web.de
- Undetermined - herman.thorne45@outlook.com
- Undetermined - {e97a8b1d-ea32-4839-9c97-b92ab27cb15e}
- WEB.DE MailCheck - %ProfilePath%\extensions\toolbar@web.de
- midikar - %ProfilePath%\extensions\{e97a8b1d-ea32-4839-9c97-b92ab27cb15e}
- ProxTube - Gesperrte YouTube Videos entsperren - %ProfilePath%\extensions\ich@maltegoetz.de.xpi
ProfilePath: C:\Users\mario\AppData\Roaming\Netscape\Navigator\Profiles\pkg54glr.default
- Undetermined - C:\Program Files\Netscape\Navigator 9\extensions\netscape9migrator@flock.com
- Undetermined - C:\Program Files\Netscape\Navigator 9\extensions\netstripe@netscape.com
ProfilePath: C:\Users\mario\AppData\Roaming\TomTom\HOME\Profiles\f2bgtlj1.default
- Map status indicator - C:\Program Files\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com
- TomTom HOME default theme - C:\Program Files\TomTom HOME 2\xul\extensions\baseTheme@tomtom.com
AppDir: C:\Program Files\Mozilla Firefox
- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==== Firefox Plugins ======================
Profilepath: C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\t3k3gzn5.default
D2377C9458EFEB094E38B8C874AA214C - C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll - Google Update
E7006BB5611298DBDD03FE3519C19AC2 - C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll - Java(TM) Platform SE 8 U25
238F239EAEFF7E3E782913D599084E18 - C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 8.0.250.18
67D325B5AEB28E381B84E8DE1A90C7A8 - C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_223.dll - Shockwave Flash
64C4ADE063A9C93D3BAE09922AD90C27 - C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll - Adobe Acrobat
446BCAE59E26321802E000FC3E0C390A - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
3CD19649B2C3023D65E67C056457A2BC - C:\Users\mario\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll - Facebook Video Calling Plugin
893BF7D2261C56C24F813405D9D018E0 - c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll - Silverlight Plug-In
3B00376AE69AC2E815425E54DEBFF750 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll - Photo Gallery
F8A0EAE68AD2869B13508828F4570635 - C:\Users\mario\AppData\Local\PagePlace\npPagePlaceStarter.dll - PagePlace Starter plugin
A66A630E101E7B5CF0946F34935660CC - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll - DivX Plus Web Player
9F8210675BD2ACC283959BB33F0307DF - C:\Windows\system32\Adobe\Director\np32dsw.dll - Shockwave for Director / Shockwave for Director
B938C1AE3ADCE166190895685B0BEB0D - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll - DivX VOD Helper Plug-in
8DA2ED6B04EA33F2EAE8BA883F903729 - c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrlui.dll - Microsoft® Silverlight
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://www.facebook.de/"
"Default_Page_URL"="hxxp://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="hxxp://www.google.com"
"Default_Page_URL"="hxxp://www.google.com"
"Start Page"="hxxp://www.google.com"
"Search Page"="hxxp://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
"Default_Page_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR"
{22FAACBA-E5CE-4A7E-8C1A-32B5C840F4D9} Sichere Suche Url="hxxp://de.search.yahoo.com/search?fr=mcafee&p={SearchTerms}"
{462DBD11-50B6-4729-A19B-6CEFEB16DCD0} 1und1 Suche Url="hxxp://go.1und1.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8"
{4B0E8FA1-5355-41B8-981D-A32F6C1D8362} GMX Suche Url="hxxp://go.gmx.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7PLXB_deDE611"
{99F56934-85E6-4298-83E6-529910F9802A} Englische Ergebnisse Url="hxxp://go.mail.com/tb/en-us/ie_searchplugin/?q={searchTerms}&enc=UTF-8"
{C3FB7335-8FD3-46D3-BDFD-9A923343E753} WEB.DE Suche Url="hxxp://go.web.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8"
{C89738FB-E293-45FF-92B5-01EF65686D1B} (www.google.com) Google Url="https://www.google.com/search?q={searchTerms}"
{FC7E5970-0E3B-43FA-80E5-7D4E0290DA1B} (www.google.com)[2] Google Url="https://www.google.com/search?q={searchTerms}"
==== Reset Google Chrome ======================
C:\Users\mario\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\mario\AppData\Roaming\Opera Software\Opera Stable\Preferences was reset successfully
C:\Users\mario\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\mario\AppData\Roaming\Opera Software\Opera Stable\Web Data was reset successfully
==== Reset IE Proxy ======================
Value(s) before fix:
"ProxyEnable"=dword:00000000
Value(s) after fix:
"ProxyEnable"=dword:00000000
==== C:\zoek_backup content ======================
C:\zoek_backup (files=2 folders=0 482 bytes)
==== EOF on 17.11.2014 at 20:48:58,30 ======================
|
|
17.11.2014, 22:07
| #8 |
| | Frst und addition logfiles danke FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 17-11-2014 Ran by mario (administrator) on MARIO-PC on 17-11-2014 20:38:54 Running from C:\Users\mario\Desktop Loaded Profiles: mario & UpdatusUser (Available profiles: mario & UpdatusUser) Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (mst software GmbH, Germany) C:\Program Files\Ashampoo\Ashampoo WinOptimizer 8\DfSdkS.exe (SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE (SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE (Teruten) C:\Windows\System32\FsUsbExService.Exe () C:\ProgramData\DatacardService\HWDeviceService.exe (Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Google Inc.) C:\Program Files\Google\Update\1.3.25.11\GoogleCrashHandler.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe () C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe (Sony Corporation) C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Ashampoo Development GmbH & Co. KG) C:\Program Files\Ashampoo\Ashampoo WinOptimizer 8\LiveTuner.exe (Sony Corporation) C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (1und1 Mail und Media GmbH) C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe (Avira) C:\Program Files\Avira\AviraSpeedup\avira_system_speedup.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (Google) C:\Program Files\Google\Drive\googledrivesync.exe (TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (Dropbox, Inc.) C:\Users\mario\AppData\Roaming\Dropbox\bin\Dropbox.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Google) C:\Program Files\Google\Drive\googledrivesync.exe (TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE () C:\Program Files\Ashampoo\Ashampoo WinOptimizer 8\LiveTunerService.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [8092192 2009-11-17] (Realtek Semiconductor) HKLM\...\Run: [Ashampoo WinOptimizer Live-Tuner] => C:\Program Files\Ashampoo\Ashampoo WinOptimizer 8\LiveTuner.exe [2656680 2011-09-28] (Ashampoo Development GmbH & Co. KG) HKLM\...\Run: [NPSStartup] => [X] HKLM\...\Run: [PMBVolumeWatcher] => C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe [651832 2011-08-24] (Sony Corporation) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated) HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [703736 2014-10-14] (Avira Operations GmbH & Co. KG) HKLM\...\Run: [KiesTrayAgent] => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [310064 2014-06-14] (Samsung Electronics Co., Ltd.) HKLM\...\Run: [MailCheck IE Broker] => C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe [1810496 2014-04-24] (1und1 Mail und Media GmbH) HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [124208 2014-10-22] (Avira Operations GmbH & Co. KG) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation) HKU\S-1-5-21-943191095-2846990741-2943127497-1001\...\Run: [EPSON1A5D7B (Epson Stylus SX420W)] => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIGCE.EXE [200704 2009-09-14] (SEIKO EPSON CORPORATION) HKU\S-1-5-21-943191095-2846990741-2943127497-1001\...\Run: [AutoStartNPSAgent] => C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe [102400 2009-04-02] (Samsung Electronics Co., Ltd.) HKU\S-1-5-21-943191095-2846990741-2943127497-1001\...\Run: [EPSON SX420W Series] => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIGCE.EXE [200704 2009-09-14] (SEIKO EPSON CORPORATION) HKU\S-1-5-21-943191095-2846990741-2943127497-1001\...\Run: [] => C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [843568 2014-06-14] (Samsung) HKU\S-1-5-21-943191095-2846990741-2943127497-1001\...\Run: [Facebook Update] => C:\Users\mario\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-09-02] (Facebook Inc.) HKU\S-1-5-21-943191095-2846990741-2943127497-1001\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [22869088 2014-10-21] (Google) HKU\S-1-5-21-943191095-2846990741-2943127497-1001\...\Run: [LightShot] => C:\Users\mario\AppData\Local\Skillbrains\lightshot\Lightshot.exe HKU\S-1-5-21-943191095-2846990741-2943127497-1001\...\Run: [TomTomHOME.exe] => C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [248208 2013-08-27] (TomTom) HKU\S-1-5-21-943191095-2846990741-2943127497-1001\...\Run: [AviraSpeedup] => C:\Program Files\Avira\AviraSpeedup\avira_system_speedup.exe [5395192 2014-10-03] (Avira) HKU\S-1-5-21-943191095-2846990741-2943127497-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [4825880 2014-10-23] (Piriform Ltd) HKU\S-1-5-21-943191095-2846990741-2943127497-1001\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2014-11-07] (Google Inc.) HKU\S-1-5-21-943191095-2846990741-2943127497-1001\...\MountPoints2: E - E:\AutoRun.exe HKU\S-1-5-21-943191095-2846990741-2943127497-1001\...\MountPoints2: {2e6f69a6-e937-11e1-bbef-001e101f7f74} - E:\AutoRun.exe HKU\S-1-5-21-943191095-2846990741-2943127497-1001\...\MountPoints2: {b0f9344c-df70-11d4-9acf-00a0d1ad0be0} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\index.html HKU\S-1-5-21-943191095-2846990741-2943127497-1001\...\MountPoints2: {b817d815-e92d-11e1-95fe-00a0d1ad0be0} - E:\AutoRun.exe HKU\S-1-5-21-943191095-2846990741-2943127497-1001\...\MountPoints2: {b817d82c-e92d-11e1-95fe-00a0d1ad0be0} - E:\AutoRun.exe HKU\S-1-5-21-943191095-2846990741-2943127497-1001\...\MountPoints2: {b817d84b-e92d-11e1-95fe-00a0d1ad0be0} - E:\AutoRun.exe HKU\S-1-5-18\...\Run: [AviraSpeedup] => C:\Program Files\Avira\AviraSpeedup\avira_system_speedup.exe [5395192 2014-10-03] (Avira) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.) Startup: C:\Users\mario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\mario\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\mario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe () ShellIconOverlayIdentifiers: [GDriveBlacklistedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google) ShellIconOverlayIdentifiers: [GDriveSharedEditOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google) ShellIconOverlayIdentifiers: [GDriveSharedViewOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google) ShellIconOverlayIdentifiers: [GDriveSyncedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google) ShellIconOverlayIdentifiers: [GDriveSyncingOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google) BootExecute: autocheck autochk * bootdelete GroupPolicy: Group Policy on Chrome detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-943191095-2846990741-2943127497-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKU\S-1-5-21-943191095-2846990741-2943127497-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x4C56FBDE1CBCCC01 HKU\S-1-5-21-943191095-2846990741-2943127497-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE SearchScopes: HKU\S-1-5-21-943191095-2846990741-2943127497-1001 -> {22FAACBA-E5CE-4A7E-8C1A-32B5C840F4D9} URL = hxxp://de.search.yahoo.com/search?fr=mcafee&p={SearchTerms} SearchScopes: HKU\S-1-5-21-943191095-2846990741-2943127497-1001 -> {462DBD11-50B6-4729-A19B-6CEFEB16DCD0} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8 SearchScopes: HKU\S-1-5-21-943191095-2846990741-2943127497-1001 -> {4B0E8FA1-5355-41B8-981D-A32F6C1D8362} URL = hxxp://go.gmx.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8 SearchScopes: HKU\S-1-5-21-943191095-2846990741-2943127497-1001 -> {99F56934-85E6-4298-83E6-529910F9802A} URL = hxxp://go.mail.com/tb/en-us/ie_searchplugin/?q={searchTerms}&enc=UTF-8 SearchScopes: HKU\S-1-5-21-943191095-2846990741-2943127497-1001 -> {C3FB7335-8FD3-46D3-BDFD-9A923343E753} URL = hxxp://go.web.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8 SearchScopes: HKU\S-1-5-21-943191095-2846990741-2943127497-1001 -> {C89738FB-E293-45FF-92B5-01EF65686D1B} URL = https://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-943191095-2846990741-2943127497-1001 -> {FC7E5970-0E3B-43FA-80E5-7D4E0290DA1B} URL = https://www.google.com/search?q={searchTerms} BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.) BHO: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO: WEB.DE MailCheck BHO -> {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} -> C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKU\S-1-5-21-943191095-2846990741-2943127497-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_67-windows-i586.cab DPF: {CAFEEFAC-0017-0000-0067-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_67-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_67-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - No File Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - No File Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Handler: webde - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 Tcpip\..\Interfaces\{5863A184-9385-4DFA-BFB2-A6562BDC40C0}: [NameServer] 212.52.97.25 193.70.152.25 Tcpip\..\Interfaces\{95112B73-AD06-42EF-A679-B7309AE7DC15}: [NameServer] 212.52.97.25 193.70.152.25 Tcpip\..\Interfaces\{9D70F6C1-8888-4D2B-A03E-3F30228CDCD5}: [NameServer] 193.70.152.25 212.52.97.25 FireFox: ======== FF ProfilePath: C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\t3k3gzn5.default FF NewTab: hxxp://www.google.com/ FF DefaultSearchEngine: Google FF DefaultSearchUrl: hxxp://www.google.com/search?btnG=Google+Search&q= FF SearchEngineOrder.1: Google FF SelectedSearchEngine: Google FF Homepage: hxxp://www.google.com FF Keyword.URL: hxxp://www.google.com/search?btnG=Google+Search&q= FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_223.dll () FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-943191095-2846990741-2943127497-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\mario\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF Plugin HKU\S-1-5-21-943191095-2846990741-2943127497-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\mario\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF Plugin HKU\S-1-5-21-943191095-2846990741-2943127497-1001: telekom.com/PagePlaceStarter -> C:\Users\mario\AppData\Local\PagePlace\npPagePlaceStarter.dll (Deutsche Telekom AG) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Extension: WEB.DE MailCheck - C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\t3k3gzn5.default\Extensions\toolbar@web.de [2014-10-03] FF Extension: midikar - C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\t3k3gzn5.default\Extensions\{e97a8b1d-ea32-4839-9c97-b92ab27cb15e} [2014-11-13] FF Extension: ProxTube - C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\t3k3gzn5.default\Extensions\ich@maltegoetz.de.xpi [2014-10-11] FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-11-13] FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2014-11-13] FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2001-01-01] FF Extension: No Name - C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\t3k3gzn5.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [Not Found] FF Extension: No Name - C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\t3k3gzn5.default\extensions\herman.thorne45@outlook.com [Not Found] FF Extension: No Name - {ACAA314B-EEBA-48e4-AD47-84E31C44796C} [Not Found] FF Extension: No Name - herman.thorne45@outlook.com [Not Found] Chrome: ======= CHR Profile: C:\Users\mario\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Präsentationen) - C:\Users\mario\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-20] CHR Extension: (Google Docs) - C:\Users\mario\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-20] CHR Extension: (Google Drive) - C:\Users\mario\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-20] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\mario\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-20] CHR Extension: (YouTube) - C:\Users\mario\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-20] CHR Extension: (Google-Suche) - C:\Users\mario\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-20] CHR Extension: (Google Tabellen) - C:\Users\mario\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-20] CHR Extension: (Avira Browser Safety) - C:\Users\mario\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-10-26] CHR Extension: (Avira SafeSearch) - C:\Users\mario\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldmiahjidflgnbiadknkmaimfpjkelng [2014-10-26] CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\mario\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-11] CHR Extension: (Google Wallet) - C:\Users\mario\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-20] CHR Extension: (Mehr Leistung und Videoformate für dein HTML5 <video>) - C:\Users\mario\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2014-10-20] CHR Extension: (Google Mail) - C:\Users\mario\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-20] CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-12-12] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [431920 2014-10-14] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [431920 2014-10-14] (Avira Operations GmbH & Co. KG) S2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [164656 2014-10-22] (Avira Operations GmbH & Co. KG) R2 DfSdkS; C:\Program Files\Ashampoo\Ashampoo WinOptimizer 8\DfsdkS.exe [406016 2009-08-24] (mst software GmbH, Germany) [File not signed] R2 EPSON_EB_RPCV4_04; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE [153600 2009-09-14] (SEIKO EPSON CORPORATION) [File not signed] R2 EPSON_PM_RPCV4_04; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE [121856 2009-09-14] (SEIKO EPSON CORPORATION) [File not signed] R2 FsUsbExService; C:\Windows\system32\FsUsbExService.Exe [233472 2009-03-31] (Teruten) [File not signed] R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [106248 2014-11-13] (SurfRight B.V.) R2 HWDeviceService.exe; C:\ProgramData\DatacardService\HWDeviceService.exe [271712 2011-03-14] () R2 Live Updater Service; C:\Program Files\Acer\Acer Updater\UpdaterService.exe [255376 2012-04-05] (Acer Incorporated) R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.) S2 Mobile Partner. RunOuc; C:\Program Files\Mobile Partner\UpdateDog\ouc.exe [246112 2012-08-18] () S3 ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [430592 2008-04-07] (Nokia.) [File not signed] R2 WO_LiveService; C:\Program Files\Ashampoo\Ashampoo WinOptimizer 8\LiveTunerService.exe [885160 2011-09-28] () ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 51110541; C:\Windows\System32\DRIVERS\51110541.sys [128016 2009-09-25] (Kaspersky Lab) R0 51110542; C:\Windows\System32\DRIVERS\51110542.sys [37392 2009-10-22] (Kaspersky Lab) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98160 2014-10-14] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-10-14] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2014-02-25] (Avira Operations GmbH & Co. KG) R2 EpmPsd; C:\Windows\system32\drivers\epm-psd.sys [4096 2004-07-19] (Acer Value Labs, USA) [File not signed] R2 EpmShd; C:\Windows\system32\drivers\epm-shd.sys [78208 2005-04-07] (Acer Value Labs, USA) [File not signed] R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36608 2009-03-31] () [File not signed] S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [35992 2014-11-17] () R3 L1E; C:\Windows\System32\DRIVERS\L1E62x86.sys [48640 2009-08-23] (Atheros Communications, Inc.) R2 LiveTunerPM; C:\Program Files\Ashampoo\Ashampoo WinOptimizer 8\LiveTunerProcessMonitor32.sys [12696 2011-03-08] () R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-10-01] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2014-11-17] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-10-01] (Malwarebytes Corporation) R1 setup_9.0.0.722_17.12.2011_15-25drv; C:\Windows\System32\DRIVERS\5111054.sys [311312 2009-10-09] (Kaspersky Lab) R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2014-02-25] (Avira GmbH) S3 TTCinergyT2; C:\Windows\System32\drivers\TTCinergyT2BDA.sys [22528 2005-10-06] (TerraTec Electronic GmbH) S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [43520 2012-02-15] (Apple, Inc.) [File not signed] S3 zghsmdm; C:\Windows\System32\DRIVERS\zghsmdm.sys [106752 2011-01-13] (ZTE Incorporated) S3 dgderdrv; System32\drivers\dgderdrv.sys [X] S3 ute4njq3; \??\C:\Windows\system32\Drivers\ute4njq3.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-17 20:49 - 2014-11-17 20:49 - 00010021 _____ () C:\Users\mario\Desktop\zoek-results.txt 2014-11-17 20:47 - 2014-11-17 20:48 - 00010021 _____ () C:\zoek-results.log 2014-11-17 20:44 - 2014-11-17 20:37 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-11-17 20:43 - 2014-11-17 20:48 - 00000000 ____D () C:\zoek_backup 2014-11-17 20:43 - 2014-11-17 20:43 - 00001064 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-11-17 20:43 - 2014-11-17 20:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-11-17 20:43 - 2014-11-17 20:43 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-11-17 20:43 - 2014-11-17 20:43 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2014-11-17 20:43 - 2014-10-01 11:11 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-11-17 20:43 - 2014-10-01 11:11 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-11-17 20:43 - 2014-10-01 11:11 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-11-17 20:42 - 2014-11-17 20:42 - 00031668 _____ () C:\Users\mario\Desktop\mbam.txt 2014-11-17 20:38 - 2014-11-17 20:43 - 00035992 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys 2014-11-17 20:38 - 2014-11-17 20:40 - 00027066 _____ () C:\Users\mario\Desktop\FRST.txt 2014-11-17 20:38 - 2014-11-17 20:38 - 00000000 ____D () C:\Users\mario\Desktop\FRST-OlderVersion 2014-11-13 18:47 - 2014-11-13 18:47 - 01294848 _____ () C:\Users\mario\Desktop\zoek.exe 2014-11-13 18:46 - 2014-11-13 18:46 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\mario\Desktop\mbam-setup-2.0.3.1025.exe 2014-11-13 18:37 - 2014-11-13 18:37 - 00000000 ____D () C:\31cd9b6eea04efa7fe74 2014-11-13 18:37 - 2014-11-13 18:37 - 00000000 _____ () C:\Users\mario\Downloads\avira-eu-cleaner_de_exe.82d1sna.partial 2014-11-13 18:30 - 2014-11-13 18:30 - 00045928 _____ () C:\Windows\system32\.crusader 2014-11-13 18:24 - 2014-11-13 18:24 - 00000000 _____ () C:\Users\mario\Downloads\hmpalert_exe.vo44ku4.partial 2014-11-13 18:23 - 2014-11-17 20:39 - 00000000 ____D () C:\FRST 2014-11-13 18:22 - 2014-11-17 20:40 - 00000000 ____D () C:\AdwCleaner 2014-11-13 18:20 - 2014-11-17 20:38 - 00000000 ____D () C:\Users\mario\Desktop\Neuer Ordner 2014-11-13 18:20 - 2014-11-13 18:20 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-11-13 18:19 - 2014-11-13 18:19 - 00380416 _____ () C:\Users\mario\Desktop\Gmer-19357.exe 2014-11-13 18:19 - 2014-11-13 18:19 - 00000000 ____D () C:\Program Files\Common Files\Java 2014-11-13 18:17 - 2014-11-17 20:38 - 01108992 _____ (Farbar) C:\Users\mario\Desktop\FRST.exe 2014-11-13 18:17 - 2014-11-13 18:17 - 01108480 _____ (Farbar) C:\Users\mario\Downloads\FRST.exe 2014-11-13 18:17 - 2014-11-13 18:17 - 00050477 _____ () C:\Users\mario\Desktop\Defogger.exe 2014-11-13 18:13 - 2014-11-13 18:13 - 00001909 _____ () C:\Users\Public\Desktop\HitmanPro.lnk 2014-11-13 18:13 - 2014-11-13 18:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro 2014-11-13 18:13 - 2014-11-13 18:13 - 00000000 ____D () C:\Program Files\HitmanPro 2014-11-13 18:12 - 2014-11-13 18:30 - 00000000 ____D () C:\ProgramData\HitmanPro 2014-11-13 18:12 - 2014-11-05 18:50 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2014-11-13 18:12 - 2014-11-05 18:50 - 00203776 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-11-13 18:12 - 2014-11-05 18:47 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-11-13 18:12 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll 2014-11-13 18:12 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2014-11-13 18:12 - 2014-10-03 02:44 - 00475136 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll 2014-11-13 18:12 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll 2014-11-13 18:12 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll 2014-11-13 18:12 - 2014-10-03 02:44 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll 2014-11-13 18:12 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll 2014-11-13 18:12 - 2014-09-19 10:23 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-11-13 18:12 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2014-11-13 18:12 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-11-13 18:12 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2014-11-13 18:12 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2014-11-13 18:12 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-11-13 18:12 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-11-13 18:12 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2014-11-13 18:12 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2014-11-13 18:12 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL 2014-11-13 18:11 - 2014-11-13 18:12 - 10284408 _____ (SurfRight B.V.) C:\Users\mario\Downloads\hitmanpro.exe 2014-11-13 18:11 - 2014-11-07 20:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-11-13 18:11 - 2014-11-06 04:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-11-13 18:11 - 2014-11-06 04:28 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-11-13 18:11 - 2014-11-06 04:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-11-13 18:11 - 2014-11-06 04:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-11-13 18:11 - 2014-11-06 04:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-11-13 18:11 - 2014-11-06 04:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-11-13 18:11 - 2014-11-06 04:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-11-13 18:11 - 2014-11-06 04:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-11-13 18:11 - 2014-11-06 04:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-11-13 18:11 - 2014-11-06 04:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-11-13 18:11 - 2014-11-06 04:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-11-13 18:11 - 2014-11-06 03:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-11-13 18:11 - 2014-11-06 03:59 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-11-13 18:11 - 2014-11-06 03:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-11-13 18:11 - 2014-11-06 03:51 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-11-13 18:11 - 2014-11-06 03:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-11-13 18:11 - 2014-11-06 03:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-11-13 18:11 - 2014-11-06 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-11-13 18:11 - 2014-11-06 03:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-11-13 18:11 - 2014-11-06 03:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-11-13 18:11 - 2014-11-06 03:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-11-13 18:11 - 2014-11-06 03:22 - 00683008 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-11-13 18:11 - 2014-11-06 03:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-11-13 18:11 - 2014-11-06 03:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-11-13 18:11 - 2014-11-06 03:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-11-13 18:11 - 2014-11-06 03:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-11-13 18:11 - 2014-11-06 02:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-11-13 18:11 - 2014-11-06 02:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-11-13 18:11 - 2014-11-06 02:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-11-13 18:11 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll 2014-11-13 18:11 - 2014-10-14 02:56 - 00136632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2014-11-13 18:11 - 2014-10-14 02:50 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-11-13 18:11 - 2014-10-14 02:50 - 00523776 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll 2014-11-13 18:11 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2014-11-13 18:11 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2014-11-13 18:11 - 2014-10-10 01:45 - 02379264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-11-13 18:08 - 2014-11-13 18:08 - 02140160 _____ () C:\Users\mario\Desktop\AdwCleaner_4.101.exe 2014-11-13 18:01 - 2014-11-13 18:11 - 00000000 ____D () C:\Program Files\Mozilla Firefox.bak 2014-11-13 17:59 - 2014-11-13 17:59 - 00000000 _____ () C:\Users\mario\defogger_reenable 2014-11-13 17:56 - 2014-11-13 17:57 - 00000000 ____D () C:\Users\mario\AppData\Local\Deployment 2014-11-13 17:56 - 2014-11-13 17:56 - 00000000 __SHD () C:\Users\mario\AppData\Local\EmieBrowserModeList 2014-11-13 17:56 - 2014-11-13 17:56 - 00000000 ____D () C:\Users\mario\AppData\Local\Apps\2.0 2014-11-13 17:52 - 2014-11-17 20:34 - 00001243 _____ () C:\Windows\setupact.log 2014-11-13 17:52 - 2014-11-17 20:33 - 00057646 _____ () C:\Windows\PFRO.log 2014-11-13 17:52 - 2014-11-13 17:52 - 00000000 _____ () C:\Windows\setuperr.log 2014-11-07 18:41 - 2014-11-08 18:48 - 00002125 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-11-07 18:41 - 2014-11-07 18:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2014-11-01 17:26 - 2014-11-01 17:27 - 36865528 _____ () C:\Users\mario\Downloads\WEB.DE_Firefox_Setup.exe 2014-11-01 17:25 - 2014-11-13 17:52 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-11-01 17:25 - 2014-11-01 17:25 - 00001121 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-11-01 17:25 - 2014-11-01 17:25 - 00001109 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-10-26 16:01 - 2014-10-26 16:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus 2014-10-26 16:01 - 2014-10-26 16:01 - 00000000 ____D () C:\Program Files\McAfee Security Scan 2014-10-20 18:49 - 2014-10-20 18:49 - 00000000 ____D () C:\Users\mario\AppData\Roaming\Opera Software 2014-10-20 18:49 - 2014-10-20 18:49 - 00000000 ____D () C:\Users\mario\AppData\Local\Opera Software 2014-10-20 18:47 - 2014-10-20 18:47 - 00868168 _____ (Opera Software) C:\Users\mario\Downloads\Opera_NI_stable.exe 2014-10-20 18:22 - 2014-10-26 16:01 - 00002016 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk 2014-10-20 18:22 - 2014-10-26 16:01 - 00000000 ____D () C:\ProgramData\McAfee Security Scan 2014-10-20 18:13 - 2014-09-04 06:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll 2014-10-20 18:13 - 2014-08-29 02:44 - 04922368 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2014-10-20 18:13 - 2014-08-29 02:44 - 02744320 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll 2014-10-20 18:13 - 2014-08-29 02:44 - 01050112 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe 2014-10-20 18:13 - 2014-08-29 02:44 - 00269312 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll 2014-10-20 18:13 - 2014-08-29 02:44 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll 2014-10-20 18:13 - 2014-07-17 02:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll 2014-10-20 18:13 - 2014-07-17 02:39 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe 2014-10-20 18:13 - 2014-07-17 02:39 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll 2014-10-20 18:13 - 2014-07-17 02:03 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys 2014-10-20 18:13 - 2014-07-17 02:02 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys 2014-10-20 18:13 - 2014-06-18 23:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll 2014-10-20 18:13 - 2014-06-18 23:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll 2014-10-20 18:13 - 2014-06-18 23:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-17 20:59 - 2012-04-04 17:07 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-11-17 20:52 - 2014-01-24 21:56 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-11-17 20:44 - 2009-07-14 05:34 - 00022576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-11-17 20:44 - 2009-07-14 05:34 - 00022576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-11-17 20:39 - 2011-12-16 18:38 - 01484139 _____ () C:\Windows\WindowsUpdate.log 2014-11-17 20:37 - 2012-11-10 12:00 - 00000435 _____ () C:\Windows\system32\Drivers\etc\hosts.ics 2014-11-17 20:36 - 2013-10-19 13:04 - 00000000 ___RD () C:\Users\mario\Dropbox 2014-11-17 20:35 - 2013-10-19 12:57 - 00000000 ____D () C:\Users\mario\AppData\Roaming\Dropbox 2014-11-17 20:34 - 2014-01-24 21:56 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-11-17 20:34 - 2009-07-14 05:53 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-11-17 20:34 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-11-17 20:33 - 2001-01-01 03:05 - 00000000 ____D () C:\Windows\PCHEALTH 2014-11-13 18:41 - 2012-05-06 19:09 - 00069120 ___SH () C:\Users\mario\Documents\Thumbs.db 2014-11-13 18:38 - 2013-08-15 10:06 - 00000000 ____D () C:\Windows\system32\MRT 2014-11-13 18:37 - 2012-07-21 17:59 - 00380928 ___SH () C:\Users\mario\Desktop\Thumbs.db 2014-11-13 18:37 - 2001-01-01 00:07 - 100445232 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-11-13 18:35 - 2012-05-01 15:12 - 03550720 ___SH () C:\Users\mario\Downloads\Thumbs.db 2014-11-13 18:34 - 2013-09-02 14:29 - 00000928 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-943191095-2846990741-2943127497-1001UA.job 2014-11-13 18:19 - 2014-09-10 16:19 - 00000000 ____D () C:\ProgramData\Oracle 2014-11-13 18:17 - 2014-09-10 16:18 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll 2014-11-13 18:17 - 2014-09-10 16:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-11-13 18:17 - 2001-01-01 15:13 - 00000000 ____D () C:\Program Files\Java 2014-11-13 18:00 - 2014-04-28 15:42 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-11-13 18:00 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET 2014-11-13 17:59 - 2012-04-04 17:07 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-11-13 17:59 - 2012-02-06 19:58 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2014-11-13 17:59 - 2011-12-16 18:51 - 00000000 ____D () C:\Users\mario 2014-11-13 17:57 - 2013-10-19 13:02 - 00000000 ____D () C:\Users\mario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-11-13 17:56 - 2014-01-24 22:01 - 00000000 ___RD () C:\Users\mario\Google Drive 2014-11-13 17:54 - 2011-12-16 18:54 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-11-13 17:54 - 2009-07-14 05:33 - 00289816 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-11-13 17:52 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE 2014-11-08 18:32 - 2011-12-16 19:10 - 00000000 ____D () C:\Users\mario\AppData\Local\Google 2014-11-07 18:42 - 2014-08-14 23:48 - 00000000 ____D () C:\Users\mario\AppData\Local\Adobe 2014-11-07 18:42 - 2012-02-06 18:47 - 00000000 ____D () C:\ProgramData\Google 2014-11-07 18:42 - 2011-12-16 19:10 - 00000000 ____D () C:\Program Files\Google 2014-11-07 17:52 - 2014-01-24 21:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive 2014-11-01 17:14 - 2014-10-14 15:46 - 00001099 _____ () C:\Users\Public\Desktop\Avira.lnk 2014-11-01 17:14 - 2014-03-14 18:40 - 00000000 ____D () C:\ProgramData\Package Cache 2014-11-01 17:14 - 2014-03-14 18:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2014-11-01 17:14 - 2014-03-14 18:40 - 00000000 ____D () C:\Program Files\Avira 2014-10-26 16:49 - 2012-11-05 20:20 - 00000000 ___RD () C:\Users\mario\Desktop\karaoke 2014-10-26 16:28 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache 2014-10-26 16:15 - 2011-12-18 12:13 - 00000000 ____D () C:\Program Files\Opera 2014-10-20 18:30 - 2014-08-28 19:29 - 00000969 _____ () C:\Users\Public\Desktop\CCleaner.lnk 2014-10-20 18:30 - 2014-08-28 19:29 - 00000000 ____D () C:\Program Files\CCleaner 2014-10-20 17:59 - 2009-07-14 03:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories Files to move or delete: ==================== C:\Users\mario\start32bitprogram.exe Some content of TEMP: ==================== C:\Users\mario\AppData\Local\Temp\avgnt.exe C:\Users\mario\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp375ggk.dll C:\Users\mario\AppData\Local\Temp\Quarantine.exe C:\Users\mario\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-11-11 17:54 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x86) Version: 17-11-2014 Ran by mario at 2014-11-17 20:41:15 Running from C:\Users\mario\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avira Desktop (Disabled - Out of date) {4D041356-F94D-285F-8768-AAE50FA36859} AS: Avira Desktop (Enabled - Out of date) {F665F2B2-DF77-27D1-BDD8-9197742422E4} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Acer Updater (HKLM\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3502 - Acer Incorporated) Adobe Digital Editions (HKLM\...\Digital Editions) (Version: - ) Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.223 - Adobe Systems Incorporated) Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.223 - Adobe Systems Incorporated) Adobe Reader XI (11.0.09) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated) Adobe Shockwave Player 11.6 (HKLM\...\Adobe Shockwave Player) (Version: 11.6.3.633 - Adobe Systems, Inc.) AnalogX Vocal Remover (HKLM\...\AnalogX Vocal Remover) (Version: - AnalogX) Ashampoo WinOptimizer 8 v.8.13 (HKLM\...\Ashampoo WinOptimizer 8_is1) (Version: 8.1.3 - Ashampoo GmbH & Co. KG) Avira (HKLM\...\{9480d4af-12b9-4e56-8034-4031ef6ab39d}) (Version: 1.1.25.25607 - Avira Operations GmbH & Co. KG) Avira (Version: 1.1.25.25607 - Avira Operations GmbH & Co. KG) Hidden Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.7.306 - Avira) Avira System Speedup (HKLM\...\AviraSpeedup) (Version: 1.3.1.9970 - Avira System Speedup) BtwMfcMM (HKLM\...\{D5B46D30-F054-4C64-9C0F-97C8451E7D04}) (Version: 6.00.0000 - Broadcom Corporation) CCleaner (HKLM\...\CCleaner) (Version: 4.19 - Piriform) Cinergy XS Series V5.09.0304.00a (HKLM\...\Cinergy XS Series) (Version: 5.09.0304.00a - ) D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden DivX-Setup (HKLM\...\DivX Setup) (Version: 2.6.1.3 - DivX, LLC) Dropbox (HKU\S-1-5-21-943191095-2846990741-2943127497-1001\...\Dropbox) (Version: 2.10.52 - Dropbox, Inc.) DVBViewer TERRATEC Edition (HKLM\...\DVBViewer TERRATEC Edition_is1) (Version: - CM&V) Epson Easy Photo Print 2 (HKLM\...\{30E01116-5666-4807-8EF1-D80E9FF16717}) (Version: 2.3.2.0 - SEIKO EPSON CORPORATION) Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION2) EPSON Scan (HKLM\...\EPSON Scanner) (Version: - Seiko Epson Corporation) EPSON SX420W Series Printer Uninstall (HKLM\...\EPSON SX420W Series) (Version: - SEIKO EPSON Corporation) EpsonNet Print (HKLM\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.4j - SEIKO EPSON CORPORATION) Facebook Video Calling 3.1.0.521 (HKLM\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited) Fotogalerie (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Free Studio version 5.3.2 (HKLM\...\Free Studio_is1) (Version: - DVDVideoSoft Ltd.) Free Video to Samsung Phones Converter version 5.0.20.1031 (HKLM\...\Free Video to Samsung Phones Converter_is1) (Version: 5.0.20.1031 - DVDVideoSoft Ltd.) Free YouTube Download version 3.1.39.1015 (HKLM\...\Free YouTube Download_is1) (Version: 3.1.39.1015 - DVDVideoSoft Ltd.) Free YouTube to MP3 Converter version 3.12.20.1230 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.20.1230 - DVDVideoSoft Ltd.) Google Chrome (HKLM\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.) Google Drive (HKLM\...\{C60F3836-333A-4AE2-B526-CFDBA143A9BA}) (Version: 1.18.7821.2489 - Google, Inc.) Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.) Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.232 - SurfRight B.V.) Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle) Java 8 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation) Junk Mail filter update (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden KaraFun 1.18 (HKLM\...\KaraFun_is1) (Version: - Recisio) KaraokeMedia Home PC (Version: 1.0.0 - ECLIPSE PRODUCCIONES S.L) Hidden K-Lite Codec Pack 6.1.0 (Full) (HKLM\...\KLiteCodecPack_is1) (Version: 6.1.0 - ) Malwarebytes Anti-Malware Version 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation) McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.) Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Camera Codec Pack (HKLM\...\{908C5B2E-D684-425E-A54D-FE77D5C5A076}) (Version: 16.4.1970.0624 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft SkyDrive (HKU\S-1-5-21-943191095-2846990741-2943127497-1001\...\SkyDriveSetup.exe) (Version: 17.0.2003.1112 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation) Mobile Partner (HKLM\...\Mobile Partner) (Version: 21.003.25.02.51 - Huawei Technologies Co.,Ltd) Movie Maker (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Mozilla Firefox 33.1 (x86 de) (HKLM\...\Mozilla Firefox 33.1 (x86 de)) (Version: 33.1 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 33.0.2 - Mozilla) MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden MSVCRT110 (Version: 16.4.1108.0727 - Microsoft) Hidden MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB973685) (HKLM\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation) MyFreeCodec (HKU\S-1-5-21-943191095-2846990741-2943127497-1001\...\MyFreeCodec) (Version: - ) NVIDIA Grafiktreiber 327.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.02 - NVIDIA Corporation) NVIDIA HD-Audiotreiber 1.3.26.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.26.4 - NVIDIA Corporation) NVIDIA PhysX-Systemsoftware 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation) NVIDIA Update 1.14.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.14.17 - NVIDIA Corporation) OpenOffice.org 3.4.1 (HKLM\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation) PagePlace (HKU\S-1-5-21-943191095-2846990741-2943127497-1001\...\PagePlace) (Version: - ) PC Connectivity Solution (HKLM\...\{AC599724-5755-48C1-ABE7-ABB857652930}) (Version: 8.15.0.0 - Nokia) PDF Reader (HKU\S-1-5-21-943191095-2846990741-2943127497-1001\...\PDF Reader) (Version: - ) Photo Common (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Photo Gallery (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Photomizer (HKLM\...\{A00F8237-F496-44D2-0001-E3CCF8CD58AE}) (Version: 1.0.10.0827 - Engelmann Media GmbH) PMB (HKLM\...\{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}) (Version: 5.8.02.10270 - Sony Corporation) Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5983 - Realtek Semiconductor Corp.) RMPrepUSB (HKLM\...\RMPrepUSB) (Version: - ) Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.2.14014_6 - Samsung Electronics Co., Ltd.) Samsung Kies (Version: 2.6.2.14014_6 - Samsung Electronics Co., Ltd.) Hidden Samsung Kies3 (HKLM\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.14055.3 - Samsung Electronics Co., Ltd.) Samsung Kies3 (Version: 3.2.14055.3 - Samsung Electronics Co., Ltd.) Hidden Samsung Mobile phone USB driver Drive Software (HKLM\...\Samsung Mobile phone USB driver Drive) (Version: - ) Samsung New PC Studio (HKLM\...\InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}) (Version: 1.00.0000 - Samsung Electronics Co., Ltd.) Samsung New PC Studio (Version: 1.00.0000 - Samsung Electronics Co., Ltd.) Hidden SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.43.0 - SAMSUNG Electronics Co., Ltd.) SamsungConnectivityCableDriver (HKLM\...\{7E84FAC8-C518-40F9-9807-7455301D6D25}) (Version: 6.83.6.2.1 - Samsung) Skype™ 6.3 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.3.105 - Skype Technologies S.A.) swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden System Requirements Lab (HKLM\...\SystemRequirementsLab) (Version: - ) TomTom HOME (HKLM\...\{99072AB4-D795-44D5-9D65-E3C9F8322C97}) (Version: 2.9.7 - Ihr Firmenname) TomTom HOME Visual Studio Merge Modules (HKLM\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.) vanBasco's Karaoke Player (HKLM\...\VMidi) (Version: - ) VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden WEB.DE Desktop Icons (HKLM\...\1&1 Mail & Media GmbH 1und1DesktopIconsInstaller) (Version: 3.0.3.0 - 1&1 Mail & Media GmbH) WEB.DE MailCheck für Internet Explorer (HKLM\...\1&1 Mail & Media GmbH Toolbar IE8) (Version: 2.5.1.0 - 1&1 Mail & Media GmbH) WEB.DE Softwareaktualisierung (HKLM\...\1&1 Mail & Media GmbH 1und1Softwareaktualisierung) (Version: 3.0.0.55 - 1&1 Mail & Media GmbH) WIDCOMM Bluetooth Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.0.9700 - Broadcom Corporation) Winamp (HKLM\...\Winamp) (Version: 5.666 - Nullsoft, Inc) Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation) Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-943191095-2846990741-2943127497-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\mario\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-943191095-2846990741-2943127497-1001_Classes\CLSID\{1FD1FE74-9E3C-4C1C-AEEB-AAB592AD770F}\localserver32 -> C:\Users\mario\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) CustomCLSID: HKU\S-1-5-21-943191095-2846990741-2943127497-1001_Classes\CLSID\{55cbb4a1-515f-5947-9e5e-931ec3e954ea}\InprocServer32 -> C:\Users\mario\AppData\Local\PagePlace\npPagePlaceStarter.dll (Deutsche Telekom AG) CustomCLSID: HKU\S-1-5-21-943191095-2846990741-2943127497-1001_Classes\CLSID\{5E71E4F3-E8C7-4906-9626-973E418762B6}\InprocServer32 -> C:\Users\mario\AppData\Local\Facebook\Update\1.2.205.0\goopdate.dll (Facebook Inc.) CustomCLSID: HKU\S-1-5-21-943191095-2846990741-2943127497-1001_Classes\CLSID\{7B37E4E2-C62F-4914-9620-8FB5062718CC}\localserver32 -> C:\Users\mario\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-943191095-2846990741-2943127497-1001_Classes\CLSID\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}\InprocServer32 -> C:\Users\mario\AppData\LocalLow\DVDVideoSoftTB\prxtbDVDV.dll No File CustomCLSID: HKU\S-1-5-21-943191095-2846990741-2943127497-1001_Classes\CLSID\{8B9F5BF4-0407-4BB2-9FED-4C0372DABD00}\localserver32 -> C:\Users\mario\AppData\Local\Facebook\Video\Skype\FacebookVideoCallingProxy.exe (Skype Limited) CustomCLSID: HKU\S-1-5-21-943191095-2846990741-2943127497-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\mario\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-943191095-2846990741-2943127497-1001_Classes\CLSID\{AB807329-7324-431B-8B36-DBD581F56E0B}\localserver32 -> C:\Users\mario\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-943191095-2846990741-2943127497-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\mario\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-943191095-2846990741-2943127497-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\mario\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-943191095-2846990741-2943127497-1001_Classes\CLSID\{CBE9C57E-FFA9-4123-8354-AD360D6DD3CC}\InprocServer32 -> C:\Users\mario\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) CustomCLSID: HKU\S-1-5-21-943191095-2846990741-2943127497-1001_Classes\CLSID\{D3F69D07-0AEE-47AF-87D0-1A67D4F70C68}\InprocServer32 -> C:\Users\mario\AppData\LocalLow\DVDVideoSoftTB\prxtbDVDV.dll No File CustomCLSID: HKU\S-1-5-21-943191095-2846990741-2943127497-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\mario\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-943191095-2846990741-2943127497-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\mario\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\FileSyncApi.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-943191095-2846990741-2943127497-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\mario\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-943191095-2846990741-2943127497-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\mario\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-943191095-2846990741-2943127497-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\mario\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-943191095-2846990741-2943127497-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\mario\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-943191095-2846990741-2943127497-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\mario\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-943191095-2846990741-2943127497-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\mario\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-943191095-2846990741-2943127497-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\mario\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-943191095-2846990741-2943127497-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\mario\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) ==================== Restore Points ========================= 20-10-2014 17:24:52 Windows Update 13-11-2014 16:58:05 Windows Update 13-11-2014 17:11:32 Prüfpunkt von HitmanPro 13-11-2014 17:28:07 Prüfpunkt von HitmanPro 13-11-2014 17:29:35 Prüfpunkt von HitmanPro 13-11-2014 17:35:28 Windows Update 17-11-2014 19:47:12 zoek.exe restore point ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {082530D3-26DA-42B3-96CB-6F6842A4AB66} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation) Task: {12758D70-1112-415E-8C53-061DDA7066D5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-01-24] (Google Inc.) Task: {1AE3379E-7DC5-4FB8-BD37-57D955021049} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-943191095-2846990741-2943127497-1001UA => C:\Users\mario\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-09-02] (Facebook Inc.) Task: {23225D99-23E9-4883-8B96-7D892214EFC7} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation) Task: {2A58B47A-EA43-4758-9D74-A3627E22DBCA} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-943191095-2846990741-2943127497-1001 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe Task: {2CEC042C-FB6F-4980-AF79-C31880B2D054} - System32\Tasks\AviraSpeedup => C:\Program Files\Avira\AviraSpeedup\avira_system_speedup.exe [2014-10-03] (Avira) Task: {32007FB4-69E9-4260-8717-653C6A7C9CB0} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation) Task: {33F3912B-B39F-437F-8007-92C30BCDBD78} - System32\Tasks\{554D785F-1C63-4CC7-90FF-EA80F1D498A6} => C:\Users\mario\Desktop\wichtig\OpenOffice.org 3.3 (de) Installation Files\java\jre-windows-i586.exe [2011-01-19] (Sun Microsystems, Inc.) Task: {3F40672C-8952-433E-A489-CC0B423DBAB6} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-10-23] (Piriform Ltd) Task: {5423B9D1-D22C-44A4-8EC4-F43EAD894DA2} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation) Task: {6F4B03CE-18C9-4472-A441-8B1678289726} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-13] (Adobe Systems Incorporated) Task: {7588A398-1D8B-4835-ACCB-13CD95AB0395} - System32\Tasks\Registration 1und1 Task => C:\Program Files\1und1Softwareaktualisierung\cdsupdclient.exe [2013-06-18] (1&1 Mail & Media GmbH) Task: {7A709350-60B9-4591-B61B-2580565ECAD0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-01-24] (Google Inc.) Task: {8A8F676A-92F1-45C9-9729-A40E5A3C65F1} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft) Task: {D1EBA97C-223E-482C-BA1B-BFE26EB10296} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-943191095-2846990741-2943127497-1001Core => C:\Users\mario\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-09-02] (Facebook Inc.) Task: {D7CE95B5-D30E-461E-BDA7-0AB604C44D48} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-943191095-2846990741-2943127497-1001 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe Task: {EFBF8436-50D1-404B-ADCF-71BDEBF3D84C} - System32\Tasks\{5B97EEF1-A9C5-4A44-AE4F-4B760011545E} => C:\Users\mario\Desktop\wichtig\OpenOffice.org 3.3 (de) Installation Files\java\jre-windows-i586.exe [2011-01-19] (Sun Microsystems, Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-943191095-2846990741-2943127497-1001Core.job => C:\Users\mario\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-943191095-2846990741-2943127497-1001UA.job => C:\Users\mario\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2012-12-18 18:57 - 2013-08-30 00:08 - 00088864 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll 2011-03-14 16:27 - 2011-03-14 16:27 - 00271712 _____ () C:\ProgramData\DatacardService\HWDeviceService.exe 2012-08-18 13:15 - 2012-08-18 13:14 - 00246112 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe 2012-08-18 13:15 - 2012-08-18 13:14 - 00011362 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\mingwm10.dll 2012-08-18 13:15 - 2012-08-18 13:14 - 00043008 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\libgcc_s_dw2-1.dll 2012-08-18 13:15 - 2012-08-18 13:14 - 02415104 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtCore4.dll 2012-08-18 13:15 - 2012-08-18 13:14 - 01148416 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtNetwork4.dll 2012-08-18 13:15 - 2012-08-18 13:14 - 00384512 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QueryStrategy.dll 2012-08-18 13:15 - 2012-08-18 13:14 - 00398336 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtXml4.dll 2014-11-17 20:34 - 2014-11-17 20:34 - 00043008 _____ () c:\users\mario\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp375ggk.dll 2013-08-23 20:01 - 2013-08-23 20:01 - 25100288 _____ () C:\Users\mario\AppData\Roaming\Dropbox\bin\libcef.dll 2014-10-23 20:19 - 2014-10-23 20:19 - 00053248 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll 2014-11-17 20:34 - 2014-11-17 20:34 - 00098816 _____ () C:\Users\mario\AppData\Local\Temp\_MEI29802\win32api.pyd 2014-11-17 20:34 - 2014-11-17 20:34 - 00110080 _____ () C:\Users\mario\AppData\Local\Temp\_MEI29802\pywintypes27.dll 2014-11-17 20:34 - 2014-11-17 20:34 - 00364544 _____ () C:\Users\mario\AppData\Local\Temp\_MEI29802\pythoncom27.dll 2014-11-17 20:34 - 2014-11-17 20:34 - 00045568 _____ () C:\Users\mario\AppData\Local\Temp\_MEI29802\_socket.pyd 2014-11-17 20:34 - 2014-11-17 20:34 - 01160704 _____ () C:\Users\mario\AppData\Local\Temp\_MEI29802\_ssl.pyd 2014-11-17 20:34 - 2014-11-17 20:34 - 00320512 _____ () C:\Users\mario\AppData\Local\Temp\_MEI29802\win32com.shell.shell.pyd 2014-11-17 20:34 - 2014-11-17 20:34 - 00713216 _____ () C:\Users\mario\AppData\Local\Temp\_MEI29802\_hashlib.pyd 2014-11-17 20:34 - 2014-11-17 20:34 - 01175040 _____ () C:\Users\mario\AppData\Local\Temp\_MEI29802\wx._core_.pyd 2014-11-17 20:34 - 2014-11-17 20:34 - 00805888 _____ () C:\Users\mario\AppData\Local\Temp\_MEI29802\wx._gdi_.pyd 2014-11-17 20:34 - 2014-11-17 20:34 - 00811008 _____ () C:\Users\mario\AppData\Local\Temp\_MEI29802\wx._windows_.pyd 2014-11-17 20:34 - 2014-11-17 20:34 - 01062400 _____ () C:\Users\mario\AppData\Local\Temp\_MEI29802\wx._controls_.pyd 2014-11-17 20:34 - 2014-11-17 20:34 - 00735232 _____ () C:\Users\mario\AppData\Local\Temp\_MEI29802\wx._misc_.pyd 2014-11-17 20:34 - 2014-11-17 20:34 - 00128512 _____ () C:\Users\mario\AppData\Local\Temp\_MEI29802\_elementtree.pyd 2014-11-17 20:34 - 2014-11-17 20:34 - 00127488 _____ () C:\Users\mario\AppData\Local\Temp\_MEI29802\pyexpat.pyd 2014-11-17 20:34 - 2014-11-17 20:34 - 00557056 _____ () C:\Users\mario\AppData\Local\Temp\_MEI29802\pysqlite2._sqlite.pyd 2014-11-17 20:34 - 2014-11-17 20:34 - 00087552 _____ () C:\Users\mario\AppData\Local\Temp\_MEI29802\_ctypes.pyd 2014-11-17 20:34 - 2014-11-17 20:34 - 00119808 _____ () C:\Users\mario\AppData\Local\Temp\_MEI29802\win32file.pyd 2014-11-17 20:34 - 2014-11-17 20:34 - 00108544 _____ () C:\Users\mario\AppData\Local\Temp\_MEI29802\win32security.pyd 2014-11-17 20:34 - 2014-11-17 20:34 - 00007168 _____ () C:\Users\mario\AppData\Local\Temp\_MEI29802\hashobjs_ext.pyd 2014-11-17 20:34 - 2014-11-17 20:34 - 00167936 _____ () C:\Users\mario\AppData\Local\Temp\_MEI29802\win32gui.pyd 2014-11-17 20:34 - 2014-11-17 20:34 - 00018432 _____ () C:\Users\mario\AppData\Local\Temp\_MEI29802\win32event.pyd 2014-11-17 20:34 - 2014-11-17 20:34 - 00038912 _____ () C:\Users\mario\AppData\Local\Temp\_MEI29802\win32inet.pyd 2014-11-17 20:34 - 2014-11-17 20:34 - 00011264 _____ () C:\Users\mario\AppData\Local\Temp\_MEI29802\win32crypt.pyd 2014-11-17 20:34 - 2014-11-17 20:34 - 00070656 _____ () C:\Users\mario\AppData\Local\Temp\_MEI29802\wx._html2.pyd 2014-11-17 20:34 - 2014-11-17 20:34 - 00027136 _____ () C:\Users\mario\AppData\Local\Temp\_MEI29802\_multiprocessing.pyd 2014-11-17 20:34 - 2014-11-17 20:34 - 00035840 _____ () C:\Users\mario\AppData\Local\Temp\_MEI29802\win32process.pyd 2014-11-17 20:34 - 2014-11-17 20:34 - 00686080 _____ () C:\Users\mario\AppData\Local\Temp\_MEI29802\unicodedata.pyd 2014-11-17 20:34 - 2014-11-17 20:34 - 00122368 _____ () C:\Users\mario\AppData\Local\Temp\_MEI29802\wx._wizard.pyd 2014-11-17 20:34 - 2014-11-17 20:34 - 00024064 _____ () C:\Users\mario\AppData\Local\Temp\_MEI29802\win32pipe.pyd 2014-11-17 20:34 - 2014-11-17 20:34 - 00025600 _____ () C:\Users\mario\AppData\Local\Temp\_MEI29802\win32pdh.pyd 2014-11-17 20:34 - 2014-11-17 20:34 - 00525640 _____ () C:\Users\mario\AppData\Local\Temp\_MEI29802\windows._lib_cacheinvalidation.pyd 2014-11-17 20:34 - 2014-11-17 20:34 - 00010240 _____ () C:\Users\mario\AppData\Local\Temp\_MEI29802\select.pyd 2014-11-17 20:34 - 2014-11-17 20:34 - 00017408 _____ () C:\Users\mario\AppData\Local\Temp\_MEI29802\win32profile.pyd 2014-11-17 20:34 - 2014-11-17 20:34 - 00022528 _____ () C:\Users\mario\AppData\Local\Temp\_MEI29802\win32ts.pyd 2014-11-17 20:34 - 2014-11-17 20:34 - 00078336 _____ () C:\Users\mario\AppData\Local\Temp\_MEI29802\wx._animate.pyd 2012-08-10 16:51 - 2012-08-10 16:51 - 00985088 _____ () C:\Program Files\OpenOffice.org 3\program\libxml2.dll 2001-01-01 05:01 - 2011-09-28 09:45 - 00885160 _____ () C:\Program Files\Ashampoo\Ashampoo WinOptimizer 8\LiveTunerService.exe ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ========================= Accounts: ========================== Administrator (S-1-5-21-943191095-2846990741-2943127497-500 - Administrator - Disabled) Gast (S-1-5-21-943191095-2846990741-2943127497-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-943191095-2846990741-2943127497-1008 - Limited - Enabled) mario (S-1-5-21-943191095-2846990741-2943127497-1001 - Administrator - Enabled) => C:\Users\mario UpdatusUser (S-1-5-21-943191095-2846990741-2943127497-1005 - Limited - Enabled) => C:\Users\UpdatusUser ==================== Faulty Device Manager Devices ============= Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (11/13/2014 06:09:31 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: iexplore.exe, Version: 11.0.9600.17420, Zeitstempel: 0x545ad233 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000 ID des fehlerhaften Prozesses: 0x1cb4 Startzeit der fehlerhaften Anwendung: 0xiexplore.exe0 Pfad der fehlerhaften Anwendung: iexplore.exe1 Pfad des fehlerhaften Moduls: iexplore.exe2 Berichtskennung: iexplore.exe3 Error: (11/13/2014 06:09:13 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: iexplore.exe, Version: 11.0.9600.17420, Zeitstempel: 0x545ad233 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000 ID des fehlerhaften Prozesses: 0x374 Startzeit der fehlerhaften Anwendung: 0xiexplore.exe0 Pfad der fehlerhaften Anwendung: iexplore.exe1 Pfad des fehlerhaften Moduls: iexplore.exe2 Berichtskennung: iexplore.exe3 Error: (11/13/2014 05:58:31 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: Gmer-19357.exe, Version: 2.1.19357.0, Zeitstempel: 0x52e7ea83 Name des fehlerhaften Moduls: Gmer-19357.exe, Version: 2.1.19357.0, Zeitstempel: 0x52e7ea83 Ausnahmecode: 0xc0000409 Fehleroffset: 0x000728d6 ID des fehlerhaften Prozesses: 0x1294 Startzeit der fehlerhaften Anwendung: 0xGmer-19357.exe0 Pfad der fehlerhaften Anwendung: Gmer-19357.exe1 Pfad des fehlerhaften Moduls: Gmer-19357.exe2 Berichtskennung: Gmer-19357.exe3 Error: (11/13/2014 06:42:14 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: Gmer-19357.exe, Version: 2.1.19357.0, Zeitstempel: 0x52e7ea83 Name des fehlerhaften Moduls: Gmer-19357.exe, Version: 2.1.19357.0, Zeitstempel: 0x52e7ea83 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00012298 ID des fehlerhaften Prozesses: 0xb88 Startzeit der fehlerhaften Anwendung: 0xGmer-19357.exe0 Pfad der fehlerhaften Anwendung: Gmer-19357.exe1 Pfad des fehlerhaften Moduls: Gmer-19357.exe2 Berichtskennung: Gmer-19357.exe3 Error: (11/13/2014 05:58:40 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: iexplore.exe, Version: 11.0.9600.17420, Zeitstempel: 0x545ad233 Name des fehlerhaften Moduls: nvd3dum.dll, Version: 9.18.13.2702, Zeitstempel: 0x521fbdc1 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00697af3 ID des fehlerhaften Prozesses: 0x1524 Startzeit der fehlerhaften Anwendung: 0xiexplore.exe0 Pfad der fehlerhaften Anwendung: iexplore.exe1 Pfad des fehlerhaften Moduls: iexplore.exe2 Berichtskennung: iexplore.exe3 Error: (11/13/2014 06:30:26 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "RegSetValueExW(0x0000014c,SYSTEM\CurrentControlSet\Services\VSS\Diag\VssvcPublisher,0,REG_BINARY,01D9FAF0.64)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert . Error: (11/13/2014 06:30:26 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "RegSetValueExW(0x000009c4,(null),0,REG_BINARY,0498F170.64)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert . Vorgang: BackupShutdown-Ereignis Kontext: Ausführungskontext: Writer Generatorklassen-ID: {cd3f2362-8bef-46c7-9181-d62844cdc0b2} Generatorname: MSSearch Service Writer Generatorinstanz-ID: {cc3f4313-4eba-4fbf-8702-5ef03b72e175} Error: (11/13/2014 06:30:26 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "RegSetValueExW(0x000007d4,(null),0,REG_BINARY,018FEBF8.64)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert . Vorgang: BackupShutdown-Ereignis Kontext: Ausführungskontext: Writer Generatorklassen-ID: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0} Generatorname: WMI Writer Generatorinstanz-ID: {7f6105d1-3504-48e4-b88c-fcad8cfbfa7b} Error: (11/13/2014 06:30:26 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "RegSetValueExW(0x000004b0,(null),0,REG_BINARY,0309EA98.64)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert . Vorgang: BackupShutdown-Ereignis Kontext: Ausführungskontext: Writer Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220} Generatorname: System Writer Generatorinstanz-ID: {6c0a7c25-135f-468a-bd78-637ea44f3b1e} Error: (11/13/2014 06:30:26 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "RegSetValueExW(0x000007d4,(null),0,REG_BINARY,018FEBE4.64)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert . Vorgang: BackupShutdown-Ereignis Kontext: Ausführungskontext: Writer Generatorklassen-ID: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0} Generatorname: WMI Writer Generatorinstanz-ID: {7f6105d1-3504-48e4-b88c-fcad8cfbfa7b} System errors: ============= Error: (11/17/2014 08:35:32 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Avira Service Host erreicht. Error: (11/17/2014 08:35:09 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC) Error: (11/17/2014 08:34:10 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Mobile Partner. OUC" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (11/17/2014 08:34:10 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Mobile Partner. OUC erreicht. Error: (11/17/2014 08:35:37 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC) Error: (11/17/2014 08:34:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Mobile Partner. OUC" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (11/17/2014 08:34:26 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Mobile Partner. OUC erreicht. Error: (11/17/2014 09:08:55 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: {995C996E-D918-4A8C-A302-45719A6F4EA7} Error: (11/17/2014 08:35:20 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst TomTomHOMEService erreicht. Error: (11/17/2014 08:35:11 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC) Microsoft Office Sessions: ========================= Error: (11/13/2014 06:09:31 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: iexplore.exe11.0.9600.17420545ad233unknown0.0.0.000000000c0000005000000001cb401cfff6496a38d6cC:\Program Files\Internet Explorer\iexplore.exeunknownd4e1bbb7-6b57-11e4-9398-00a0d1ad0be0 Error: (11/13/2014 06:09:13 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: iexplore.exe11.0.9600.17420545ad233unknown0.0.0.000000000c00000050000000037401cfff68bb8f979cC:\Program Files\Internet Explorer\iexplore.exeunknownca32e58c-6b57-11e4-9398-00a0d1ad0be0 Error: (11/13/2014 05:58:31 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Gmer-19357.exe2.1.19357.052e7ea83Gmer-19357.exe2.1.19357.052e7ea83c0000409000728d6129401cfff6a79f0f186C:\Users\mario\Desktop\Gmer-19357.exeC:\Users\mario\Desktop\Gmer-19357.exe4c20ba66-6b56-11e4-9397-00a0d1ad0be0 Error: (11/13/2014 06:42:14 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Gmer-19357.exe2.1.19357.052e7ea83Gmer-19357.exe2.1.19357.052e7ea83c000000500012298b8801cfff6868e43098C:\Users\mario\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HGQ67DI0\Gmer-19357.exeC:\Users\mario\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HGQ67DI0\Gmer-19357.exe669951f5-6b5c-11e4-9395-00a0d1ad0be0 Error: (11/13/2014 05:58:40 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: iexplore.exe11.0.9600.17420545ad233nvd3dum.dll9.18.13.2702521fbdc1c000000500697af3152401cfff6322663768C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\nvd3dum.dll50cec5db-6b56-11e4-932c-00a0d1ad0be0 Error: (11/13/2014 06:30:26 PM) (Source: VSS) (EventID: 8193) (User: ) Description: RegSetValueExW(0x0000014c,SYSTEM\CurrentControlSet\Services\VSS\Diag\VssvcPublisher,0,REG_BINARY,01D9FAF0.64)0x80070005, Zugriff verweigert Error: (11/13/2014 06:30:26 PM) (Source: VSS) (EventID: 8193) (User: ) Description: RegSetValueExW(0x000009c4,(null),0,REG_BINARY,0498F170.64)0x80070005, Zugriff verweigert Vorgang: BackupShutdown-Ereignis Kontext: Ausführungskontext: Writer Generatorklassen-ID: {cd3f2362-8bef-46c7-9181-d62844cdc0b2} Generatorname: MSSearch Service Writer Generatorinstanz-ID: {cc3f4313-4eba-4fbf-8702-5ef03b72e175} Error: (11/13/2014 06:30:26 PM) (Source: VSS) (EventID: 8193) (User: ) Description: RegSetValueExW(0x000007d4,(null),0,REG_BINARY,018FEBF8.64)0x80070005, Zugriff verweigert Vorgang: BackupShutdown-Ereignis Kontext: Ausführungskontext: Writer Generatorklassen-ID: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0} Generatorname: WMI Writer Generatorinstanz-ID: {7f6105d1-3504-48e4-b88c-fcad8cfbfa7b} Error: (11/13/2014 06:30:26 PM) (Source: VSS) (EventID: 8193) (User: ) Description: RegSetValueExW(0x000004b0,(null),0,REG_BINARY,0309EA98.64)0x80070005, Zugriff verweigert Vorgang: BackupShutdown-Ereignis Kontext: Ausführungskontext: Writer Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220} Generatorname: System Writer Generatorinstanz-ID: {6c0a7c25-135f-468a-bd78-637ea44f3b1e} Error: (11/13/2014 06:30:26 PM) (Source: VSS) (EventID: 8193) (User: ) Description: RegSetValueExW(0x000007d4,(null),0,REG_BINARY,018FEBE4.64)0x80070005, Zugriff verweigert Vorgang: BackupShutdown-Ereignis Kontext: Ausführungskontext: Writer Generatorklassen-ID: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0} Generatorname: WMI Writer Generatorinstanz-ID: {7f6105d1-3504-48e4-b88c-fcad8cfbfa7b} CodeIntegrity Errors: =================================== Date: 2014-01-24 21:39:55.566 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-01-09 19:41:39.944 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-01-09 19:41:21.676 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-01-09 19:43:05.386 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-01-09 19:42:17.164 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. ==================== Memory info =========================== Processor: Intel(R) Core(TM)2 Duo CPU P8400 @ 2.26GHz Percentage of memory in use: 49% Total physical RAM: 3068.96 MB Available physical RAM: 1552.9 MB Total Pagefile: 6136.22 MB Available Pagefile: 4396.35 MB Total Virtual: 2047.88 MB Available Virtual: 1921.52 MB ==================== Drives ================================ Drive c: (ACER) (Fixed) (Total:465.76 GB) (Free:230.48 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: (DVDVolume) (CDROM) (Total:4.01 GB) (Free:0 GB) UDF ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 4EBF5754) Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS) ==================== End Of Log ============================[/CODE] Geändert von marioh69 (17.11.2014 um 22:30 Uhr) |
|
17.11.2014, 22:12
| #9 |
| | LOGDATEI AdwCleaner,MBAM undZoek SERVUS ICH HOFFE DAS ICH DIESMAL ALLES RICHTIG GEMACHT HABE VIELEN DANK FÜR DEIN BEMÜHEN P.S MUSS AUFTEILEN WEIL NICHT ALLES PASST  Geändert von marioh69 (17.11.2014 um 22:27 Uhr) |
|
18.11.2014, 13:07
| #10 |
| /// TB-Ausbilder | Frst und addition logfiles Wir entfernen die letzten Reste und kontrollieren nochmal alles. EEK und ESET können länger (> 2 h) dauern. Im Anschluss entfernen wir alle verwendeten Tools und ich gebe dir noch ein paar Tipps mit auf den Weg. Schritt 1 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter start
CloseProcesses:
CustomCLSID: HKU\S-1-5-21-943191095-2846990741-2943127497-1001_Classes\CLSID\{D3F69D07-0AEE-47AF-87D0-1A67D4F70C68}\InprocServer32 -> C:\Users\mario\AppData\LocalLow\DVDVideoSoftTB\prxtbDVDV.dll No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
C:\Users\mario\start32bitprogram.exe
EmptyTemp:
end
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Schritt 2 Lade Dir bitte von hier  Emsisoft Emergency Kit herunter.
Schritt 3 ESET Online Scanner
Schritt 4 Downloade Dir bitte  SecurityCheck und:
Bitte poste mit deiner nächsten Antwort
|
|
19.11.2014, 19:43
| #11 |
| | Frst und addition logfilesCode:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 17-11-2014
Ran by mario at 2014-11-17 21:06:33 Run:1
Running from C:\Users\mario\Desktop
Loaded Profiles: mario & UpdatusUser (Available profiles: mario & UpdatusUser)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
start
CloseProcesses:
CustomCLSID: HKU\S-1-5-21-943191095-2846990741-2943127497-1001_Classes\CLSID\{D3F69D07-0AEE-47AF-87D0-1A67D4F70C68}\InprocServer32 -> C:\Users\mario\AppData\LocalLow\DVDVideoSoftTB\prxtbDVDV.dll No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
C:\Users\mario\start32bitprogram.exe
EmptyTemp:
end
*****************
Processes closed successfully.
"HKU\S-1-5-21-943191095-2846990741-2943127497-1001_Classes\CLSID\{D3F69D07-0AEE-47AF-87D0-1A67D4F70C68}" => Key deleted successfully.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
C:\Users\mario\start32bitprogram.exe => Moved successfully.
EmptyTemp: => Removed 685.2 MB temporary data.
The system needed a reboot.
==== End of Fixlog ====
|
|
20.11.2014, 14:39
| #12 |
| /// TB-Ausbilder | Frst und addition logfiles Servus, gut gemacht. Fehlen nur noch die Schritte 2,3 und 4. |
|
21.11.2014, 17:10
| #13 |
| | Frst und addition logfilesCode:
ATTFilter Emsisoft Emergency Kit - Version 9.0
Letztes Update: 17.11.2014 20:58:58
Benutzerkonto: mario-PC\mario
Scan Einstellungen:
Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\
PUPs-Erkennung: An
Archiv Scan: An
ADS Scan: An
Dateitypen-Filter: Aus
Erweitertes Caching: An
Direkter Festplattenzugriff: Aus
Scan Beginn: 17.11.2014 20:59:55
C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\t3k3gzn5.default\Extensions\toolbar@web.de gefunden: Application.FireExt (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\W3I gefunden: Application.InstallAd (A)
C:\AdwCleaner\Quarantine\C\Program Files\Common Files\DVDVideoSoft\TB\ConduitInstaller.exe.vir gefunden: Application.Toolbar (A)
C:\ProgramData\Avira\AntiVir Desktop\INFECTED\5047f370.qua -> (Quarantine-8) gefunden: Gen:Variant.Adware.Zusy.103904 (B)
C:\Windows.old\Program Files\Acer GameZone\Jewel Quest Solitaire\aJewelQuestSolitaire.exe gefunden: Trojan.Generic.11825966 (B)
Gescannt 317185
Gefunden 5
Scan Ende: 17.11.2014 21:32:53
Scan Zeit: 0:32:58
C:\Windows.old\Program Files\Acer GameZone\Jewel Quest Solitaire\aJewelQuestSolitaire.exe Quarantäne Trojan.Generic.11825966 (B)
C:\ProgramData\Avira\AntiVir Desktop\INFECTED\5047f370.qua Quarantäne Gen:Variant.Adware.Zusy.103904 (B)
C:\AdwCleaner\Quarantine\C\Program Files\Common Files\DVDVideoSoft\TB\ConduitInstaller.exe.vir Quarantäne Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\W3I Quarantäne Application.InstallAd (A)
C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\t3k3gzn5.default\Extensions\toolbar@web.de Quarantäne Application.FireExt (A)
Quarantäne 5
C:\AdwCleaner\Quarantine\C\ProgramData\VisualBee\VisualBeeSoftware.exe.vir Variante von Win32/Toolbar.Babylon.A evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Users\mario\AppData\Local\VisualBeeExe\conduitinstaller.exe.vir Win32/Toolbar.Conduit evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Users\mario\AppData\Local\VisualBeeExe\MyBabylonTB.exe.vir Variante von Win32/Toolbar.Babylon.A evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Users\mario\AppData\LocalLow\DVDVideoSoftTB\hk64tbDVDV.dll.vir Variante von Win64/Toolbar.Conduit.B evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Users\mario\AppData\LocalLow\DVDVideoSoftTB\hktbDVDV.dll.vir Variante von Win32/Toolbar.Conduit.X evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Users\mario\AppData\LocalLow\DVDVideoSoftTB\ldrtbDVDV.dll.vir Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Users\mario\AppData\LocalLow\DVDVideoSoftTB\prxtbDVDV.dll.vir Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Users\mario\AppData\LocalLow\DVDVideoSoftTB\tbDVDV.dll.vir Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Users\mario\AppData\LocalLow\DVDVideoSoftTB\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.6.12\bin\PriceGongIE.dll.vir Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\t3k3gzn5.default\Extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ctypes\FirefoxCtype.dll.vir Variante von Win32/Conduit.SearchProtect.N evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\t3k3gzn5.default\Extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\Plugins\npFirefoxPlugin.dll.vir Variante von Win32/Conduit.SearchProtect.N evtl. unerwünschte Anwendung
C:\Program Files\Doblon\Karaoke Video Creator\Power_Karaoke.exe Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung
C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\t3k3gzn5.default\extensions\{e97a8b1d-ea32-4839-9c97-b92ab27cb15e}\ctypes\FirefoxCtype.dll Variante von Win32/Conduit.SearchProtect.N evtl. unerwünschte Anwendung
C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\t3k3gzn5.default\extensions\{e97a8b1d-ea32-4839-9c97-b92ab27cb15e}\Plugins\npFirefoxPlugin.dll Variante von Win32/Conduit.SearchProtect.N evtl. unerwünschte Anwendung
C:\Users\mario\Downloads\FreeVideoToSamsungPhonesConverter (1).exe Win32/Toolbar.Conduit evtl. unerwünschte Anwendung
C:\Users\mario\Downloads\FreeVideoToSamsungPhonesConverter.exe Win32/Toolbar.Conduit evtl. unerwünschte Anwendung
C:\Users\mario\Downloads\FreeYouTubeDownload (1).exe Win32/Toolbar.Conduit evtl. unerwünschte Anwendung
C:\Users\mario\Downloads\FreeYouTubeDownload.exe Win32/Toolbar.Conduit evtl. unerwünschte Anwendung
C:\Users\mario\Pictures\registrybooster.exe Win32/RegistryBooster evtl. unerwünschte Anwendung
Results of screen317's Security Check version 0.99.89
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Avira Desktop
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
CCleaner
Java 7 Update 67
Java 8 Update 25
Adobe Flash Player 15.0.0.223
Adobe Reader XI
Mozilla Firefox (33.1)
Google Chrome 35.0.1916.114
Google Chrome 38.0.2125.111
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbam.exe
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
Malwarebytes Anti-Malware mbamscheduler.exe
Mobile Partner OnlineUpdate ouc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
Danke an euch alle für eure hilfe Keine ahnung warum aber das datum verstellt sich immer wieder also danach dürft ihr nicht schauen ich denk das es die memory-batterie ist |
|
21.11.2014, 17:47
| #14 |
| /// TB-Ausbilder | Frst und addition logfiles Reste entfernen Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter start
CloseProcesses:
C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\t3k3gzn5.default\extensions\{e97a8b1d-ea32-4839-9c97-b92ab27cb15e}
C:\Users\mario\Downloads\FreeYouTubeDownloa*.exe
C:\Users\mario\Pictures\registrybooster.exe
C:\Users\mario\Downloads\FreeVideoToSamsungPhonesConverte*.exe
end
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Die Fixlog von FRST gleich posten, da diese sonst mit DelFix (siehe weiter unten) automatisch entfernt wird! Hinweis: Registry Cleaner Ich sehe, dass du sogenannte Registry Cleaner installiert hast. In deinem Fall CCleaner. Wir raten von der Verwendung jeglicher Art von Registry Cleaner ab. Der Grund ist ganz einfach: Die Registry ist das Hirn des Systems. Funktioniert das Hirn nicht, funktioniert der Rest nicht mehr wirklich. Man sollte nicht unnötigerweise an der Registry rumbasteln. Schon ein kleiner Fehler kann gravierende Folgen haben und auch Programme machen manchmal Fehler. Zerstörst du die Registry, zerstörst du Windows. Zudem ist der Nutzen zur Performancesteigerung umstritten und meist kaum im wahrnehmbaren Bereich. Ich würde dir empfehlen, Registry Cleaner nicht weiterhin zu verwenden und über Start --> Systemsteuerung --> Software (bei Windows XP)zu deinstallieren. Wenn du keine Probleme mehr mit Malware hast, dann sind wir hier fertig. Deine Logdateien sind sauber. Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern. Schritt 1 Ändere regelmäßig alle deine Passwörter, jetzt nach der Bereinigung ist ein idealer Zeitpunkt dafür!
Schritt 2 Du verwendest veraltete Software auf deinem Rechner, was ein Sicherheitsrisiko darstellt. Daher solltest du veraltete Software deinstallieren und anschließend die aktuellste Version installieren. Folge dem Pfad Start > Systemsteuerung > Sofware / Programme deinstallieren. Deinstalliere die folgenden Programme von deinem Rechner:
Downloade und installiere dir bitte nun:Starte deinen Rechner nach der Installation neu auf. Schritt 3 Die Reihenfolge ist hier entscheidend.
Schritt 4 Abschließend habe ich noch ein paar Tipps zur Absicherung deines Systems. Ich kann gar nicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti-Viren-Programm und zusätzlicher Schutz
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden. Mozilla Firefox
Performance
Was du vermeiden solltest:
Nun bleibt mir nur noch dir viel Spaß beim sicheren Surfen zu wünschen... ... und vielleicht möchtest du ja das Trojaner-Board unterstützen? Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann. |
|
22.11.2014, 17:18
| #15 |
| | Frst und addition logfilesCode:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 22-11-2014
Ran by mario at 2014-11-20 18:00:26 Run:2
Running from C:\Users\mario\Desktop
Loaded Profiles: mario & UpdatusUser (Available profiles: mario & UpdatusUser)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
start
CloseProcesses:
C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\t3k3gzn5.default\extensions\{e97a8b1d-ea32-4839-9c97-b92ab27cb15e}
C:\Users\mario\Downloads\FreeYouTubeDownloa*.exe
C:\Users\mario\Pictures\registrybooster.exe
C:\Users\mario\Downloads\FreeVideoToSamsungPhonesConverte*.exe
end
*****************
Processes closed successfully.
C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\t3k3gzn5.default\extensions\{e97a8b1d-ea32-4839-9c97-b92ab27cb15e} => Moved successfully.
C:\Users\mario\Downloads\FreeYouTubeDownloa*.exe => Moved successfully.
C:\Users\mario\Pictures\registrybooster.exe => Moved successfully.
C:\Users\mario\Downloads\FreeVideoToSamsungPhonesConverte*.exe => Moved successfully.
The system needed a reboot.
==== End of Fixlog ====
Code:
ATTFilter # DelFix v10.8 - Datei am 20/11/2014 um 18:05:03 erstellt
# Aktualisiert am 29/07/2014 von Xplode
# Benutzer : mario - MARIO-PC
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
~ Aktiviere die Benutzerkontensteuerung ... OK
~ Entferne die Bereinigungsprogramme ...
Gelöscht : C:\Users\mario\Desktop\FRST-OlderVersion
Gelöscht : C:\Users\mario\Desktop\Addition.txt
Gelöscht : C:\Users\mario\Desktop\AdwCleaner_4.101.exe
Gelöscht : C:\Users\mario\Desktop\Fixlog.txt
Gelöscht : C:\Users\mario\Desktop\FRST.txt
Gelöscht : C:\Users\mario\Desktop\zoek-results.txt
Gelöscht : C:\Users\mario\Desktop\zoek.exe
~ Erstelle ein Backup der Registrierungsdatenbank ... OK
~ Lösche die Wiederherstellungspunkte ...
Gelöscht : RP #378 [Ende der Bereinigung | 11/20/2014 16:59:43]
Ein neuer Wiederherstellungspunkt wurde erstellt !
~ Stelle die Systemeinstellungen wieder her ... OK
########## - EOF - ##########
ich denke es dürfte jetzt alles in ordnung sein und noch mals danke das es euch gibt lg mario |
|
Linear-Darstellung
