| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Deinstallation von PC PerformerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
16.12.2014, 22:48
| #1 |
 |  Deinstallation von PC Performer Liebe Trojaner-Board-Helfer, im Mai habe ich (unbewusst) PC Performer installiert und kann ihn nun nicht mehr deinstallieren. Könnt ihr mir bei der Deinstallation helfen? Vielen Dank und liebe Grüße Verena |
|
16.12.2014, 23:41
| #2 |
| /// the machine /// TB-Ausbilder    | Deinstallation von PC Performer hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
17.12.2014, 10:08
| #3 |
| | Deinstallation von PC Performer Vielen Dank für die schnelle Hilfe!
__________________Hier FRST FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-12-2014 01
Ran by Verena (administrator) on VERENA-PC on 17-12-2014 09:49:12
Running from C:\Users\Verena\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4K0LYBQE
Loaded Profiles: UpdatusUser & Verena (Available profiles: UpdatusUser & Verena)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(Pandora.TV) C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(Samsung Electronics Co., Ltd.) C:\Windows\System32\spool\drivers\x64\3\NetFaxServer64.exe
(PandoraTV) C:\Program Files (x86)\PANDORA.TV\PanService\PanProcess.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(brother) C:\Program Files (x86)\Brownie\BrStsW64.exe
() C:\Windows\Samsung\PanelMgr\SSMMgr.exe
() C:\Windows\twain_32\Samsung\CLX3180\Scan2Pc.exe
() C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
() C:\Windows\Samsung\PanelMgr\caller64.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brownie\BRNIPMON.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(brother) C:\Program Files (x86)\Brownie\brpjp04a.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Dropbox, Inc.) C:\Users\Verena\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_15_0_0_246_ActiveX.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2589992 2011-04-05] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12673128 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277480 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [Power Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1831016 2011-08-02] (Acer Incorporated)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [297280 2011-04-24] (NTI Corporation)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1103440 2011-07-01] (Dritek System Inc.)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Dolby PCEE4\pcee4.exe [506712 2011-06-01] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [341360 2011-09-20] (Egis Technology Inc.)
HKLM-x32\...\Run: [BrStsWnd] => C:\Program Files (x86)\Brownie\BrstsW64.exe [3695984 2011-03-25] (brother)
HKLM-x32\...\Run: [Samsung PanelMgr] => C:\Windows\Samsung\PanelMgr\SSMMgr.exe [688128 2011-07-06] ()
HKLM-x32\...\Run: [CLX3180_Scan2Pc] => C:\Windows\Twain_32\Samsung\CLX3180\Scan2pc.exe [1990144 2011-04-29] ()
HKLM-x32\...\Run: [3180 Scan2PC] => C:\Windows\twain_32\Samsung\CLX3180\Scan2Pc.exe [1990144 2011-04-29] ()
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [mobilegeni daemon] => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe [748736 2014-10-11] ()
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707472 2014-03-12] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [TkBellExe] => c:\program files (x86)\real\realplayer\update\realsched.exe [295072 2012-12-16] (RealNetworks, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-1577607291-3742472165-1464039351-1000\...\Run: [AVG-Secure-Search-Update_JUNE2013_TB] => "C:\Program Files (x86)\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe" /PROMPT /CMPID=JUNE2013_TB
HKU\S-1-5-21-1577607291-3742472165-1464039351-1000\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-1577607291-3742472165-1464039351-1001\...\Run: [NextLive] => C:\Windows\SysWOW64\rundll32.exe "C:\Users\Verena\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l
HKU\S-1-5-21-1577607291-3742472165-1464039351-1001\...\Run: [mikporw] => C:\Windows\system32\rundll32.exe "C:\Users\Verena\AppData\Local\mikporw.dll",mikporw <===== ATTENTION
HKU\S-1-5-21-1577607291-3742472165-1464039351-1001\...\RunOnce: [Adobe Speed Launcher] => 1418760842
HKU\S-1-5-21-1577607291-3742472165-1464039351-1001\...\Winlogon: [Shell] C:\Windows\explorer.exe [2871808 2011-07-14] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
AppInit_DLLs: c:\windows\system32\nvinitx.dll => c:\windows\system32\nvinitx.dll [241984 2011-10-16] (NVIDIA Corporation)
AppInit_DLLs: C:\PROGRA~3\INTERE~1\INTERE~2.DLL => C:\ProgramData\Interenet Optimizer\InterenetOptimizer_x64.dll [4302848 2014-11-22] ()
AppInit_DLLs-x32: c:\progra~3\intere~1\intere~1.dll => c:\ProgramData\Interenet Optimizer\InterenetOptimizer.dll [4125696 2014-11-22] ()
Startup: C:\Users\Verena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Verena\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Verena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Mysearchdial Search
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = Google
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Google
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = Google
HKU\S-1-5-21-1577607291-3742472165-1464039351-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = Upgrade to Google Chrome
HKU\S-1-5-21-1577607291-3742472165-1464039351-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Upgrade to Google Chrome
HKU\S-1-5-21-1577607291-3742472165-1464039351-1001\Software\Microsoft\Internet Explorer\Main,Start Page = Google
URLSearchHook: HKU\S-1-5-21-1577607291-3742472165-1464039351-1001 - (No Name) - {78e516ef-11de-47a1-8364-a99b917ec5ee} - No File
SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd0101&cd=2XzuyEtN2Y1L1Qzu0EyE0DyDtA0D0AtCzyyCyEyEyEyC0C0EtN0D0Tzu0SyByDtDtN1L2XzutBtFtBtFtCyDtFtCyDzytBtN1L1CzutDzytDtCtG1T&cr=1780154535&ir=
SearchScopes: HKLM -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd0101&cd=2XzuyEtN2Y1L1Qzu0EyE0DyDtA0D0AtCzyyCyEyEyEyC0C0EtN0D0Tzu0SyByDtDtN1L2XzutBtFtBtFtCyDtFtCyDzytBtN1L1CzutDzytDtCtG1T&cr=1780154535&ir=
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
SearchScopes: HKU\.DEFAULT -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
SearchScopes: HKU\S-1-5-21-1577607291-3742472165-1464039351-1001 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1577607291-3742472165-1464039351-1001 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKU\S-1-5-21-1577607291-3742472165-1464039351-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1577607291-3742472165-1464039351-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1577607291-3742472165-1464039351-1001 -> {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL =
BHO: Speed Test 127 -> {11C8C9C0-D918-44C0-8B5E-D297DA42F2C7} -> C:\Program Files (x86)\Speed Test 127\ScriptHost64.dll (BestOffers)
BHO: Adblock IE -> {667BEE43-20BD-4CE3-94AC-E63E04D4B191} -> C:\Program Files\MGTEK\Adblock IE\adblockie.dll (MGTEK)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Free Games 111 -> {C45EC9F0-8333-465D-9728-074BD41985C9} -> C:\Program Files (x86)\Free Games 111\ScriptHost64.dll (BestOffers)
BHO-x32: Speed Test 127 -> {11C8C9C0-D918-44C0-8B5E-D297DA42F2C7} -> C:\Program Files (x86)\Speed Test 127\ScriptHost.dll (BestOffers)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: SwissAcademic.Citavi.Picker.IEPicker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Adblock IE -> {667BEE43-20BD-4CE3-94AC-E63E04D4B191} -> C:\Program Files (x86)\MGTEK\Adblock IE\adblockie.dll (MGTEK)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Free Games 111 -> {C45EC9F0-8333-465D-9728-074BD41985C9} -> C:\Program Files (x86)\Free Games 111\ScriptHost.dll (BestOffers)
Toolbar: HKU\S-1-5-21-1577607291-3742472165-1464039351-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: HKLM {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011
FF DefaultSearchEngine: Yahoo MSD
FF SearchEngineOrder.1: Mysearchdial
FF SelectedSearchEngine: Yahoo MSD
FF Keyword.URL:
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.5.1 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/SAFFPlugin -> C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.0.282 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.0 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.0 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.0 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.0.282 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\4\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\user.js
FF SearchPlugin: C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\searchplugins\conduit-search.xml
FF SearchPlugin: C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\searchplugins\Mysearchdial.xml
FF SearchPlugin: C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\searchplugins\yahoo-msd.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\webssearches.xml
FF Extension: Amazon-Icon - C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\Extensions\amazon-icon@giga.de [2014-11-01]
FF Extension: Fast Start - C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\Extensions\faststartff@gmail.com [2014-11-01]
FF Extension: mysearchdial.com - C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\Extensions\ffxtlbr@mysearchdial.com [2014-01-27]
FF Extension: Foxi Security - C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\Extensions\foxi@securitii-dhfjs.com [2014-11-01]
FF Extension: Free Games 111 - C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\Extensions\freegames4357@BestOffers [2014-05-01]
FF Extension: dealster - C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\Extensions\PJ51@yhV.com [2014-12-01]
FF Extension: Simple New Tab - C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\Extensions\snt@dotlabs.co [2013-11-28]
FF Extension: Speed Test 127 - C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\Extensions\speedtest4354@BestOffers [2014-05-01]
FF Extension: OfferMosquito - C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\Extensions\om@offermosquito.com.xpi [2014-01-16]
FF Extension: Simple New Tab - C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\Extensions\snt@dotlabs.co.xpi [2013-12-16]
FF Extension: Suche App - C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\Extensions\{47744fca-0011-4ba5-ba33-24ae19355a42}.xpi [2014-07-26]
FF Extension: MySearchDial - C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\Extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}.xpi [2014-03-17]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF HKLM-x32\...\Firefox\Extensions: [{34712C68-7391-4c47-94F3-8F88D49AD632}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2012-12-16]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Verena\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (BetterAds) - C:\Users\Verena\AppData\Local\Google\Chrome\User Data\Default\Extensions\cacclhdpfoingihegojhoipnihfnoaki [2013-05-02]
CHR Extension: (OfferMosquito) - C:\Users\Verena\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbmdkmlcnbapgegninelmjbfibaghdmk [2013-07-24]
CHR Extension: (Bootstrap Twitter Offline Docs) - C:\Users\Verena\AppData\Local\Google\Chrome\User Data\Default\Extensions\gihkgljdimgfffabkemicpaeljmoobil [2014-12-06]
CHR Extension: (Fuskr) - C:\Users\Verena\AppData\Local\Google\Chrome\User Data\Default\Extensions\glieaboaghdnlglpkekghloldikefofo [2014-12-16]
CHR Extension: (RealDownloader) - C:\Users\Verena\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-05-02]
CHR Extension: (Any New Tab) - C:\Users\Verena\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfenflmklmpohipcckmagnmbmbibnolo [2013-11-28]
CHR Extension: (Wajam) - C:\Users\Verena\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp [2014-04-28]
CHR Extension: (Remote Desktop auto discovery) - C:\Users\Verena\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljmpghknnfhlgcgchochgijlgjpmhhfo [2014-11-23]
CHR Extension: (AVG Security Toolbar) - C:\Users\Verena\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2013-05-02]
CHR Extension: (No Name) - C:\Users\Verena\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj [2013-09-17]
CHR Extension: (Simple New Tab) - C:\Users\Verena\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmgkeimkiojpjcoiiipekfjaopchhjga [2013-12-27]
CHR Extension: (Extutil) - C:\Users\Verena\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B [2014-04-28]
CHR Extension: (Managera) - C:\Users\Verena\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42 [2014-04-28]
CHR Extension: (ApptoU) - C:\ProgramData\meiloodpcmaeadffghmjokemifmbeaba\ [2014-04-28]
CHR HKLM\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\Verena\AppData\Local\mysearchdial-speeddial.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [cacclhdpfoingihegojhoipnihfnoaki] - C:\Users\Verena\AppData\Local\MediaBA\betterads.crx [2012-11-06]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2012-11-29]
CHR HKLM-x32\...\Chrome\Extension: [jpmbfleldcgkldadpdinhjjopdfpjfjp] - C:\Users\Verena\AppData\Local\Wajam\Chrome\wajam.crx [2013-12-31]
CHR HKLM-x32\...\Chrome\Extension: [niogeckbkdcabhnapjbkeiklablhjoca] - C:\Program Files (x86)\Perion\ChromeInfoBar\ChromeInfoBar.crx [Not Found]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 0c632643; c:\ProgramData\Interenet Optimizer\InterenetOptimizerSvc.dll [186192 2014-11-22] () [File not signed]
R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [108032 2014-02-04] (Freemake) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832 2011-04-24] (NTI Corporation)
R2 PanService; C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe [625304 2012-09-28] (Pandora.TV)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [38608 2012-11-29] ()
R2 Samsung Network Fax Server; C:\Windows\system32\spool\drivers\x64\3\NetFaxServer64.exe [229888 2011-04-28] (Samsung Electronics Co., Ltd.) [File not signed]
S2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [53816 2009-07-13] (Samsung Electronics Co., Ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52592 2014-03-12] (Cisco Systems, Inc.)
S3 b57xdbd; system32\DRIVERS\b57xdbd.sys [X]
S3 b57xdmp; system32\DRIVERS\b57xdmp.sys [X]
S3 bScsiMSa; system32\DRIVERS\bScsiMSa.sys [X]
S3 bScsiSDa; system32\DRIVERS\bScsiSDa.sys [X]
S1 rhqeqdug; \??\C:\Windows\system32\drivers\rhqeqdug.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-16 21:43 - 2014-12-17 09:49 - 00000000 ____D () C:\FRST
2014-12-16 12:30 - 2014-12-16 21:30 - 00000000 ____D () C:\ProgramData\WowCoupon
2014-12-16 12:28 - 2014-12-16 12:28 - 00000000 ____D () C:\ProgramData\meiloodpcmaeadffghmjokemifmbeaba
2014-12-16 12:28 - 2014-12-16 12:28 - 00000000 ____D () C:\ProgramData\LizardSales
2014-12-10 09:50 - 2014-12-16 21:16 - 00003118 _____ () C:\Windows\System32\Tasks\PC Performer
2014-12-06 10:01 - 2014-12-06 11:15 - 00000000 ____D () C:\ProgramData\PriceDownloader
2014-12-01 16:14 - 2014-12-17 09:44 - 00002968 _____ () C:\Windows\System32\Tasks\ReclaimerUpdateFiles_Verena
2014-12-01 16:14 - 2014-12-17 09:44 - 00000374 _____ () C:\Windows\Tasks\ReclaimerUpdateFiles_Verena.job
2014-12-01 16:14 - 2014-12-16 21:13 - 00000380 _____ () C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Verena.job
2014-12-01 16:14 - 2014-12-16 14:48 - 00000370 _____ () C:\Windows\Tasks\ReclaimerUpdateXML_Verena.job
2014-12-01 16:14 - 2014-12-11 13:29 - 00002964 _____ () C:\Windows\System32\Tasks\ReclaimerUpdateXML_Verena
2014-12-01 16:14 - 2014-12-01 16:14 - 00003618 _____ () C:\Windows\System32\Tasks\RNUpgradeHelperResumePrompt_Verena
2014-12-01 16:14 - 2014-12-01 16:14 - 00002672 _____ () C:\Windows\System32\Tasks\RNUpgradeHelperLogonPrompt_Verena
2014-11-30 15:27 - 2014-11-30 15:27 - 00001092 _____ () C:\Users\Public\Desktop\MuseScore.lnk
2014-11-30 15:27 - 2014-11-30 15:27 - 00000000 ____D () C:\Users\Verena\AppData\Roaming\MusE
2014-11-30 15:27 - 2014-11-30 15:27 - 00000000 ____D () C:\Users\Verena\AppData\Local\MusE
2014-11-30 15:26 - 2014-11-30 15:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MuseScore
2014-11-30 15:26 - 2014-11-30 15:26 - 00000000 ____D () C:\Program Files (x86)\MuseScore
2014-11-30 15:23 - 2014-11-30 15:23 - 00000739 _____ () C:\Windows\Debug.ini
2014-11-30 15:21 - 2014-11-30 15:21 - 00001039 _____ () C:\Users\Verena\Desktop\PriMusFree.lnk
2014-11-30 15:21 - 2014-11-30 15:21 - 00000000 ____D () C:\Users\Verena\Documents\PriMusFree
2014-11-30 15:21 - 2014-11-30 15:21 - 00000000 ____D () C:\Users\Verena\AppData\Roaming\Columbus Soft
2014-11-30 15:21 - 2014-11-30 15:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PriMusFree
2014-11-30 15:21 - 2014-11-30 15:21 - 00000000 ____D () C:\Program Files (x86)\PriMusFree
2014-11-30 13:38 - 2014-11-30 13:39 - 00000000 ____D () C:\Users\Verena\Documents\capella
2014-11-30 13:38 - 2014-11-30 13:38 - 00001958 _____ () C:\Users\Public\Desktop\capella 7.lnk
2014-11-30 13:38 - 2014-11-30 13:38 - 00000000 ____D () C:\Users\Verena\AppData\Roaming\capella-software
2014-11-30 13:38 - 2014-11-30 13:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\capella-software
2014-11-30 13:37 - 2014-11-30 13:37 - 00000000 ____D () C:\Program Files (x86)\capella-software
2014-11-29 10:01 - 2014-11-29 10:01 - 00000000 ____D () C:\ProgramData\DealsFactor
2014-11-23 11:16 - 2014-12-16 12:30 - 00000000 ____D () C:\ProgramData\499c43985399aa96
2014-11-23 11:16 - 2014-11-23 11:41 - 00000000 ____D () C:\ProgramData\websaver
2014-11-22 18:42 - 2014-11-22 18:42 - 00000000 ____D () C:\ProgramData\Interenet Optimizer
2014-11-20 14:40 - 2014-11-20 14:41 - 01313888 _____ () C:\Windows\Minidump\112014-48672-01.dmp
2014-11-19 15:06 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-19 15:06 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-19 15:06 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-19 15:06 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-19 07:32 - 2014-11-19 07:32 - 00000000 __SHD () C:\Users\Verena\AppData\Local\EmieBrowserModeList
2014-11-18 17:39 - 2014-11-18 17:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-17 09:45 - 2011-12-02 10:47 - 01180672 _____ () C:\Windows\WindowsUpdate.log
2014-12-17 09:44 - 2014-01-20 11:34 - 00000296 _____ () C:\Windows\Tasks\MySearchDial.job
2014-12-17 09:44 - 2014-01-20 11:34 - 00000296 _____ () C:\Windows\Tasks\Digital Sites.job
2014-12-17 09:44 - 2012-08-27 20:13 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-17 09:44 - 2012-05-07 17:32 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-16 22:58 - 2013-11-05 16:20 - 00000000 ____D () C:\Users\Verena\Documents\Outlook-Dateien
2014-12-16 22:10 - 2011-10-14 04:47 - 00000000 ____D () C:\ProgramData\Symantec
2014-12-16 22:06 - 2012-11-18 17:47 - 00000000 ____D () C:\ProgramData\Thomson.ResearchSoft.Installers
2014-12-16 22:03 - 2013-07-24 10:57 - 00007289 _____ () C:\Windows\wininit.ini
2014-12-16 22:03 - 2012-12-18 20:01 - 00000000 ____D () C:\Users\Verena\AppData\Local\Unity
2014-12-16 21:58 - 2014-01-23 20:28 - 00010115 _____ () C:\Windows\setupact.log
2014-12-16 21:58 - 2011-10-14 04:20 - 00000000 ____D () C:\Program Files\Broadcom
2014-12-16 21:47 - 2009-07-14 05:45 - 00024400 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-16 21:47 - 2009-07-14 05:45 - 00024400 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-16 21:18 - 2011-12-02 19:39 - 00699666 _____ () C:\Windows\system32\perfh007.dat
2014-12-16 21:18 - 2011-12-02 19:39 - 00149774 _____ () C:\Windows\system32\perfc007.dat
2014-12-16 21:18 - 2009-07-14 06:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-16 21:16 - 2014-11-02 17:04 - 00000000 ___RD () C:\Users\Verena\Dropbox
2014-12-16 21:16 - 2014-11-02 17:03 - 00000000 ____D () C:\Users\Verena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-12-16 21:16 - 2014-11-02 17:02 - 00000000 ____D () C:\Users\Verena\AppData\Roaming\Dropbox
2014-12-16 21:13 - 2014-10-11 13:14 - 00000000 ____D () C:\Users\Verena\AppData\Roaming\newnext.me
2014-12-16 21:13 - 2014-01-26 16:00 - 00003366 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1577607291-3742472165-1464039351-1001
2014-12-16 21:13 - 2014-01-26 16:00 - 00003234 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1577607291-3742472165-1464039351-1001
2014-12-16 21:13 - 2013-05-31 17:33 - 00000350 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2014-12-16 21:13 - 2012-05-07 17:32 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-16 21:13 - 2012-04-15 11:24 - 00000585 _____ () C:\Windows\Brownie.ini
2014-12-16 21:12 - 2014-05-01 18:28 - 00000278 _____ () C:\Windows\Tasks\PC Performer_DEFAULT.job
2014-12-16 21:12 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-16 21:10 - 2012-04-14 21:41 - 00000000 ____D () C:\Users\Verena\AppData\Roaming\Skype
2014-12-16 12:23 - 2012-12-24 08:56 - 00000454 ____H () C:\Windows\Tasks\Norton Security Scan for Verena.job
2014-12-11 16:21 - 2013-07-21 21:09 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-10 19:28 - 2014-05-01 18:28 - 00000286 _____ () C:\Windows\Tasks\PC Performer_UPDATES.job
2014-12-10 09:50 - 2012-08-27 20:13 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-10 09:50 - 2012-08-27 20:13 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-10 09:50 - 2011-10-14 04:49 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-01 18:23 - 2012-04-13 15:57 - 00000000 ____D () C:\Users\Verena
2014-12-01 18:20 - 2012-04-15 11:48 - 00000121 _____ () C:\Users\Public\LMDebug.log
2014-12-01 13:14 - 2012-12-16 14:04 - 00003344 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1577607291-3742472165-1464039351-1001
2014-12-01 13:14 - 2012-12-16 14:04 - 00003212 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1577607291-3742472165-1464039351-1001
2014-12-01 13:10 - 2012-04-13 15:59 - 00141200 _____ () C:\Users\Verena\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-01 13:10 - 2009-07-14 05:45 - 00481304 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-25 17:01 - 2013-07-21 21:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-24 14:04 - 2010-11-21 04:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-11-22 18:42 - 2014-11-01 11:52 - 00000000 ____D () C:\ProgramData\374311380
2014-11-22 17:36 - 2013-06-24 20:36 - 00000000 ____D () C:\Users\Verena\Documents\Leimoniade
2014-11-20 14:40 - 2014-03-03 10:20 - 637683392 _____ () C:\Windows\MEMORY.DMP
2014-11-20 14:40 - 2013-10-25 08:52 - 00000000 ____D () C:\Windows\Minidump
2014-11-18 21:28 - 2014-05-08 06:59 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-11-17 12:06 - 2013-12-27 19:28 - 00000000 ____D () C:\Users\Verena\Documents\Citavi 3
2014-11-17 11:12 - 2012-04-15 11:54 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-17 11:04 - 2013-08-01 13:25 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-17 09:37 - 2012-08-03 08:45 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
Some content of TEMP:
====================
C:\Users\Verena\AppData\Local\Temp\amazonicon_fwde.exe
C:\Users\Verena\AppData\Local\Temp\dlLogic.exe
C:\Users\Verena\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpqdfrlo.dll
C:\Users\Verena\AppData\Local\Temp\First15.exe
C:\Users\Verena\AppData\Local\Temp\FreemakeAudioConverter_1.1.0.53.exe
C:\Users\Verena\AppData\Local\Temp\GCVerifier.dll
C:\Users\Verena\AppData\Local\Temp\MouseKeyboardCenterx64_1031.exe
C:\Users\Verena\AppData\Local\Temp\nsd8598.exe
C:\Users\Verena\AppData\Local\Temp\nsd9EE7.exe
C:\Users\Verena\AppData\Local\Temp\nse281.exe
C:\Users\Verena\AppData\Local\Temp\nseC980.exe
C:\Users\Verena\AppData\Local\Temp\nshBEB9.exe
C:\Users\Verena\AppData\Local\Temp\nsj8D57.exe
C:\Users\Verena\AppData\Local\Temp\nsj9F1.exe
C:\Users\Verena\AppData\Local\Temp\nsjCCAC.exe
C:\Users\Verena\AppData\Local\Temp\nsoCFD8.exe
C:\Users\Verena\AppData\Local\Temp\nsoFC58.exe
C:\Users\Verena\AppData\Local\Temp\nstA426.exe
C:\Users\Verena\AppData\Local\Temp\nsy7E76.exe
C:\Users\Verena\AppData\Local\Temp\nsyA752.exe
C:\Users\Verena\AppData\Local\Temp\sp-downloader.exe
C:\Users\Verena\AppData\Local\Temp\SPSetup.exe
C:\Users\Verena\AppData\Local\Temp\spstub.exe
C:\Users\Verena\AppData\Local\Temp\verifier.exe
C:\Users\Verena\AppData\Local\Temp\VP6Install.exe
C:\Users\Verena\AppData\Local\Temp\VP6VFW.dll
C:\Users\Verena\AppData\Local\Temp\_is667F.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-03-02 11:29
==================== End Of Log ============================
--- --- --- --- --- --- und hier die Addition: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-12-2014 01
Ran by Verena at 2014-12-17 09:50:24
Running from C:\Users\Verena\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4K0LYBQE
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Acer Backup Manager (HKLM-x32\...\InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}) (Version: 3.0.0.99 - NTI Corporation)
Acer Crystal Eye Webcam (HKLM-x32\...\InstallShield_{A0382E3C-7384-429A-9BFA-AF5888E5A193}) (Version: 1.5.2904.00 - CyberLink Corp.)
Acer Crystal Eye Webcam (x32 Version: 1.5.2904.00 - CyberLink Corp.) Hidden
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 6.00.3008 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3504 - Acer Incorporated)
Acer Games (HKLM-x32\...\WildTangent acer Master Uninstall) (Version: 1.0.2.5 - WildTangent)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.04.3504 - Acer Incorporated)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3502 - Acer Incorporated)
Adblock IE 2.3 (HKLM\...\{58161756-037B-42CD-B575-AF804A2F0F47}) (Version: 2.3.1756 - MGTEK)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.249 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.9 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98 - WildTangent) Hidden
Ahnenblatt 2.74 (HKLM-x32\...\Ahnenblatt_is1) (Version: 2.74.0.1 - Dirk Boettcher)
ALDI Bestellsoftware 4.12.1 (HKLM-x32\...\ALDI Bestellsoftware) (Version: 4.12.1 - ORWO Net)
AnyMP4 PDF Converter Ultimate 3.1.8 (HKLM-x32\...\{9C783402-EB68-4dd3-A185-F8DF3FB91CFE}_is1) (Version: 3.1.8 - AnyMP4 Studio)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
AVM FRITZ!Box Dokumentation (HKLM-x32\...\AVMFBox) (Version: - AVM Berlin)
Backup Manager V3 (x32 Version: 3.0.0.99 - NTI Corporation) Hidden
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Broadcom NetLink Controller (HKLM\...\{C91DCB72-F5BB-410D-A91A-314F5D1B4284}) (Version: 14.8.4.1 - Broadcom Corporation)
Brother HL-3040CN (HKLM-x32\...\{B3D02AE6-DA7C-4A0F-B14F-3EE30992E5B7}) (Version: 1.00 - Brother)
capella 7 (HKLM-x32\...\{7CEB4C23-E07B-4183-9511-2FD4DC5C09B9}) (Version: 7.1.25 - capella software AG)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.05160 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.05160 - Cisco Systems, Inc.) Hidden
Citavi (HKLM-x32\...\{E12C6653-1FF0-4686-ADB8-589C13AE761F}) (Version: 3.3.0.0 - Swiss Academic Software)
Crazy Chicken Kart 2 (x32 Version: 2.2.0.97 - WildTangent) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Defraggler (HKLM\...\Defraggler) (Version: 2.16 - Piriform)
Die Sims 2 (HKLM-x32\...\{6E7DD182-9FC6-4651-0095-2E666CC6AF35}) (Version: - )
Die Sims™ 2 Apartment-Leben (HKLM-x32\...\{B6F5B704-06D3-4687-90F3-6195304AD755}) (Version: - Electronic Arts)
Die Sims™ 2 Freizeit-Spaß (HKLM-x32\...\{87F6C83D-F949-4d14-B5CB-DC8C75F8932D}) (Version: - Electronic Arts)
Die Sims™ 2 Gute Reise (HKLM-x32\...\{F248ADFA-64E0-4b03-8A83-059078BED6A0}) (Version: - Electronic Arts)
Die Sims™ 2 H&M®-Fashion-Accessoires (HKLM-x32\...\{84DDE556-43EF-43ed-B2DF-37AF9E5DDD75}) (Version: - )
Die Sims™ 2 IKEA® Home-Accessoires (HKLM-x32\...\{6E17F9751-F056-4335-B718-8AF1B1092AFB}) (Version: - Electronic Arts)
Die Sims™ 2 Küchen- und Bad-Einrichtungs-Accessoires (HKLM-x32\...\{6522C636-B04C-4333-9BEB-9E0C0B6350D6}) (Version: - Electronic Arts)
Die Sims™ 2 Party-Accessoires (HKLM-x32\...\{EAA38532-7AD0-4f78-918A-4F4F02096ECE}) (Version: - )
Die Sims™ 2 Vier Jahreszeiten (HKLM-x32\...\{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}) (Version: - )
DMUninstaller (HKLM-x32\...\DMUninstaller) (Version: - ) <==== ATTENTION
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.7000.7 - Dolby Laboratories Inc)
Dropbox (HKU\S-1-5-21-1577607291-3742472165-1464039351-1001\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
ETDWare PS/2-X64 8.0.6.3_WHQL (HKLM\...\Elantech) (Version: 8.0.6.3 - ELAN Microelectronic Corp.)
Evernote v. 4.5.1 (HKLM-x32\...\{28921580-E4BB-11E0-9FD7-1CC1DEF07CBE}) (Version: 4.5.1.5451 - Evernote Corp.)
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
Final Drive: Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Free Games 111 (HKLM-x32\...\Free Games 111) (Version: 3.0.0.0 - BestOffers) <==== ATTENTION
Free YouTube Download version 3.2.12.827 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.12.827 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.12.827 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.12.827 - DVDVideoSoft Ltd.)
Freemake Audio Converter Version 1.1.0 (HKLM-x32\...\Freemake Audio Converter_is1) (Version: 1.1.0 - Ellora Assets Corporation)
FreePDFReader (HKLM-x32\...\FreePDFReader) (Version: - FreePDFConverter)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotogràfica del Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.65 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3501 - Acer Incorporated)
Insaniquarium Deluxe (x32 Version: 2.2.0.97 - WildTangent) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2418 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.5.0.1026 - Intel Corporation)
Interenet Optimizer (HKLM-x32\...\{5F189DF5-2D05-472B-9091-84D9848AE48B}{c632643}) (Version: - BullPoint) <==== ATTENTION
Jewel Match 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Jewel Quest Solitaire (x32 Version: 2.2.0.95 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 5.1.7 - Acer Inc.)
LizardSales (HKLM-x32\...\{37476589-E48E-439E-A706-56189E2ED4C4}_is1) (Version: - LizardSales) <==== ATTENTION
Lollipop (HKU\S-1-5-21-1577607291-3742472165-1464039351-1001\...\lollipop_01041556) (Version: - Lollipop Network, S.L.) <==== ATTENTION
Malwarebytes Anti-Malware Version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Mathematics-Add-In (32 Bit) (HKLM-x32\...\{E2C98732-F973-4985-A9C5-DC06178E16EE}) (Version: 2.0.041222.01 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mobogenie (HKLM-x32\...\Mobogenie) (Version: - Mobogenie.com) <==== ATTENTION
Mozilla Firefox 33.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.0.3 (x86 en-US)) (Version: 33.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MuseScore 1.3 (HKLM-x32\...\MuseScore) (Version: 1.3.0 - Werner Schweer and Others)
Mystery of Mortlake Mansion (x32 Version: 2.2.0.98 - WildTangent) Hidden
MyWinLocker (Version: 4.0.14.27 - Egis Technology Inc.) Hidden
MyWinLocker 4 (x32 Version: 4.0.14.27 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.19 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 4.0.14.19 - Egis Technology Inc.) Hidden
Norton Security Scan (HKLM-x32\...\NSS) (Version: 4.0.3.27 - Symantec Corporation)
NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.9002 - NTI Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.9002 - NTI Corporation) Hidden
NVIDIA Grafiktreiber 285.64 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 285.64 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}) (Version: 9.10.0514 - NVIDIA Corporation)
Open It! (HKLM-x32\...\OpenIt Open It!) (Version: 1.1.1 - OpenIt)
Pandora Service (HKLM-x32\...\4F6D5E84-5826-4394-9F40-3A9A19165651_is1) (Version: - Pandora.TV) <==== ATTENTION
PC Performer (HKLM-x32\...\PC Performer_is1) (Version: 11.10 - PerformerSoft LLC) <==== ATTENTION
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
PriMus Free 1.1 (Build 10806) (HKLM-x32\...\PriMus Free_is1) (Version: 1.1.0.10806 - Columbus Soft)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Readiris Pro 10 (HKLM-x32\...\{14D08502-FEE4-40E5-90D3-8A967A1D8BA2}) (Version: - )
RealDownloader (x32 Version: 1.3.0 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.0 - RealNetworks)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6438 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
ResearchSoft Direct Export Helper (HKLM-x32\...\ResearchSoft Direct Export Helper) (Version: - )
RollerCoaster Tycoon 2 (HKLM-x32\...\{72DF62BD-FF36-424E-AA5F-D89BAFF2C249}) (Version: - )
RollerCoaster Tycoon 2: Time Twister (HKLM-x32\...\{BA1E1AFD-D1F2-4C52-88C3-186FC5E61604}) (Version: 1.00.000 - )
RollerCoaster Tycoon 2: Wacky Worlds (HKLM-x32\...\{B1AD83A0-DC92-41E3-B111-E9472349768C}) (Version: - )
Samsung Network PC Fax (HKLM-x32\...\Samsung Network PC Fax) (Version: 1.05.22.00 - Samsung Electronics Co., Ltd.)
Samsung Scan Assistant (HKLM-x32\...\Samsung Scan Assistant) (Version: 1.04.20.00 - Samsung Electronics Co., Ltd.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Slingo Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
SmarThru 4 (HKLM-x32\...\{90F1943D-EA4A-4460-B59F-30023F3BA69A}) (Version: - Samsung Electronics Co., Ltd.)
Speed Test 127 (HKLM-x32\...\Speed Test 127) (Version: 3.0.0.0 - Speed Analysis) <==== ATTENTION
The KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: 3.4.0.59 - KMP Media co., Ltd)
Torchlight (x32 Version: 2.2.0.97 - WildTangent) Hidden
Überwachungstool für die Intel® Turbo-Boost-Technik 2.0 (HKLM\...\{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}) (Version: 2.1.23.0 - Intel)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.97 - WildTangent) Hidden
Wartung Samsung CLX-3180 Series (HKLM-x32\...\Samsung CLX-3180 Series) (Version: - Samsung Electronics Co., Ltd.)
Wedding Dash (x32 Version: 2.2.0.95 - WildTangent) Hidden
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3504 - Acer Incorporated)
WildTangent Games App (x32 Version: 4.0.10.5 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Zip Opener Packages (HKU\S-1-5-21-1577607291-3742472165-1464039351-1001\...\Zip Opener Packages) (Version: - ) <==== ATTENTION
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-1577607291-3742472165-1464039351-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Verena\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1577607291-3742472165-1464039351-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Verena\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1577607291-3742472165-1464039351-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Verena\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1577607291-3742472165-1464039351-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Verena\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1577607291-3742472165-1464039351-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Verena\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1577607291-3742472165-1464039351-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Verena\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1577607291-3742472165-1464039351-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Verena\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1577607291-3742472165-1464039351-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Verena\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1577607291-3742472165-1464039351-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Verena\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
==================== Restore Points =========================
07-11-2014 08:27:52 Windows Update
11-11-2014 07:59:11 Windows Update
14-11-2014 09:22:53 Windows Update
17-11-2014 08:35:10 Windows Update
21-11-2014 07:34:21 Windows Update
25-11-2014 16:09:42 Windows Update
30-11-2014 12:36:38 capella 7 wird installiert
02-12-2014 08:39:46 Windows Update
05-12-2014 20:11:06 Windows Update
11-12-2014 12:47:21 Windows Update
16-12-2014 11:21:42 Windows Update
16-12-2014 20:56:17 Removed Broadcom Card Reader Driver Installer.
16-12-2014 21:03:59 Removed EndNote X5
16-12-2014 21:08:45 Removed Norton Online Backup
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {0C4F94C4-021F-4569-B323-17BEE183A1BA} - System32\Tasks\Digital Sites => C:\Users\Verena\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {161EB941-8BBA-48DD-870A-9B6D2AA188B1} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1577607291-3742472165-1464039351-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2012-11-29] (RealNetworks, Inc.)
Task: {1FE0E0A4-4CF8-4E17-97B7-57791F7914EC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-10] (Adobe Systems Incorporated)
Task: {208FB049-E7AE-4CDA-AE45-B984248CBD94} - System32\Tasks\{CADFF3D7-DB59-4FA7-804F-68027FE700EA} => pcalua.exe -a C:\Users\Verena\AppData\Local\Temp\Temp1_rct187ge.zip\RCT-GE.exe
Task: {210C3455-F008-47B7-BCB1-B3A018FD8785} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1577607291-3742472165-1464039351-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.)
Task: {344F258C-1AC4-4A64-8DBF-3E58B265CA0B} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1577607291-3742472165-1464039351-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.)
Task: {5050BD98-217C-4381-ACA4-FA91AB976957} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1577607291-3742472165-1464039351-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2012-11-29] (RealNetworks, Inc.)
Task: {51835281-D590-4C15-AF49-EE6BFBF621AB} - System32\Tasks\ReclaimerUpdateXML_Verena => C:\Users\Verena\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.03\agent\rnupgagent.exe [2014-12-01] (RealNetworks, Inc.)
Task: {53AD5418-3187-42DB-A06F-CCF620E65ABA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-01] (Google Inc.)
Task: {616F8BEF-D3B7-48F7-808C-DEC7F529717F} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1577607291-3742472165-1464039351-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2012-11-29] (RealNetworks, Inc.)
Task: {65AF588D-C2D7-4D76-BDE5-873319993184} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {67632EAA-44A4-45D0-B425-A8BE344CF7DC} - System32\Tasks\Go for FilesUpdate => C:\Program Files (x86)\GoforFiles\GFFUpdater.exe <==== ATTENTION
Task: {6B5639C5-8179-4A88-94A0-01E90BA47E56} - System32\Tasks\PC Performer => C:\Program Files (x86)\PC Performer\PCPerformer.exe [2013-06-19] (PerformerSoft LLC) <==== ATTENTION
Task: {6D0F2D2D-0A1F-4879-BD69-37CC7369EDCC} - System32\Tasks\{65C1EE69-71E9-4DD4-927C-D14FC54A6C7D} => pcalua.exe -a "C:\Program Files (x86)\Uninstall Information\97\4450\uninstall.exe" -c /PUninstall="HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\PC Performer_is1" /reg=32 /cid=97
Task: {8C5214E5-AD61-413E-8A77-F11883972A74} - System32\Tasks\RNUpgradeHelperLogonPrompt_Verena => C:\Users\Verena\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.03\agent\rnupgagent.exe [2014-12-01] (RealNetworks, Inc.)
Task: {9C65D4C5-0CC5-4EA3-B2FF-78DA6BA41AD1} - System32\Tasks\RNUpgradeHelperResumePrompt_Verena => C:\Users\Verena\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.03\agent\rnupgagent.exe [2014-12-01] (RealNetworks, Inc.)
Task: {A478EE64-1E3A-463D-83C3-9796E15CF9EF} - System32\Tasks\MySearchDial => C:\Users\Verena\AppData\Roaming\MYSEAR~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {C5257B28-7397-4E0D-8EF6-7B9AA25E5867} - System32\Tasks\PC Performer_DEFAULT => C:\Program Files (x86)\PC Performer\PCPerformer.exe [2013-06-19] (PerformerSoft LLC) <==== ATTENTION
Task: {C6AF9F15-C0AF-48C1-A9C6-541EA44F55D8} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1577607291-3742472165-1464039351-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.)
Task: {D328BEC2-3BF2-494D-9EAB-0B75B61DB1AD} - System32\Tasks\ReclaimerUpdateFiles_Verena => C:\Users\Verena\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.03\agent\rnupgagent.exe [2014-12-01] (RealNetworks, Inc.)
Task: {DB6F9548-7702-43D4-90FA-364DE33D3E49} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{788091A1-8672-4A61-887D-5B2ED863A012}.exe
Task: {DDA3F5E2-A250-4830-9725-21E97CD2E795} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1577607291-3742472165-1464039351-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.)
Task: {E5C7FAB1-FCB9-417A-BAAE-D0E8CE8E25F5} - System32\Tasks\PC Performer_UPDATES => C:\Program Files (x86)\PC Performer\PCPerformer.exe [2013-06-19] (PerformerSoft LLC) <==== ATTENTION
Task: {FC7EEAFB-A9FE-4758-840C-E0D0CE0EBA6D} - System32\Tasks\Norton Security Scan for Verena => C:\Program Files (x86)\Norton Security Scan\Engine\4.0.3.27\Nss.exe [2013-10-11] (Symantec Corporation)
Task: {FC99122A-3C3C-4CFA-9073-13A897D83B54} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-01] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{788091A1-8672-4A61-887D-5B2ED863A012}.exe
Task: C:\Windows\Tasks\Digital Sites.job => C:\Users\Verena\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\MySearchDial.job => C:\Users\Verena\AppData\Roaming\MYSEAR~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\Norton Security Scan for Verena.job => C:\PROGRA~2\NORTON~2\Engine\403~1.27\Nss.exe
Task: C:\Windows\Tasks\PC Performer_DEFAULT.job => C:\Program Files (x86)\PC Performer\PCPerformer.exe <==== ATTENTION
Task: C:\Windows\Tasks\PC Performer_UPDATES.job => C:\Program Files (x86)\PC Performer\PCPerformer.exe <==== ATTENTION
Task: C:\Windows\Tasks\ReclaimerUpdateFiles_Verena.job => C:\Users\Verena\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.03\agent\rnupgagent.exe
Task: C:\Windows\Tasks\ReclaimerUpdateXML_Verena.job => C:\Users\Verena\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.03\agent\rnupgagent.exe
Task: C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Verena.job => C:\Users\Verena\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.03\agent\rnupgagent.exe
==================== Loaded Modules (whitelisted) =============
2012-04-15 11:31 - 2011-06-22 08:14 - 00034304 _____ () C:\Windows\System32\sst2cl6.dll
2014-11-22 18:42 - 2014-11-22 18:42 - 04302848 _____ () C:\ProgramData\Interenet Optimizer\InterenetOptimizer_x64.dll
2012-11-29 20:31 - 2012-11-29 20:31 - 00038608 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2011-10-14 04:57 - 2011-06-10 18:36 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-04-15 11:30 - 2011-07-06 13:17 - 00688128 _____ () C:\Windows\Samsung\PanelMgr\SSMMgr.exe
2012-04-15 11:32 - 2011-04-29 08:58 - 01990144 _____ () C:\Windows\twain_32\Samsung\CLX3180\Scan2Pc.exe
2014-01-20 11:34 - 2014-10-11 13:15 - 00748736 _____ () C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
2012-04-15 11:30 - 2009-09-29 10:47 - 00306688 _____ () C:\Windows\Samsung\PanelMgr\caller64.exe
2014-03-12 21:53 - 2014-03-12 21:53 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2014-11-22 18:42 - 2014-11-22 18:42 - 04125696 _____ () c:\ProgramData\Interenet Optimizer\InterenetOptimizer.dll
2014-11-22 18:42 - 2014-11-22 18:42 - 00186192 _____ () c:\ProgramData\Interenet Optimizer\InterenetOptimizerSvc.dll
2011-04-24 02:29 - 2011-04-24 02:29 - 00465640 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
2011-04-24 02:29 - 2011-04-24 02:29 - 01081664 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\ACE.dll
2011-04-24 02:29 - 2011-04-24 02:29 - 00125760 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\MailConverter32.dll
2013-01-15 20:46 - 2012-10-22 11:15 - 01277952 _____ () C:\Program Files (x86)\PANDORA.TV\PanService\avformat-53.dll
2013-01-15 20:46 - 2012-07-09 17:57 - 02090496 _____ () C:\Program Files (x86)\PANDORA.TV\PanService\avcodec-53.dll
2013-01-15 20:46 - 2011-12-06 16:19 - 00133632 _____ () C:\Program Files (x86)\PANDORA.TV\PanService\avutil-51.dll
2013-01-15 20:46 - 2012-03-23 10:07 - 00224768 _____ () C:\Program Files (x86)\PANDORA.TV\PanService\libupnp.dll
2014-11-08 21:48 - 2014-11-08 21:48 - 00479232 ___SH () C:\Users\Verena\AppData\Local\mikporw.dll
2012-04-15 11:32 - 2009-10-31 14:42 - 01384520 _____ () C:\Windows\twain_32\Samsung\CLX3180\ssole.dll
2014-01-20 11:51 - 2014-10-11 13:15 - 00065728 _____ () C:\Program Files (x86)\Mobogenie\Device.dll
2014-01-20 11:51 - 2014-10-11 13:15 - 00474816 _____ () C:\Program Files (x86)\Mobogenie\DCR.dll
2014-10-17 07:54 - 2014-10-17 07:54 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\c152a64e30c5b94894d75ac86aa7aad2\IsdiInterop.ni.dll
2011-10-14 04:15 - 2011-04-30 08:28 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00750080 _____ () C:\Users\Verena\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2014-12-16 21:16 - 2014-12-16 21:16 - 00043008 _____ () c:\users\verena\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpqdfrlo.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00047616 _____ () C:\Users\Verena\AppData\Roaming\Dropbox\bin\libEGL.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00863744 _____ () C:\Users\Verena\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00200704 _____ () C:\Users\Verena\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: TkBellExe => "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
========================= Accounts: ==========================
Administrator (S-1-5-21-1577607291-3742472165-1464039351-500 - Administrator - Disabled)
Gast (S-1-5-21-1577607291-3742472165-1464039351-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1577607291-3742472165-1464039351-1005 - Limited - Enabled)
UpdatusUser (S-1-5-21-1577607291-3742472165-1464039351-1000 - Limited - Enabled) => C:\Users\UpdatusUser
Verena (S-1-5-21-1577607291-3742472165-1464039351-1001 - Administrator - Enabled) => C:\Users\Verena
==================== Faulty Device Manager Devices =============
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (12/16/2014 09:13:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/16/2014 00:39:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 11.0.9600.17420, Zeitstempel: 0x545ad233
Name des fehlerhaften Moduls: 1KhDG8hv3h2Phv.dll, Version: 1.8.0.0, Zeitstempel: 0x548f7466
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00064c15
ID des fehlerhaften Prozesses: 0x7154
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3
Error: (12/11/2014 03:32:24 PM) (Source: MsiInstaller) (EventID: 1024) (User: Verena-PC)
Description: Produkt: Adobe Reader XI (11.0.09) - Deutsch - Update "{AC76BA86-7AD7-0000-2550-7A8C40011010}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127
Error: (12/06/2014 09:49:14 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm IEXPLORE.EXE, Version 11.0.9600.17420 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 3f70
Startzeit: 01d01174b0d0277a
Endzeit: 55
Anwendungspfad: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Berichts-ID:
Error: (12/06/2014 10:04:00 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 11.0.9600.17420, Zeitstempel: 0x545ad233
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x9697e677
ID des fehlerhaften Prozesses: 0x723c
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3
Error: (12/01/2014 06:12:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/01/2014 01:10:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/30/2014 10:50:26 AM) (Source: Microsoft Office 14) (EventID: 2000) (User: )
Description: Microsoft Outlook: Accepted Safe Mode action : Schwerwiegender Fehler in Outlook beim microsoft outlook connector für soziale netzwerke-Add-In. Falls diese Fehlermeldung mehrmals angezeigt wurde, sollten Sie dieses Add-In deaktivieren und überprüfen, ob ein Update verfügbar ist. Möchten Sie dieses Add-In deaktivieren?.
Accepted Safe Mode action : Microsoft Outlook.
Error: (11/30/2014 10:35:49 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/29/2014 09:41:32 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (12/16/2014 09:12:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (12/16/2014 09:12:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%20
Error: (12/16/2014 09:12:54 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 16.12.2014 um 21:10:49 unerwartet heruntergefahren.
Error: (12/11/2014 04:06:46 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
Error: (12/11/2014 04:06:46 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
Error: (12/10/2014 05:04:44 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 70. Der interne Fehlerstatus lautet: 105.
Error: (12/10/2014 09:54:03 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
Error: (12/10/2014 09:54:03 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
Error: (12/10/2014 09:53:34 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
Error: (12/10/2014 09:53:31 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
Microsoft Office Sessions:
=========================
Error: (12/16/2014 09:13:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/16/2014 00:39:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.17420545ad2331KhDG8hv3h2Phv.dll1.8.0.0548f7466c000000500064c15715401d019209b8de5feC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\ProgramData\SoftCoup\1KhDG8hv3h2Phv.dll3f113229-8518-11e4-85ed-dc0ea11c2a46
Error: (12/11/2014 03:32:24 PM) (Source: MsiInstaller) (EventID: 1024) (User: Verena-PC)
Description: Adobe Reader XI (11.0.09) - Deutsch{AC76BA86-7AD7-0000-2550-7A8C40011010}1625(NULL)(NULL)(NULL)
Error: (12/06/2014 09:49:14 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE11.0.9600.174203f7001d01174b0d0277a55C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Error: (12/06/2014 10:04:00 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.17420545ad233unknown0.0.0.000000000c00000059697e677723c01d011332d615fecC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEunknownd0be32d2-7d26-11e4-85ed-dc0ea11c2a46
Error: (12/01/2014 06:12:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/01/2014 01:10:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/30/2014 10:50:26 AM) (Source: Microsoft Office 14) (EventID: 2000) (User: )
Description: Microsoft OutlookSchwerwiegender Fehler in Outlook beim microsoft outlook connector für soziale netzwerke-Add-In. Falls diese Fehlermeldung mehrmals angezeigt wurde, sollten Sie dieses Add-In deaktivieren und überprüfen, ob ein Update verfügbar ist. Möchten Sie dieses Add-In deaktivieren?
Error: (11/30/2014 10:35:49 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/29/2014 09:41:32 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz
Percentage of memory in use: 26%
Total physical RAM: 8043.86 MB
Available physical RAM: 5938.77 MB
Total Pagefile: 16085.9 MB
Available Pagefile: 13754.96 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
==================== Drives ================================
Drive c: (Acer) (Fixed) (Total:578.07 GB) (Free:425.06 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: 17332B7C)
Partition 1: (Not Active) - (Size=18 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=578.1 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
17.12.2014, 20:55
| #4 |
| /// the machine /// TB-Ausbilder | Deinstallation von PC Performer Bitte unsere Tools wie beschrieben immer auf dem Desktop speichern. NIEMALS aus den Temps ausführen. Lade Dir bitte von hier  Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
17.12.2014, 22:17
| #5 |
| | Deinstallation von PC Performer sorry, das mit dem Speichern war mir nicht bewusst, beim nächsten Mal  Hier das von Combofix: Code:
ATTFilter ComboFix 14-12-14.01 - Verena 17.12.2014 21:42:22.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.8044.5225 [GMT 1:00]
ausgeführt von:: c:\users\Verena\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\program files (x86)\Free Games 111\ScRIpthost64.dll
c:\program files (x86)\Speed Test 127
c:\program files (x86)\Speed Test 127\AddonsFramework.Typelib.dll
c:\program files (x86)\Speed Test 127\AddonsFramework.Typelib64.dll
c:\program files (x86)\Speed Test 127\background.html
c:\program files (x86)\Speed Test 127\BackgroundHost.exe
c:\program files (x86)\Speed Test 127\BackgroundHost64.exe
c:\program files (x86)\Speed Test 127\button.js
c:\program files (x86)\Speed Test 127\ButtonSite.dll
c:\program files (x86)\Speed Test 127\ButtonSite64.dll
c:\program files (x86)\Speed Test 127\config.xml
c:\program files (x86)\Speed Test 127\content.js
c:\program files (x86)\Speed Test 127\DeskTopIcon.ico
c:\program files (x86)\Speed Test 127\icon128.ico
c:\program files (x86)\Speed Test 127\icon128.png
c:\program files (x86)\Speed Test 127\icon16.ico
c:\program files (x86)\Speed Test 127\icon16.png
c:\program files (x86)\Speed Test 127\icon18.ico
c:\program files (x86)\Speed Test 127\icon18.png
c:\program files (x86)\Speed Test 127\icon24.ico
c:\program files (x86)\Speed Test 127\icon24.png
c:\program files (x86)\Speed Test 127\icon32.ico
c:\program files (x86)\Speed Test 127\icon32.png
c:\program files (x86)\Speed Test 127\icon48.ico
c:\program files (x86)\Speed Test 127\icon48.png
c:\program files (x86)\Speed Test 127\icon64.ico
c:\program files (x86)\Speed Test 127\icon64.png
c:\program files (x86)\Speed Test 127\jquery-1.9.1.min.js
c:\program files (x86)\Speed Test 127\json2.min.js
c:\program files (x86)\Speed Test 127\options.htm
c:\program files (x86)\Speed Test 127\rjs.js
c:\program files (x86)\Speed Test 127\ScriptHost.dll
c:\program files (x86)\Speed Test 127\ScRIpthost64.dll
c:\program files (x86)\Speed Test 127\uninst.exe
c:\program files (x86)\Speed Test 127\uninstall.exe
c:\program files (x86)\Speed Test 127\updater.js
c:\program files (x86)\Speed Test 127\updaterWrapper.js
c:\programdata\374311380
c:\programdata\DealsFactor
c:\programdata\DealsFactor\DealsFactor.exe
c:\users\Verena\AppData\Local\Google\Chrome\User Data\Default\Extensions\gihkgljdimgfffabkemicpaeljmoobil
c:\users\Verena\AppData\Local\Google\Chrome\User Data\Default\Extensions\gihkgljdimgfffabkemicpaeljmoobil\175\background.html
c:\users\Verena\AppData\Local\Google\Chrome\User Data\Default\Extensions\gihkgljdimgfffabkemicpaeljmoobil\175\content.js
c:\users\Verena\AppData\Local\Google\Chrome\User Data\Default\Extensions\gihkgljdimgfffabkemicpaeljmoobil\175\lsdb.js
c:\users\Verena\AppData\Local\Google\Chrome\User Data\Default\Extensions\gihkgljdimgfffabkemicpaeljmoobil\175\manifest.json
c:\users\Verena\AppData\Local\Google\Chrome\User Data\Default\Extensions\gihkgljdimgfffabkemicpaeljmoobil\175\OLA2Mgd.js
c:\users\Verena\AppData\Local\Google\Chrome\User Data\Default\Extensions\glieaboaghdnlglpkekghloldikefofo
c:\users\Verena\AppData\Local\Google\Chrome\User Data\Default\Extensions\glieaboaghdnlglpkekghloldikefofo\191\background.html
c:\users\Verena\AppData\Local\Google\Chrome\User Data\Default\Extensions\glieaboaghdnlglpkekghloldikefofo\191\content.js
c:\users\Verena\AppData\Local\Google\Chrome\User Data\Default\Extensions\glieaboaghdnlglpkekghloldikefofo\191\lnLx.js
c:\users\Verena\AppData\Local\Google\Chrome\User Data\Default\Extensions\glieaboaghdnlglpkekghloldikefofo\191\lsdb.js
c:\users\Verena\AppData\Local\Google\Chrome\User Data\Default\Extensions\glieaboaghdnlglpkekghloldikefofo\191\manifest.json
c:\users\Verena\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljmpghknnfhlgcgchochgijlgjpmhhfo
c:\users\Verena\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljmpghknnfhlgcgchochgijlgjpmhhfo\132\background.html
c:\users\Verena\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljmpghknnfhlgcgchochgijlgjpmhhfo\132\content.js
c:\users\Verena\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljmpghknnfhlgcgchochgijlgjpmhhfo\132\HWj6XO.js
c:\users\Verena\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljmpghknnfhlgcgchochgijlgjpmhhfo\132\lsdb.js
c:\users\Verena\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljmpghknnfhlgcgchochgijlgjpmhhfo\132\manifest.json
c:\users\Verena\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\Verena\AppData\Local\mikporw.dll
c:\users\Verena\AppData\Local\Temp\nssEEA4.tmp\System.dll
c:\users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\PJ51@yhV.com
c:\users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\PJ51@yhV.com\bootstrap.js
c:\users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\PJ51@yhV.com\chrome.manifest
c:\users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\PJ51@yhV.com\content\bg.js
c:\users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\PJ51@yhV.com\install.rdf
c:\users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\staged\0mD@dJ.org
c:\users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\staged\0mD@dJ.org\bootstrap.js
c:\users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\staged\0mD@dJ.org\chrome.manifest
c:\users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\staged\0mD@dJ.org\content\bg.js
c:\users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\staged\0mD@dJ.org\install.rdf
c:\users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\staged\B@RfZ.edu
c:\users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\staged\B@RfZ.edu\bootstrap.js
c:\users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\staged\B@RfZ.edu\chrome.manifest
c:\users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\staged\B@RfZ.edu\content\bg.js
c:\users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\staged\B@RfZ.edu\install.rdf
c:\users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\staged\LSC@MA.net
c:\users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\staged\LSC@MA.net\bootstrap.js
c:\users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\staged\LSC@MA.net\chrome.manifest
c:\users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\staged\LSC@MA.net\content\bg.js
c:\users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\staged\LSC@MA.net\install.rdf
c:\windows\Fonts\Blockschrift f?r Flugzeuge.ttf . . . . Nicht in der Lage zu löschen
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-11-17 bis 2014-12-17 ))))))))))))))))))))))))))))))
.
.
2014-12-17 20:02 . 2014-12-17 20:02 -------- d-----w- c:\program files (x86)\VS Revo Group
2014-12-17 19:04 . 2014-12-17 19:04 -------- d-----w- c:\program files (x86)\Common Files\Skype
2014-12-16 20:43 . 2014-12-17 08:51 -------- d-----w- C:\FRST
2014-12-16 11:30 . 2014-12-16 20:30 -------- d-----w- c:\programdata\WowCoupon
2014-12-16 11:28 . 2014-12-16 11:28 -------- d-----w- c:\programdata\meiloodpcmaeadffghmjokemifmbeaba
2014-12-16 11:23 . 2014-12-02 10:26 11870360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{252C19DD-70E9-425C-9DAE-FBC5B7E75A17}\mpengine.dll
2014-12-06 09:01 . 2014-12-06 10:15 -------- d-----w- c:\programdata\PriceDownloader
2014-11-30 14:27 . 2014-11-30 14:27 -------- d-----w- c:\users\Verena\AppData\Roaming\MusE
2014-11-30 14:27 . 2014-11-30 14:27 -------- d-----w- c:\users\Verena\AppData\Local\MusE
2014-11-30 14:26 . 2014-11-30 14:26 -------- d-----w- c:\program files (x86)\MuseScore
2014-11-30 14:21 . 2014-11-30 14:21 -------- d-----w- c:\users\Verena\AppData\Roaming\Columbus Soft
2014-11-30 14:21 . 2014-11-30 14:21 -------- d-----w- c:\program files (x86)\PriMusFree
2014-11-30 12:38 . 2014-11-30 12:38 -------- d-----w- c:\users\Verena\AppData\Roaming\capella-software
2014-11-30 12:37 . 2014-11-30 12:37 -------- d-----w- c:\program files (x86)\capella-software
2014-11-23 10:16 . 2014-12-16 11:30 -------- d-----w- c:\programdata\499c43985399aa96
2014-11-23 10:16 . 2014-11-23 10:41 -------- d-----w- c:\programdata\websaver
2014-11-22 17:42 . 2014-12-17 20:32 -------- d-----w- c:\programdata\Interenet Optimizer
2014-11-19 14:06 . 2014-11-11 03:08 241152 ----a-w- c:\windows\system32\pku2u.dll
2014-11-19 14:06 . 2014-11-11 03:08 728064 ----a-w- c:\windows\system32\kerberos.dll
2014-11-19 14:06 . 2014-11-11 02:44 186880 ----a-w- c:\windows\SysWow64\pku2u.dll
2014-11-19 14:06 . 2014-11-11 02:44 550912 ----a-w- c:\windows\SysWow64\kerberos.dll
2014-11-19 06:32 . 2014-11-19 06:32 -------- d-sh--w- c:\users\Verena\AppData\Local\EmieBrowserModeList
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-12-10 08:50 . 2012-08-27 19:13 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-12-10 08:50 . 2011-10-14 03:49 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-11-24 13:04 . 2010-11-21 03:27 275080 ------w- c:\windows\system32\MpSigStub.exe
2014-11-17 08:37 . 2012-08-03 07:45 103374192 ----a-w- c:\windows\system32\MRT.exe
2014-11-07 19:49 . 2014-11-12 07:27 388272 ----a-w- c:\windows\system32\iedkcs32.dll
2014-11-06 04:04 . 2014-11-12 07:27 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-11-06 04:03 . 2014-11-12 07:27 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-11-06 04:03 . 2014-11-12 07:27 25110016 ----a-w- c:\windows\system32\mshtml.dll
2014-11-06 03:47 . 2014-11-12 07:27 66560 ----a-w- c:\windows\system32\iesetup.dll
2014-11-06 03:46 . 2014-11-12 07:27 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-11-06 03:46 . 2014-11-12 07:27 580096 ----a-w- c:\windows\system32\vbscript.dll
2014-11-06 03:44 . 2014-11-12 07:27 88064 ----a-w- c:\windows\system32\MshtmlDac.dll
2014-11-06 03:43 . 2014-11-12 07:27 2884096 ----a-w- c:\windows\system32\iertutil.dll
2014-11-06 03:36 . 2014-11-12 07:27 54784 ----a-w- c:\windows\system32\jsproxy.dll
2014-11-06 03:35 . 2014-11-12 07:27 34304 ----a-w- c:\windows\system32\iernonce.dll
2014-11-06 03:31 . 2014-11-12 07:27 633856 ----a-w- c:\windows\system32\ieui.dll
2014-11-06 03:30 . 2014-11-12 07:27 144384 ----a-w- c:\windows\system32\ieUnatt.exe
2014-11-06 03:30 . 2014-11-12 07:27 114688 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-11-06 03:29 . 2014-11-12 07:27 814080 ----a-w- c:\windows\system32\jscript9diag.dll
2014-11-06 03:28 . 2014-11-12 07:27 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2014-11-06 03:23 . 2014-11-12 07:27 6040064 ----a-w- c:\windows\system32\jscript9.dll
2014-11-06 03:20 . 2014-11-12 07:27 968704 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-11-06 03:16 . 2014-11-12 07:27 490496 ----a-w- c:\windows\system32\dxtmsft.dll
2014-11-06 03:13 . 2014-11-12 07:27 501248 ----a-w- c:\windows\SysWow64\vbscript.dll
2014-11-06 03:13 . 2014-11-12 07:27 62464 ----a-w- c:\windows\SysWow64\iesetup.dll
2014-11-06 03:12 . 2014-11-12 07:27 47616 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2014-11-06 03:10 . 2014-11-12 07:27 64000 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2014-11-06 03:07 . 2014-11-12 07:27 77824 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-11-06 03:02 . 2014-11-12 07:27 199680 ----a-w- c:\windows\system32\msrating.dll
2014-11-06 03:00 . 2014-11-12 07:27 92160 ----a-w- c:\windows\system32\mshtmled.dll
2014-11-06 02:59 . 2014-11-12 07:27 115712 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2014-11-06 02:58 . 2014-11-12 07:27 620032 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2014-11-06 02:57 . 2014-11-12 07:27 316928 ----a-w- c:\windows\system32\dxtrans.dll
2014-11-06 02:42 . 2014-11-12 07:27 60416 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-06 02:41 . 2014-11-12 07:27 716800 ----a-w- c:\windows\system32\ie4uinit.exe
2014-11-06 02:41 . 2014-11-12 07:27 800768 ----a-w- c:\windows\system32\msfeeds.dll
2014-11-06 02:39 . 2014-11-12 07:27 1359360 ----a-w- c:\windows\system32\mshtmlmedia.dll
2014-11-06 02:38 . 2014-11-12 07:27 2124288 ----a-w- c:\windows\system32\inetcpl.cpl
2014-11-06 02:30 . 2014-11-12 07:27 14390272 ----a-w- c:\windows\system32\ieframe.dll
2014-11-06 02:21 . 2014-11-12 07:27 4298240 ----a-w- c:\windows\SysWow64\jscript9.dll
2014-11-06 02:21 . 2014-11-12 07:27 2051072 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2014-11-06 02:20 . 2014-11-12 07:27 1155072 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2014-11-06 02:17 . 2014-11-12 07:27 2365440 ----a-w- c:\windows\system32\wininet.dll
2014-11-06 02:04 . 2014-11-12 07:27 1550336 ----a-w- c:\windows\system32\urlmon.dll
2014-11-06 01:53 . 2014-11-12 07:27 799232 ----a-w- c:\windows\system32\ieapfltr.dll
2014-11-06 01:52 . 2014-11-12 07:27 1892864 ----a-w- c:\windows\SysWow64\wininet.dll
2014-11-05 17:56 . 2014-11-12 07:27 304640 ----a-w- c:\windows\system32\generaltel.dll
2014-11-05 17:56 . 2014-11-12 07:27 228864 ----a-w- c:\windows\system32\aepdu.dll
2014-11-05 17:52 . 2014-11-12 07:27 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-11-02 16:25 . 2011-03-29 01:36 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-10-25 01:57 . 2014-11-12 07:26 77824 ----a-w- c:\windows\system32\packager.dll
2014-10-25 01:32 . 2014-11-12 07:26 67584 ----a-w- c:\windows\SysWow64\packager.dll
2014-10-18 02:05 . 2014-11-12 07:26 861696 ----a-w- c:\windows\system32\oleaut32.dll
2014-10-18 01:33 . 2014-11-12 07:26 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2014-10-14 02:16 . 2014-11-12 07:27 155064 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2014-10-14 02:13 . 2014-11-12 07:27 683520 ----a-w- c:\windows\system32\termsrv.dll
2014-10-14 02:13 . 2014-11-12 07:26 3241984 ----a-w- c:\windows\system32\msi.dll
2014-10-14 02:12 . 2014-11-12 07:27 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2014-10-14 02:09 . 2014-11-12 07:27 146432 ----a-w- c:\windows\system32\msaudite.dll
2014-10-14 02:07 . 2014-11-12 07:27 681984 ----a-w- c:\windows\system32\adtschema.dll
2014-10-14 01:50 . 2014-11-12 07:27 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2014-10-14 01:50 . 2014-11-12 07:26 2363904 ----a-w- c:\windows\SysWow64\msi.dll
2014-10-14 01:49 . 2014-11-12 07:27 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2014-10-14 01:47 . 2014-11-12 07:27 146432 ----a-w- c:\windows\SysWow64\msaudite.dll
2014-10-14 01:46 . 2014-11-12 07:27 681984 ----a-w- c:\windows\SysWow64\adtschema.dll
2014-10-10 00:57 . 2014-11-12 07:26 3198976 ----a-w- c:\windows\system32\win32k.sys
2014-10-03 02:12 . 2014-11-12 07:26 500224 ----a-w- c:\windows\system32\AUDIOKSE.dll
2014-10-03 02:11 . 2014-11-12 07:26 284672 ----a-w- c:\windows\system32\EncDump.dll
2014-10-03 02:11 . 2014-11-12 07:26 680960 ----a-w- c:\windows\system32\audiosrv.dll
2014-10-03 02:11 . 2014-11-12 07:26 440832 ----a-w- c:\windows\system32\AudioEng.dll
2014-10-03 02:11 . 2014-11-12 07:26 296448 ----a-w- c:\windows\system32\AudioSes.dll
2014-10-03 01:44 . 2014-11-12 07:26 442880 ----a-w- c:\windows\SysWow64\AUDIOKSE.dll
2014-10-03 01:44 . 2014-11-12 07:26 374784 ----a-w- c:\windows\SysWow64\AudioEng.dll
2014-10-03 01:44 . 2014-11-12 07:26 195584 ----a-w- c:\windows\SysWow64\AudioSes.dll
2014-09-25 02:08 . 2014-10-01 14:04 371712 ----a-w- c:\windows\system32\qdvd.dll
2014-09-25 01:40 . 2014-10-01 14:04 519680 ----a-w- c:\windows\SysWow64\qdvd.dll
2014-09-19 09:42 . 2014-11-12 07:26 210944 ----a-w- c:\windows\system32\wdigest.dll
2014-09-19 09:42 . 2014-11-12 07:26 86528 ----a-w- c:\windows\system32\TSpkg.dll
2014-09-19 09:42 . 2014-11-12 07:26 342016 ----a-w- c:\windows\system32\schannel.dll
2014-09-19 09:42 . 2014-11-12 07:26 314880 ----a-w- c:\windows\system32\msv1_0.dll
2014-09-19 09:42 . 2014-11-12 07:26 309760 ----a-w- c:\windows\system32\ncrypt.dll
2014-09-19 09:42 . 2014-11-12 07:26 22016 ----a-w- c:\windows\system32\credssp.dll
2014-09-19 09:23 . 2014-11-12 07:26 172032 ----a-w- c:\windows\SysWow64\wdigest.dll
2014-09-19 09:23 . 2014-11-12 07:26 65536 ----a-w- c:\windows\SysWow64\TSpkg.dll
2014-09-19 09:23 . 2014-11-12 07:26 248832 ----a-w- c:\windows\SysWow64\schannel.dll
2014-09-19 09:23 . 2014-11-12 07:26 221184 ----a-w- c:\windows\SysWow64\ncrypt.dll
2014-09-19 09:23 . 2014-11-12 07:26 259584 ----a-w- c:\windows\SysWow64\msv1_0.dll
2014-09-19 09:23 . 2014-11-12 07:26 17408 ----a-w- c:\windows\SysWow64\credssp.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{C45EC9F0-8333-465D-9728-074BD41985C9}]
2014-01-02 13:33 438784 ----a-w- c:\program files (x86)\Free Games 111\ScriptHost.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"NextLive"="c:\users\Verena\AppData\Roaming\newnext.me\nengine.dll" [2014-01-20 1283584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BackupManagerTray"="c:\program files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" [2011-04-24 297280]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2011-07-01 1103440]
"Dolby Advanced Audio v2"="c:\dolby pcee4\pcee4.exe" [2011-06-01 506712]
"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2011-09-20 341360]
"BrStsWnd"="c:\program files (x86)\Brownie\BrstsW64.exe" [2011-03-25 3695984]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2011-07-06 688128]
"CLX3180_Scan2Pc"="c:\windows\Twain_32\Samsung\CLX3180\Scan2pc.exe" [2011-04-29 1990144]
"3180 Scan2PC"="c:\windows\twain_32\Samsung\CLX3180\Scan2Pc.exe" [2011-04-29 1990144]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-11-20 1021128]
"Cisco AnyConnect Secure Mobility Agent for Windows"="c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" [2014-03-12 707472]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2012-12-16 295072]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe" [2010-11-21 73216]
.
c:\users\Verena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Verena\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-12-9 39207112]
OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2013-6-25 228552]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R1 rhqeqdug;rhqeqdug;c:\windows\system32\drivers\rhqeqdug.sys;c:\windows\SYSNATIVE\drivers\rhqeqdug.sys [x]
R2 0c632643;Interenet Optimizer;c:\windows\system32\rundll32.exe;c:\windows\SYSNATIVE\rundll32.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe [x]
R3 acsock;acsock;c:\windows\system32\DRIVERS\acsock64.sys;c:\windows\SYSNATIVE\DRIVERS\acsock64.sys [x]
R3 b57xdbd;Broadcom xD Picture Bus Driver Service;c:\windows\system32\DRIVERS\b57xdbd.sys;c:\windows\SYSNATIVE\DRIVERS\b57xdbd.sys [x]
R3 b57xdmp;Broadcom xD Picture vstorp client drv;c:\windows\system32\DRIVERS\b57xdmp.sys;c:\windows\SYSNATIVE\DRIVERS\b57xdmp.sys [x]
R3 bScsiMSa;bScsiMSa;c:\windows\system32\DRIVERS\bScsiMSa.sys;c:\windows\SYSNATIVE\DRIVERS\bScsiMSa.sys [x]
R3 bScsiSDa;bScsiSDa;c:\windows\system32\DRIVERS\bScsiSDa.sys;c:\windows\SYSNATIVE\DRIVERS\bScsiSDa.sys [x]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
R3 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
S2 ePowerSvc;ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]
S2 Freemake Improver;Freemake Improver;c:\programdata\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe;c:\programdata\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [x]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe;c:\program files (x86)\Acer\Registration\GREGsvc.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [x]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]
S2 Samsung Network Fax Server;Samsung Network Fax Server;c:\windows\system32\spool\drivers\x64\3\NetFaxServer64.exe;c:\windows\SYSNATIVE\spool\drivers\x64\3\NetFaxServer64.exe [x]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys;c:\windows\SYSNATIVE\Drivers\SSPORT.sys [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-11-20 19:40 1087304 ----a-w- c:\program files (x86)\Google\Chrome\Application\39.0.2171.65\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-12-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-27 08:50]
.
2014-12-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-07 12:02]
.
2014-12-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-07 12:02]
.
2014-12-16 c:\windows\Tasks\Norton Security Scan for Verena.job
- c:\progra~2\NORTON~2\Engine\403~1.27\Nss.exe [2014-03-02 07:10]
.
2014-12-17 c:\windows\Tasks\ReclaimerUpdateFiles_Verena.job
- c:\users\Verena\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.03\agent\rnupgagent.exe [2014-12-01 12:13]
.
2014-12-17 c:\windows\Tasks\ReclaimerUpdateXML_Verena.job
- c:\users\Verena\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.03\agent\rnupgagent.exe [2014-12-01 12:13]
.
2014-12-17 c:\windows\Tasks\RNUpgradeHelperLogonPrompt_Verena.job
- c:\users\Verena\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.03\agent\rnupgagent.exe [2014-12-01 12:13]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:10 164760 ----a-w- c:\users\Verena\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:10 164760 ----a-w- c:\users\Verena\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:10 164760 ----a-w- c:\users\Verena\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:10 164760 ----a-w- c:\users\Verena\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:10 164760 ----a-w- c:\users\Verena\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:10 164760 ----a-w- c:\users\Verena\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:10 164760 ----a-w- c:\users\Verena\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:10 164760 ----a-w- c:\users\Verena\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-21 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-21 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-21 416024]
"IntelTBRunOnce"="wscript.exe" [2013-10-12 168960]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-08-16 12673128]
"RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-08-16 2277480]
"Power Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2011-08-02 1831016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = hxxp://www.google.com/ie
uStart Page = hxxp://search.gboxapp.com/
mDefault_Page_URL = hxxp://www.google.com
mStart Page = hxxp://search.gboxapp.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: An OneNote s&enden - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105
IE: Free YouTube to MP3 Converter - c:\users\Verena\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\
FF - prefs.js: browser.search.selectedEngine - Yahoo MSD
FF - prefs.js: keyword.URL -
FF - prefs.js: browser.startup.homepage - hxxp://search.gboxapp.com/
FF - user.js: extensions.mysearchdial.hmpg - true
FF - user.js: extensions.mysearchdial.hmpgUrl - hxxp://start.mysearchdial.com/?f=1&a=irmsd0101&cd=2XzuyEtN2Y1L1Qzu0EyE0DyDtA0D0AtCzyyCyEyEyEyC0C0EtN0D0Tzu0SyByDtDtN1L2XzutBtFtBtFtCyDtFtCyDzytBtN1L1CzutDzytDtCtG1T&cr=1780154535&ir=
FF - user.js: extensions.mysearchdial.dfltSrch - true
FF - user.js: extensions.mysearchdial.srchPrvdr - Mysearchdial
FF - user.js: extensions.mysearchdial.dnsErr - true
FF - user.js: extensions.mysearchdial_i.newTab - false
FF - user.js: extensions.mysearchdial.newTabUrl - hxxp://start.mysearchdial.com/?f=2&a=irmsd0101&cd=2XzuyEtN2Y1L1Qzu0EyE0DyDtA0D0AtCzyyCyEyEyEyC0C0EtN0D0Tzu0SyByDtDtN1L2XzutBtFtBtFtCyDtFtCyDzytBtN1L1CzutDzytDtCtG1T&cr=1780154535&ir=
FF - user.js: extensions.mysearchdial.tlbrSrchUrl - hxxp://start.mysearchdial.com/?f=3&a=irmsd0101&cd=2XzuyEtN2Y1L1Qzu0EyE0DyDtA0D0AtCzyyCyEyEyEyC0C0EtN0D0Tzu0SyByDtDtN1L2XzutBtFtBtFtCyDtFtCyDzytBtN1L1CzutDzytDtCtG1T&cr=1780154535&ir=&q=
FF - user.js: extensions.mysearchdial.id - E4D53DA1964446CE
FF - user.js: extensions.mysearchdial.instlDay - 16090
FF - user.js: extensions.mysearchdial.vrsn - 1.8.21.0
FF - user.js: extensions.mysearchdial.vrsni - 1.8.21.0
FF - user.js: extensions.mysearchdial_i.vrsnTs - 1.8.21.011:34
FF - user.js: extensions.mysearchdial.prtnrId - mysearchdial
FF - user.js: extensions.mysearchdial.prdct - mysearchdial
FF - user.js: extensions.mysearchdial.aflt - irmsd0101
FF - user.js: extensions.mysearchdial_i.smplGrp - none
FF - user.js: extensions.mysearchdial.tlbrId - base
FF - user.js: extensions.mysearchdial.instlRef -
FF - user.js: extensions.mysearchdial.dfltLng -
FF - user.js: extensions.mysearchdial.appId - {CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}
FF - user.js: extensions.mysearchdial.excTlbr - false
FF - user.js: extensions.mysearchdial_i.hmpg - true
FF - user.js: extensions.mysearchdial.cr - 1780154535
FF - user.js: extensions.mysearchdial.cd - 2XzuyEtN2Y1L1Qzu0EyE0DyDtA0D0AtCzyyCyEyEyEyC0C0EtN0D0Tzu0SyByDtDtN1L2XzutBtFtBtFtCyDtFtCyDzytBtN1L1CzutDzytDtCtG1T
FF - user.js: extensions.mysearchdial.AL - 2
FF - user.js: extensions.irmysearch.aflt - irmsd0101
FF - user.js: extensions.irmysearch.instlRef -
FF - user.js: extensions.irmysearch.cr - 1780154535
FF - user.js: extensions.irmysearch.cd - 2XzuyEtN2Y1L1Qzu0EyE0DyDtA0D0AtCzyyCyEyEyEyC0C0EtN0D0Tzu0SyByDtDtN1L2XzutBtFtBtFtCyDtFtCyDzytBtN1L1CzutDzytDtCtG1T
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{78e516ef-11de-47a1-8364-a99b917ec5ee} - (no file)
BHO-{11C8C9C0-D918-44C0-8B5E-D297DA42F2C7} - c:\program files (x86)\Speed Test 127\ScriptHost.dll
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-mikporw - c:\users\Verena\AppData\Local\mikporw.dll
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
AddRemove-FreePDFReader - c:\program files (x86)\Uninstall Information\97\4450\uninstall.exe
AddRemove-RealPlayer 16.0 - c:\program files (x86)\real\realplayer\Update\r1puninst.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_246_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_246_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_246_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_246_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_246.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.15"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_246.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_246.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_246.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Launch Manager\LMworker.exe
c:\program files (x86)\Launch Manager\LMutilps32.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-12-17 22:09:37 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2014-12-17 21:09
.
Vor Suchlauf: 11 Verzeichnis(se), 456.720.310.272 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 457.988.067.328 Bytes frei
.
- - End Of File - - BDAC6C718791AF932D903CC04F580391
|
|
18.12.2014, 20:39
| #6 |
| /// the machine /// TB-Ausbilder | Deinstallation von PC Performer Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ --> Deinstallation von PC Performer |
|
18.12.2014, 22:47
| #7 |
| | Deinstallation von PC Performer Vielen Dank; ich werde in den nächsten drei Wochen im Urlaub sein und den Laptop nicht mitnehmen, das heißt, ich kann nicht innerhalb drei Tagen posten, möchte die Deinstallation aber dennoch vollständig ausführen. Hier das von mbam: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 18.12.2014 Suchlauf-Zeit: 21:29:27 Logdatei: mbam.txt Administrator: Ja Version: 2.00.4.1028 Malware Datenbank: v2014.12.18.05 Rootkit Datenbank: v2014.12.14.01 Lizenz: Testversion Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Verena Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 385651 Verstrichene Zeit: 28 Min, 19 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente erkannt) Module: 0 (Keine schädliche Elemente erkannt) Registrierungsschlüssel: 84 PUP.Optional.SpeedTest.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{11C8C9C0-D918-44C0-8B5E-D297DA42F2C7}, In Quarantäne, [0746b6ae86f684b2dc68a92cca38af51], PUP.Optional.SpeedTest.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{11C8C9C0-D918-44C0-8B5E-D297DA42F2C7}, In Quarantäne, [0746b6ae86f684b2dc68a92cca38af51], PUP.Optional.SpeedTest.A, HKU\S-1-5-21-1577607291-3742472165-1464039351-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{11C8C9C0-D918-44C0-8B5E-D297DA42F2C7}, In Quarantäne, [0746b6ae86f684b2dc68a92cca38af51], PUP.Optional.SpeedTest.A, HKU\S-1-5-21-1577607291-3742472165-1464039351-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{11C8C9C0-D918-44C0-8B5E-D297DA42F2C7}, In Quarantäne, [0746b6ae86f684b2dc68a92cca38af51], PUP.Optional.FreeGames.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{C45EC9F0-8333-465D-9728-074BD41985C9}, In Quarantäne, [153873f1394391a5a774d8fdb64cf709], PUP.Optional.FreeGames.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{C099CD7B-A94C-4229-B6F7-76D3494C88D8}, In Quarantäne, [153873f1394391a5a774d8fdb64cf709], PUP.Optional.FreeGames.A, HKLM\SOFTWARE\CLASSES\Free Games 111.Tool.1, In Quarantäne, [153873f1394391a5a774d8fdb64cf709], PUP.Optional.FreeGames.A, HKLM\SOFTWARE\CLASSES\Free Games 111.Tool, In Quarantäne, [153873f1394391a5a774d8fdb64cf709], PUP.Optional.FreeGames.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Free Games 111.Tool, In Quarantäne, [153873f1394391a5a774d8fdb64cf709], PUP.Optional.FreeGames.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Free Games 111.Tool.1, In Quarantäne, [153873f1394391a5a774d8fdb64cf709], PUP.Optional.FreeGames.A, HKLM\SOFTWARE\CLASSES\CLSID\{C099CD7B-A94C-4229-B6F7-76D3494C88D8}, In Quarantäne, [153873f1394391a5a774d8fdb64cf709], PUP.Optional.FreeGames.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{C45EC9F0-8333-465D-9728-074BD41985C9}, In Quarantäne, [153873f1394391a5a774d8fdb64cf709], PUP.Optional.FreeGames.A, HKU\S-1-5-21-1577607291-3742472165-1464039351-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{C45EC9F0-8333-465D-9728-074BD41985C9}, In Quarantäne, [153873f1394391a5a774d8fdb64cf709], PUP.Optional.FreeGames.A, HKU\S-1-5-21-1577607291-3742472165-1464039351-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{C45EC9F0-8333-465D-9728-074BD41985C9}, In Quarantäne, [153873f1394391a5a774d8fdb64cf709], PUP.Optional.SearchProtect.A, HKU\S-1-5-21-1577607291-3742472165-1464039351-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}, In Quarantäne, [d37a2f35087476c082dcbb17cb37c43c], PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}, In Quarantäne, [d37a2f35087476c082dcbb17cb37c43c], PUP.Optional.MySearchDial.A, HKU\S-1-5-21-1577607291-3742472165-1464039351-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}, In Quarantäne, [2528f56f1b613105e77803cf54aeb64a], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}, In Quarantäne, [2528f56f1b613105e77803cf54aeb64a], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{0400EBCA-042C-4000-AA89-9713FBEDB671}, In Quarantäne, [eb62bda75b21f44242cb050730d347b9], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\TypeLib\{FBC322D5-407E-4854-8C0B-555B951FD8E3}, In Quarantäne, [e7669bc9ee8e85b134d9fd0fef141be5], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{0BD19251-4B4B-4B94-AB16-617106245BB7}, In Quarantäne, [e7669bc9ee8e85b134d9fd0fef141be5], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{3281114F-BCAB-45E3-80D9-A6CD64D4E636}, In Quarantäne, [e7669bc9ee8e85b134d9fd0fef141be5], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{44533FCB-F9FB-436A-8B6B-CF637B2D465A}, In Quarantäne, [e7669bc9ee8e85b134d9fd0fef141be5], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{44B29DDD-CF7A-454A-A275-A322A398D93F}, In Quarantäne, [e7669bc9ee8e85b134d9fd0fef141be5], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{A4DE94DB-DF03-45A3-8A5D-D1B7464B242D}, In Quarantäne, [e7669bc9ee8e85b134d9fd0fef141be5], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{AA0F50A8-2618-4AE4-A779-9F7378555A8F}, In Quarantäne, [e7669bc9ee8e85b134d9fd0fef141be5], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{B2DB115C-8278-4947-9A07-57B53D1C4215}, In Quarantäne, [e7669bc9ee8e85b134d9fd0fef141be5], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{B97FC455-DB33-431D-84DB-6F1514110BD5}, In Quarantäne, [e7669bc9ee8e85b134d9fd0fef141be5], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{C67281E0-78F5-4E49-9FAE-4B1B2ADAF17B}, In Quarantäne, [e7669bc9ee8e85b134d9fd0fef141be5], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{E72E9312-0367-4216-BFC7-21485FA8390B}, In Quarantäne, [e7669bc9ee8e85b134d9fd0fef141be5], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{F6CCB6C9-127E-44AE-8552-B94356F39FFE}, In Quarantäne, [e7669bc9ee8e85b134d9fd0fef141be5], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{FFD25630-2734-4AE9-88E6-21BF6525F3FE}, In Quarantäne, [e7669bc9ee8e85b134d9fd0fef141be5], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{0BD19251-4B4B-4B94-AB16-617106245BB7}, In Quarantäne, [e7669bc9ee8e85b134d9fd0fef141be5], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{3281114F-BCAB-45E3-80D9-A6CD64D4E636}, In Quarantäne, [e7669bc9ee8e85b134d9fd0fef141be5], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{44533FCB-F9FB-436A-8B6B-CF637B2D465A}, In Quarantäne, [e7669bc9ee8e85b134d9fd0fef141be5], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{44B29DDD-CF7A-454A-A275-A322A398D93F}, In Quarantäne, [e7669bc9ee8e85b134d9fd0fef141be5], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{A4DE94DB-DF03-45A3-8A5D-D1B7464B242D}, In Quarantäne, [e7669bc9ee8e85b134d9fd0fef141be5], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{AA0F50A8-2618-4AE4-A779-9F7378555A8F}, In Quarantäne, [e7669bc9ee8e85b134d9fd0fef141be5], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{B2DB115C-8278-4947-9A07-57B53D1C4215}, In Quarantäne, [e7669bc9ee8e85b134d9fd0fef141be5], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{B97FC455-DB33-431D-84DB-6F1514110BD5}, In Quarantäne, [e7669bc9ee8e85b134d9fd0fef141be5], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{C67281E0-78F5-4E49-9FAE-4B1B2ADAF17B}, In Quarantäne, [e7669bc9ee8e85b134d9fd0fef141be5], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{E72E9312-0367-4216-BFC7-21485FA8390B}, In Quarantäne, [e7669bc9ee8e85b134d9fd0fef141be5], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{F6CCB6C9-127E-44AE-8552-B94356F39FFE}, In Quarantäne, [e7669bc9ee8e85b134d9fd0fef141be5], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{FFD25630-2734-4AE9-88E6-21BF6525F3FE}, In Quarantäne, [e7669bc9ee8e85b134d9fd0fef141be5], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TypeLib\{FBC322D5-407E-4854-8C0B-555B951FD8E3}, In Quarantäne, [b29b164e98e4d462e22b65a7db284ab6], PUP.Optional.BesttoolBars, HKLM\SOFTWARE\CLASSES\TYPELIB\{08BB1B53-9220-44C1-B29B-7795C8E5965D}, In Quarantäne, [331afd67dba10a2c4e6e41f325dbf60a], PUP.Optional.BesttoolBars, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{08BB1B53-9220-44C1-B29B-7795C8E5965D}, In Quarantäne, [331afd67dba10a2c4e6e41f325dbf60a], PUP.Optional.FreeGames.A, HKLM\SOFTWARE\CLASSES\Free Games 111.BackgroundHostObject, In Quarantäne, [430af86c7903b482843cafe662a1f30d], PUP.Optional.FreeGames.A, HKLM\SOFTWARE\CLASSES\Free Games 111.BackgroundHostObject.1, In Quarantäne, [8fbe154ff3893ff76060365f91728080], PUP.Optional.FreeGames.A, HKLM\SOFTWARE\CLASSES\Free Games 111.Navbar, In Quarantäne, [da73a6be1b6144f2e6da059058ab16ea], PUP.Optional.FreeGames.A, HKLM\SOFTWARE\CLASSES\Free Games 111.Navbar.1, In Quarantäne, [a2abe183700ce056e1dff2a30df651af], PUP.Optional.SpeedTest.A, HKLM\SOFTWARE\CLASSES\Speed Test 127.BackgroundHostObject, In Quarantäne, [a9a49cc85d1f73c3bb0723720ff4ff01], PUP.Optional.SpeedTest.A, HKLM\SOFTWARE\CLASSES\Speed Test 127.BackgroundHostObject.1, In Quarantäne, [7bd2f76dabd1b1850eb4d0c535ced12f], PUP.Optional.SpeedTest.A, HKLM\SOFTWARE\CLASSES\Speed Test 127.Navbar, In Quarantäne, [b8954d17225a8da9358d6e2760a317e9], PUP.Optional.SpeedTest.A, HKLM\SOFTWARE\CLASSES\Speed Test 127.Navbar.1, In Quarantäne, [dc71d68e4933ae88e3df6c29df24a65a], PUP.Optional.SpeedTest.A, HKLM\SOFTWARE\CLASSES\Speed Test 127.Tool, In Quarantäne, [3e0f11535b217abc05bd950031d2c040], PUP.Optional.SpeedTest.A, HKLM\SOFTWARE\CLASSES\Speed Test 127.Tool.1, In Quarantäne, [dd70baaa5c200630635fbadb8d7609f7], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\pflphaooapbgpeakohlggbpidpppgdff, In Quarantäne, [e964a8bcccb0072f5b3bf6a255aef30d], PUP.Optional.FreeGames.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Free Games 111.BackgroundHostObject, In Quarantäne, [53fa550fc1bba195aa16900528db28d8], PUP.Optional.FreeGames.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Free Games 111.BackgroundHostObject.1, In Quarantäne, [f55881e394e894a2318f43525aa9df21], PUP.Optional.FreeGames.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Free Games 111.Navbar, In Quarantäne, [67e6491ba8d4bc7a2d93098cc83b1be5], PUP.Optional.FreeGames.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Free Games 111.Navbar.1, In Quarantäne, [18354a1a6715f93d665aa8ed2dd633cd], PUP.Optional.SpeedTest.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Speed Test 127.BackgroundHostObject, In Quarantäne, [252844203c405cdaa9199302f90acb35], PUP.Optional.SpeedTest.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Speed Test 127.BackgroundHostObject.1, In Quarantäne, [0b42cd97116b71c512b04c4919ea9c64], PUP.Optional.SpeedTest.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Speed Test 127.Navbar, In Quarantäne, [420b9acadd9f58de536f2f660ef524dc], PUP.Optional.SpeedTest.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Speed Test 127.Navbar.1, In Quarantäne, [a3aa4d17463693a303bf583d39caa25e], PUP.Optional.SpeedTest.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Speed Test 127.Tool, In Quarantäne, [60edc79d3b412016fcc62c697d86d42c], PUP.Optional.SpeedTest.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Speed Test 127.Tool.1, In Quarantäne, [0d406cf83c407fb76d550b8abe45738d], PUP.Optional.Wajam.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\jpmbfleldcgkldadpdinhjjopdfpjfjp, In Quarantäne, [282569fbcdaf80b6880c67282fd4d030], PUP.Optional.Perion.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\niogeckbkdcabhnapjbkeiklablhjoca, In Quarantäne, [e964cd97215be452d3a66af4f40f758b], PUP.Optional.Wajam.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\NATIVEMESSAGINGHOSTS\com.wajam.chrome.messaging.host, In Quarantäne, [fc51263ef785eb4bb1e4f29dd82b30d0], PUP.Optional.InterenetOptimizer.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\0c632643, In Quarantäne, [b895352f5b21e74f8ff1ee6646bd5ea2], PUP.Optional.SweetIM.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SweetIM, In Quarantäne, [2924eb796814ad89778074df946f40c0], PUP.Optional.Feven.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Feven 1.5, In Quarantäne, [8fbe164e3f3da195683baee3778cce32], PUP.Optional.InstallBrain.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WNLT, In Quarantäne, [262723413f3d122454eccbe86e96728e], PUP.Optional.SearchProtect.A, HKU\S-1-5-21-1577607291-3742472165-1464039351-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Conduit_Search_Protect, In Quarantäne, [5df0e57f2a52d66037c4b8127c88cd33], PUP.Optional.DigitalSites.A, HKU\S-1-5-21-1577607291-3742472165-1464039351-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DSiteProducts, In Quarantäne, [024b8dd74e2e45f1fc19dff6b2529a66], PUP.Optional.MySearchDial.A, HKU\S-1-5-21-1577607291-3742472165-1464039351-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\mysearchdial.com, In Quarantäne, [6fdecc98bebe9c9a5beae5c8d82c8b75], PUP.Optional.FreeGames.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{FD58258C-84A6-4DEF-9793-019BE7F491A7}, In Quarantäne, [9bb2bda7d8a491a54d203ce5d132d22e], PUP.Optional.FreeGames.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{FD58258C-84A6-4DEF-9793-019BE7F491A7}, In Quarantäne, [9bb2bda7d8a491a54d203ce5d132d22e], PUP.Optional.FreeGames.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{16F7ED3A-ECD8-46C7-8FD3-E4A8C79884D7}, In Quarantäne, [9bb2bda7d8a491a54d203ce5d132d22e], PUP.Optional.FreeGames.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{38D7B10F-7131-4677-ACE1-B8A071D29901}, In Quarantäne, [9bb2bda7d8a491a54d203ce5d132d22e], PUP.Optional.FreeGames.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{38D7B10F-7131-4677-ACE1-B8A071D29901}, In Quarantäne, [9bb2bda7d8a491a54d203ce5d132d22e], PUP.Optional.FreeGames.A, HKLM\SOFTWARE\CLASSES\CLSID\{16F7ED3A-ECD8-46C7-8FD3-E4A8C79884D7}, In Quarantäne, [9bb2bda7d8a491a54d203ce5d132d22e], Registrierungswerte: 2 PUP.Optional.NextLive.A, HKU\S-1-5-21-1577607291-3742472165-1464039351-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|NextLive, C:\Windows\SysWOW64\rundll32.exe "C:\Users\Verena\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l, In Quarantäne, [72dbb8ace39970c6e24bc5ad778a31cf] PUP.Optional.InstallBrain.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WNLT|URL, MYSTART, In Quarantäne, [262723413f3d122454eccbe86e96728e] Registrierungsdaten: 3 PUP.Optional.GboxApp.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://search.gboxapp.com/, Gut: (www.google.com), Schlecht: (hxxp://search.gboxapp.com/),Ersetzt,[f15cec78413ba096ac7c6cfc30d540c0] PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\ABOUTURLS|Tabs, hxxp://start.mysearchdial.com/?f=2&a=irmsd0101&cd=2XzuyEtN2Y1L1Qzu0EyE0DyDtA0D0AtCzyyCyEyEyEyC0C0EtN0D0Tzu0SyByDtDtN1L2XzutBtFtBtFtCyDtFtCyDzytBtN1L1CzutDzytDtCtG1T&cr=1780154535&ir=, Gut: (www.google.com), Schlecht: (hxxp://start.mysearchdial.com/?f=2&a=irmsd0101&cd=2XzuyEtN2Y1L1Qzu0EyE0DyDtA0D0AtCzyyCyEyEyEyC0C0EtN0D0Tzu0SyByDtDtN1L2XzutBtFtBtFtCyDtFtCyDzytBtN1L1CzutDzytDtCtG1T&cr=1780154535&ir=),Ersetzt,[a0ad77ed7408171f4786ca9f72939d63] PUP.Optional.GboxApp.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://search.gboxapp.com/, Gut: (www.google.com), Schlecht: (hxxp://search.gboxapp.com/),Ersetzt,[024bb9ab8eeeda5c9d8b3b2de71efe02] Ordner: 70 PUP.Optional.OpenCandy, C:\Users\Verena\AppData\Roaming\OpenCandy, In Quarantäne, [d07d3f257804c0767505ff201ee58c74], PUP.Optional.OpenCandy, C:\Users\Verena\AppData\Roaming\OpenCandy\0FC0C6BA973247C59B289B516EADF5BF, In Quarantäne, [d07d3f257804c0767505ff201ee58c74], PUP.Optional.OpenCandy, C:\Users\Verena\AppData\Roaming\OpenCandy\21345AD834E64EF4A7312D58E106B313, In Quarantäne, [d07d3f257804c0767505ff201ee58c74], PUP.Optional.NextLive.A, C:\Users\Verena\AppData\Roaming\newnext.me, In Quarantäne, [2a233b29bfbd74c21afb78a953b0e21e], PUP.Optional.NextLive.A, C:\Users\Verena\AppData\Roaming\newnext.me\cache, In Quarantäne, [2a233b29bfbd74c21afb78a953b0e21e], PUP.Optional.FreeGames.A, C:\Program Files (x86)\Free Games 111, In Quarantäne, [9bb2bda7d8a491a54d203ce5d132d22e], PUP.Optional.Wajam.A, C:\Users\Verena\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp, In Quarantäne, [87c68ed64339f244af0bf32e1ee5817f], PUP.Optional.Wajam.A, C:\Users\Verena\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.33_0, In Quarantäne, [87c68ed64339f244af0bf32e1ee5817f], PUP.Optional.Wajam.A, C:\Users\Verena\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.33_0\html, In Quarantäne, [87c68ed64339f244af0bf32e1ee5817f], PUP.Optional.Wajam.A, C:\Users\Verena\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.33_0\js, In Quarantäne, [87c68ed64339f244af0bf32e1ee5817f], PUP.Optional.Wajam.A, C:\Users\Verena\AppData\Local\Wajam, In Quarantäne, [89c4263e5329e1556184e042b0539f61], PUP.Optional.Wajam.A, C:\Users\Verena\AppData\Local\Wajam\Chrome, In Quarantäne, [89c4263e5329e1556184e042b0539f61], PUP.Optional.WhiteSmoke.A, C:\Users\Verena\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj, In Quarantäne, [0647ff65e3992a0caa3f24fff90a1ce4], PUP.Optional.FreeGames.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\freegames4357@BestOffers, In Quarantäne, [f855c1a3116b74c24fa294903bc824dc], PUP.Optional.FreeGames.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\freegames4357@BestOffers\chrome, In Quarantäne, [f855c1a3116b74c24fa294903bc824dc], PUP.Optional.FreeGames.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\freegames4357@BestOffers\chrome\content, In Quarantäne, [f855c1a3116b74c24fa294903bc824dc], PUP.Optional.FreeGames.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\freegames4357@BestOffers\chrome\skin, In Quarantäne, [f855c1a3116b74c24fa294903bc824dc], PUP.Optional.MySearchDial.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\ffxtlbr@mysearchdial.com, In Quarantäne, [4ffeabb9a5d749ed46c6b47140c3857b], PUP.Optional.MySearchDial.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\ffxtlbr@mysearchdial.com\components, In Quarantäne, [4ffeabb9a5d749ed46c6b47140c3857b], PUP.Optional.MySearchDial.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\ffxtlbr@mysearchdial.com\content, In Quarantäne, [4ffeabb9a5d749ed46c6b47140c3857b], PUP.Optional.MySearchDial.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\ffxtlbr@mysearchdial.com\content\imgs, In Quarantäne, [4ffeabb9a5d749ed46c6b47140c3857b], PUP.Optional.MySearchDial.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\ffxtlbr@mysearchdial.com\content\imgs\flgs, In Quarantäne, [4ffeabb9a5d749ed46c6b47140c3857b], PUP.Optional.MySearchDial.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\ffxtlbr@mysearchdial.com\META-INF, In Quarantäne, [4ffeabb9a5d749ed46c6b47140c3857b], PUP.Optional.SpeedTest.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\speedtest4354@BestOffers, In Quarantäne, [7ad37aea7dffc1752afd2df8ff04e719], PUP.Optional.SpeedTest.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\speedtest4354@BestOffers\chrome, In Quarantäne, [7ad37aea7dffc1752afd2df8ff04e719], PUP.Optional.SpeedTest.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\speedtest4354@BestOffers\chrome\content, In Quarantäne, [7ad37aea7dffc1752afd2df8ff04e719], PUP.Optional.SpeedTest.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\speedtest4354@BestOffers\chrome\skin, In Quarantäne, [7ad37aea7dffc1752afd2df8ff04e719], PUP.Optional.SimpleNewTab.A, C:\Users\Verena\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmgkeimkiojpjcoiiipekfjaopchhjga, In Quarantäne, [3b12cc98304cba7c7ad70f1f9e65dc24], PUP.Optional.SimpleNewTab.A, C:\Users\Verena\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmgkeimkiojpjcoiiipekfjaopchhjga\1.0.0_0, In Quarantäne, [3b12cc98304cba7c7ad70f1f9e65dc24], PUP.Optional.OfferMosquito.A, C:\Users\Verena\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbmdkmlcnbapgegninelmjbfibaghdmk, In Quarantäne, [3a13055f7dff6accf560e34bc73cec14], PUP.Optional.OfferMosquito.A, C:\Users\Verena\AppData\Local\Google\Chrome\User Data\Default\ext_offermosquito, In Quarantäne, [58f5164efd7fb086b0a64ae41be8a25e], PUP.Optional.IePluginServices.A, C:\ProgramData\IePluginServices, In Quarantäne, [202d521297e51422bc2caa8a59aad22e], PUP.Optional.IePluginServices.A, C:\ProgramData\IePluginServices\update, In Quarantäne, [202d521297e51422bc2caa8a59aad22e], PUP.Optional.FastStart.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\faststartff@gmail.com, In Quarantäne, [f954ff6592ea85b1ce3d85b1b350cc34], PUP.Optional.FastStart.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\faststartff@gmail.com\chrome, In Quarantäne, [f954ff6592ea85b1ce3d85b1b350cc34], PUP.Optional.FastStart.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\faststartff@gmail.com\chrome\content, In Quarantäne, [f954ff6592ea85b1ce3d85b1b350cc34], PUP.Optional.FastStart.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\faststartff@gmail.com\chrome\skin, In Quarantäne, [f954ff6592ea85b1ce3d85b1b350cc34], PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect, In Quarantäne, [1736df85324a999d58ed41f6cc379e62], PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\log, In Quarantäne, [1736df85324a999d58ed41f6cc379e62], PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\update, In Quarantäne, [1736df85324a999d58ed41f6cc379e62], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab, In Quarantäne, [6be20f55cab2063071e0b5883ec5d62a], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin, In Quarantäne, [6be20f55cab2063071e0b5883ec5d62a], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\image, In Quarantäne, [6be20f55cab2063071e0b5883ec5d62a], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web, In Quarantäne, [6be20f55cab2063071e0b5883ec5d62a], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img, In Quarantäne, [6be20f55cab2063071e0b5883ec5d62a], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales, In Quarantäne, [6be20f55cab2063071e0b5883ec5d62a], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\en-US, In Quarantäne, [6be20f55cab2063071e0b5883ec5d62a], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-419, In Quarantäne, [6be20f55cab2063071e0b5883ec5d62a], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-ES, In Quarantäne, [6be20f55cab2063071e0b5883ec5d62a], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-BE, In Quarantäne, [6be20f55cab2063071e0b5883ec5d62a], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CA, In Quarantäne, [6be20f55cab2063071e0b5883ec5d62a], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CH, In Quarantäne, [6be20f55cab2063071e0b5883ec5d62a], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-FR, In Quarantäne, [6be20f55cab2063071e0b5883ec5d62a], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-LU, In Quarantäne, [6be20f55cab2063071e0b5883ec5d62a], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-CH, In Quarantäne, [6be20f55cab2063071e0b5883ec5d62a], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-IT, In Quarantäne, [6be20f55cab2063071e0b5883ec5d62a], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pl, In Quarantäne, [6be20f55cab2063071e0b5883ec5d62a], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt, In Quarantäne, [6be20f55cab2063071e0b5883ec5d62a], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt-BR, In Quarantäne, [6be20f55cab2063071e0b5883ec5d62a], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru, In Quarantäne, [6be20f55cab2063071e0b5883ec5d62a], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru-MO, In Quarantäne, [6be20f55cab2063071e0b5883ec5d62a], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\tr-TR, In Quarantäne, [6be20f55cab2063071e0b5883ec5d62a], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\vi-VI, In Quarantäne, [6be20f55cab2063071e0b5883ec5d62a], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-CN, In Quarantäne, [6be20f55cab2063071e0b5883ec5d62a], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-TW, In Quarantäne, [6be20f55cab2063071e0b5883ec5d62a], PUP.Optional.PCPerformer, C:\Users\Verena\AppData\Roaming\PerformerSoft\PC Performer, In Quarantäne, [e26b065e24582b0be13e0e32a063718f], PUP.Optional.BetterAds.A, C:\Users\Verena\AppData\Local\MediaBA, In Quarantäne, [3a135e06710bfb3b85e6b58d8b78758b], PUP.Optional.WowCoupon.A, C:\ProgramData\WowCoupon, In Quarantäne, [fe4fe67eb6c6e94d6a2b1f29fe05ed13], PUP.Optional.PriceDownloader.A, C:\ProgramData\PriceDownloader, In Quarantäne, [76d7f66e29530a2cdc63123a8e75c040], PUP.Optional.InterenetOptimizer.A, C:\ProgramData\Interenet Optimizer, In Quarantäne, [6fdeadb77705e5510e8a4409e61d14ec], Dateien: 299 PUP.Optional.NextLive.A, C:\Users\Verena\AppData\Roaming\newnext.me\nengine.dll, In Quarantäne, [72dbb8ace39970c6e24bc5ad778a31cf], PUP.Optional.FreeGames.A, C:\Program Files (x86)\Free Games 111\ScriptHost.dll, In Quarantäne, [153873f1394391a5a774d8fdb64cf709], Spyware.Passwords.ED, C:\ProgramData\Windows Genuine Advantage\{3663379E-E7CA-44EB-ABE1-B119B223CF90}\ListSvc31.dll, In Quarantäne, [b8956afa8fed79bd4876ad2a31d0ae52], PUP.Optional.Conduit.A, C:\Users\Verena\AppData\Roaming\OpenCandy\0FC0C6BA973247C59B289B516EADF5BF\search_protect_global.exe, In Quarantäne, [2a23451f3f3dbf7786c6201a877a35cb], PUP.Optional.BesttoolBars, C:\Program Files (x86)\Free Games 111\AddonsFramework.Typelib.dll, In Quarantäne, [331afd67dba10a2c4e6e41f325dbf60a], PUP.Optional.BesttoolBars, C:\Program Files (x86)\Free Games 111\AddonsFramework.Typelib64.dll, In Quarantäne, [88c51450b8c44beb9a2280b4f10fd030], PUP.BundleInstaller.VG, C:\Program Files (x86)\vGrabber-software\Uninstall.exe, In Quarantäne, [3d109dc7bac263d3bf3e941257a928d8], PUP.Optional.PCPerformer.A, C:\Windows\System32\roboot64.exe, In Quarantäne, [0f3eaeb6adcf7cbaa89732efd828a858], PUP.Optional.NextLive.A, C:\Users\Verena\AppData\Local\genienext\nengine.dll, In Quarantäne, [371632325d1f1f17f6378de53ac7d62a], PUP.Optional.Conduit.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\searchplugins\conduit-search.xml, In Quarantäne, [17366bf9c3b935018af397cbee15f60a], PUP.Optional.PCPerformer, C:\Windows\System32\Tasks\PC Performer, In Quarantäne, [53fa82e21a62a59118d08bdf1ae9649c], PUP.Optional.OfferMosquito.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\om@offermosquito.com.xpi, In Quarantäne, [8bc25a0a601c5cda1901611dc93a827e], PUP.Optional.MySearchDial.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}.xpi, In Quarantäne, [410ca9bbb4c8cf67344ba4e111f20ef2], PUP.Optional.Wajam.A, C:\Users\Verena\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_jpmbfleldcgkldadpdinhjjopdfpjfjp_0.localstorage, In Quarantäne, [d974d98bf4886cca356f4a3ead56d828], PUP.Optional.Wajam.A, C:\Users\Verena\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_jpmbfleldcgkldadpdinhjjopdfpjfjp_0.localstorage-journal, In Quarantäne, [c28b5d07cbb18ea8c2e203858a799f61], PUP.Optional.WebsSearches.A, C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\webssearches.xml, In Quarantäne, [4607a9bb43397fb7ca1ad9b02cd70df3], PUP.Optional.MySearchDial.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\searchplugins\Mysearchdial.xml, In Quarantäne, [6be25a0a413b7db973a56824768ddc24], PUP.Optional.SimpleNewTab.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\snt@dotlabs.co.xpi, In Quarantäne, [8dc0a7bd7903ff377de3953d7f853cc4], PUP.Optional.OpenCandy, C:\Users\Verena\AppData\Roaming\OpenCandy\21345AD834E64EF4A7312D58E106B313\Trial-14.0.1000.89_de-DE_1004733_DE-2.exe, In Quarantäne, [d07d3f257804c0767505ff201ee58c74], PUP.Optional.NextLive.A, C:\Users\Verena\AppData\Roaming\newnext.me\nengine.cookie, In Quarantäne, [2a233b29bfbd74c21afb78a953b0e21e], PUP.Optional.NextLive.A, C:\Users\Verena\AppData\Roaming\newnext.me\cache\spark.bin, In Quarantäne, [2a233b29bfbd74c21afb78a953b0e21e], PUP.Optional.FreeGames.A, C:\Program Files (x86)\Free Games 111\DeskTopIcon.ico, In Quarantäne, [9bb2bda7d8a491a54d203ce5d132d22e], PUP.Optional.FreeGames.A, C:\Program Files (x86)\Free Games 111\background.html, In Quarantäne, [9bb2bda7d8a491a54d203ce5d132d22e], PUP.Optional.FreeGames.A, C:\Program Files (x86)\Free Games 111\BackgroundHost.exe, In Quarantäne, [9bb2bda7d8a491a54d203ce5d132d22e], PUP.Optional.FreeGames.A, C:\Program Files (x86)\Free Games 111\BackgroundHost64.exe, In Quarantäne, [9bb2bda7d8a491a54d203ce5d132d22e], PUP.Optional.FreeGames.A, C:\Program Files (x86)\Free Games 111\button.js, In Quarantäne, [9bb2bda7d8a491a54d203ce5d132d22e], PUP.Optional.FreeGames.A, C:\Program Files (x86)\Free Games 111\ButtonSite.dll, In Quarantäne, [9bb2bda7d8a491a54d203ce5d132d22e], PUP.Optional.FreeGames.A, C:\Program Files (x86)\Free Games 111\ButtonSite64.dll, In Quarantäne, [9bb2bda7d8a491a54d203ce5d132d22e], PUP.Optional.FreeGames.A, C:\Program Files (x86)\Free Games 111\config.xml, In Quarantäne, [9bb2bda7d8a491a54d203ce5d132d22e], PUP.Optional.FreeGames.A, C:\Program Files (x86)\Free Games 111\content.js, In Quarantäne, [9bb2bda7d8a491a54d203ce5d132d22e], PUP.Optional.FreeGames.A, C:\Program Files (x86)\Free Games 111\icon128.ico, In Quarantäne, [9bb2bda7d8a491a54d203ce5d132d22e], PUP.Optional.FreeGames.A, C:\Program Files (x86)\Free Games 111\icon128.png, In Quarantäne, [9bb2bda7d8a491a54d203ce5d132d22e], PUP.Optional.FreeGames.A, C:\Program Files (x86)\Free Games 111\icon16.ico, In Quarantäne, [9bb2bda7d8a491a54d203ce5d132d22e], PUP.Optional.FreeGames.A, C:\Program Files (x86)\Free Games 111\icon16.png, In Quarantäne, [9bb2bda7d8a491a54d203ce5d132d22e], PUP.Optional.FreeGames.A, C:\Program Files (x86)\Free Games 111\icon18.ico, In Quarantäne, [9bb2bda7d8a491a54d203ce5d132d22e], PUP.Optional.FreeGames.A, C:\Program Files (x86)\Free Games 111\icon18.png, In Quarantäne, [9bb2bda7d8a491a54d203ce5d132d22e], PUP.Optional.FreeGames.A, C:\Program Files (x86)\Free Games 111\icon24.ico, In Quarantäne, [9bb2bda7d8a491a54d203ce5d132d22e], PUP.Optional.FreeGames.A, C:\Program Files (x86)\Free Games 111\icon24.png, In Quarantäne, [9bb2bda7d8a491a54d203ce5d132d22e], PUP.Optional.FreeGames.A, C:\Program Files (x86)\Free Games 111\icon32.ico, In Quarantäne, [9bb2bda7d8a491a54d203ce5d132d22e], PUP.Optional.FreeGames.A, C:\Program Files (x86)\Free Games 111\icon32.png, In Quarantäne, [9bb2bda7d8a491a54d203ce5d132d22e], PUP.Optional.FreeGames.A, C:\Program Files (x86)\Free Games 111\icon48.ico, In Quarantäne, [9bb2bda7d8a491a54d203ce5d132d22e], PUP.Optional.FreeGames.A, C:\Program Files (x86)\Free Games 111\icon48.png, In Quarantäne, [9bb2bda7d8a491a54d203ce5d132d22e], PUP.Optional.FreeGames.A, C:\Program Files (x86)\Free Games 111\jquery-1.9.1.min.js, In Quarantäne, [9bb2bda7d8a491a54d203ce5d132d22e], PUP.Optional.FreeGames.A, C:\Program Files (x86)\Free Games 111\json2.min.js, In Quarantäne, [9bb2bda7d8a491a54d203ce5d132d22e], PUP.Optional.FreeGames.A, C:\Program Files (x86)\Free Games 111\options.htm, In Quarantäne, [9bb2bda7d8a491a54d203ce5d132d22e], PUP.Optional.FreeGames.A, C:\Program Files (x86)\Free Games 111\rjs.js, In Quarantäne, [9bb2bda7d8a491a54d203ce5d132d22e], PUP.Optional.FreeGames.A, C:\Program Files (x86)\Free Games 111\uninst.exe, In Quarantäne, [9bb2bda7d8a491a54d203ce5d132d22e], PUP.Optional.FreeGames.A, C:\Program Files (x86)\Free Games 111\uninstall.exe, In Quarantäne, [9bb2bda7d8a491a54d203ce5d132d22e], PUP.Optional.FreeGames.A, C:\Program Files (x86)\Free Games 111\updater.js, In Quarantäne, [9bb2bda7d8a491a54d203ce5d132d22e], PUP.Optional.FreeGames.A, C:\Program Files (x86)\Free Games 111\updaterWrapper.js, In Quarantäne, [9bb2bda7d8a491a54d203ce5d132d22e], PUP.Optional.Wajam.A, C:\Users\Verena\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.33_0\manifest.json, In Quarantäne, [87c68ed64339f244af0bf32e1ee5817f], PUP.Optional.Wajam.A, C:\Users\Verena\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.33_0\priam_icon_128x128.png, In Quarantäne, [87c68ed64339f244af0bf32e1ee5817f], PUP.Optional.Wajam.A, C:\Users\Verena\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.33_0\priam_icon_48x48.png, In Quarantäne, [87c68ed64339f244af0bf32e1ee5817f], PUP.Optional.Wajam.A, C:\Users\Verena\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.33_0\html\background.html, In Quarantäne, [87c68ed64339f244af0bf32e1ee5817f], PUP.Optional.Wajam.A, C:\Users\Verena\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.33_0\js\background.js, In Quarantäne, [87c68ed64339f244af0bf32e1ee5817f], PUP.Optional.Wajam.A, C:\Users\Verena\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.33_0\js\browserLoad.js, In Quarantäne, [87c68ed64339f244af0bf32e1ee5817f], PUP.Optional.Wajam.A, C:\Users\Verena\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.33_0\js\priam.js, In Quarantäne, [87c68ed64339f244af0bf32e1ee5817f], PUP.Optional.Wajam.A, C:\Users\Verena\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.33_0\js\priam_background.js, In Quarantäne, [87c68ed64339f244af0bf32e1ee5817f], PUP.Optional.Wajam.A, C:\Users\Verena\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.33_0\js\priam_chrome.js, In Quarantäne, [87c68ed64339f244af0bf32e1ee5817f], PUP.Optional.Wajam.A, C:\Users\Verena\AppData\Local\Wajam\Chrome\wajam.crx, In Quarantäne, [89c4263e5329e1556184e042b0539f61], PUP.Optional.FreeGames.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\freegames4357@BestOffers\chrome.manifest, In Quarantäne, [f855c1a3116b74c24fa294903bc824dc], PUP.Optional.FreeGames.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\freegames4357@BestOffers\icon.png, In Quarantäne, [f855c1a3116b74c24fa294903bc824dc], PUP.Optional.FreeGames.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\freegames4357@BestOffers\install.rdf, In Quarantäne, [f855c1a3116b74c24fa294903bc824dc], PUP.Optional.FreeGames.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\freegames4357@BestOffers\chrome\content\background.html, In Quarantäne, [f855c1a3116b74c24fa294903bc824dc], PUP.Optional.FreeGames.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\freegames4357@BestOffers\chrome\content\button.js, In Quarantäne, [f855c1a3116b74c24fa294903bc824dc], PUP.Optional.FreeGames.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\freegames4357@BestOffers\chrome\content\button.xml, In Quarantäne, [f855c1a3116b74c24fa294903bc824dc], PUP.Optional.FreeGames.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\freegames4357@BestOffers\chrome\content\config.js, In Quarantäne, [f855c1a3116b74c24fa294903bc824dc], PUP.Optional.FreeGames.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\freegames4357@BestOffers\chrome\content\content.js, In Quarantäne, [f855c1a3116b74c24fa294903bc824dc], PUP.Optional.FreeGames.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\freegames4357@BestOffers\chrome\content\framework.js, In Quarantäne, [f855c1a3116b74c24fa294903bc824dc], PUP.Optional.FreeGames.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\freegames4357@BestOffers\chrome\content\framework.png, In Quarantäne, [f855c1a3116b74c24fa294903bc824dc], PUP.Optional.FreeGames.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\freegames4357@BestOffers\chrome\content\framework.xul, In Quarantäne, [f855c1a3116b74c24fa294903bc824dc], PUP.Optional.FreeGames.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\freegames4357@BestOffers\chrome\content\icon128.ico, In Quarantäne, [f855c1a3116b74c24fa294903bc824dc], PUP.Optional.FreeGames.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\freegames4357@BestOffers\chrome\content\icon128.png, In Quarantäne, [f855c1a3116b74c24fa294903bc824dc], PUP.Optional.FreeGames.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\freegames4357@BestOffers\chrome\content\icon16.ico, In Quarantäne, [f855c1a3116b74c24fa294903bc824dc], PUP.Optional.FreeGames.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\freegames4357@BestOffers\chrome\content\icon16.png, In Quarantäne, [f855c1a3116b74c24fa294903bc824dc], PUP.Optional.FreeGames.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\freegames4357@BestOffers\chrome\content\icon18.ico, In Quarantäne, [f855c1a3116b74c24fa294903bc824dc], PUP.Optional.FreeGames.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\freegames4357@BestOffers\chrome\content\icon18.png, In Quarantäne, [f855c1a3116b74c24fa294903bc824dc], PUP.Optional.FreeGames.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\freegames4357@BestOffers\chrome\content\icon24.ico, In Quarantäne, [f855c1a3116b74c24fa294903bc824dc], PUP.Optional.FreeGames.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\freegames4357@BestOffers\chrome\content\icon24.png, In Quarantäne, [f855c1a3116b74c24fa294903bc824dc], PUP.Optional.FreeGames.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\freegames4357@BestOffers\chrome\content\icon32.ico, In Quarantäne, [f855c1a3116b74c24fa294903bc824dc], PUP.Optional.FreeGames.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\freegames4357@BestOffers\chrome\content\icon32.png, In Quarantäne, [f855c1a3116b74c24fa294903bc824dc], PUP.Optional.FreeGames.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\freegames4357@BestOffers\chrome\content\icon48.ico, In Quarantäne, [f855c1a3116b74c24fa294903bc824dc], PUP.Optional.FreeGames.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\freegames4357@BestOffers\chrome\content\icon48.png, In Quarantäne, [f855c1a3116b74c24fa294903bc824dc], PUP.Optional.FreeGames.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\freegames4357@BestOffers\chrome\content\jquery-1.9.1.min.js, In Quarantäne, [f855c1a3116b74c24fa294903bc824dc], PUP.Optional.FreeGames.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\freegames4357@BestOffers\chrome\content\options.xul, In Quarantäne, [f855c1a3116b74c24fa294903bc824dc], PUP.Optional.FreeGames.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\freegames4357@BestOffers\chrome\content\rjs.js, In Quarantäne, [f855c1a3116b74c24fa294903bc824dc], PUP.Optional.FreeGames.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\freegames4357@BestOffers\chrome\content\settings.json, In Quarantäne, [f855c1a3116b74c24fa294903bc824dc], PUP.Optional.FreeGames.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\freegames4357@BestOffers\chrome\content\subscriptloader.js, In Quarantäne, [f855c1a3116b74c24fa294903bc824dc], PUP.Optional.FreeGames.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\freegames4357@BestOffers\chrome\skin\framework.css, In Quarantäne, [f855c1a3116b74c24fa294903bc824dc], PUP.Optional.MySearchDial.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\ffxtlbr@mysearchdial.com\chrome.manifest, In Quarantäne, [4ffeabb9a5d749ed46c6b47140c3857b], PUP.Optional.MySearchDial.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\ffxtlbr@mysearchdial.com\install.rdf, In Quarantäne, [4ffeabb9a5d749ed46c6b47140c3857b], PUP.Optional.MySearchDial.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\ffxtlbr@mysearchdial.com\components\FFDisp.dll, In Quarantäne, [4ffeabb9a5d749ed46c6b47140c3857b], PUP.Optional.MySearchDial.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\ffxtlbr@mysearchdial.com\content\dpk.htm, In Quarantäne, [4ffeabb9a5d749ed46c6b47140c3857b], PUP.Optional.MySearchDial.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\ffxtlbr@mysearchdial.com\content\hlprs.js, In Quarantäne, [4ffeabb9a5d749ed46c6b47140c3857b], PUP.Optional.MySearchDial.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\ffxtlbr@mysearchdial.com\content\loader.xul, In Quarantäne, [4ffeabb9a5d749ed46c6b47140c3857b], PUP.Optional.MySearchDial.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\ffxtlbr@mysearchdial.com\content\mtstart.js, In Quarantäne, [4ffeabb9a5d749ed46c6b47140c3857b], PUP.Optional.MySearchDial.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\ffxtlbr@mysearchdial.com\content\mysearchdial.css, In Quarantäne, [4ffeabb9a5d749ed46c6b47140c3857b], PUP.Optional.MySearchDial.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\ffxtlbr@mysearchdial.com\content\mysearchdial.xul, In Quarantäne, [4ffeabb9a5d749ed46c6b47140c3857b], PUP.Optional.MySearchDial.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\ffxtlbr@mysearchdial.com\content\serp.js, In Quarantäne, [4ffeabb9a5d749ed46c6b47140c3857b], PUP.Optional.MySearchDial.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\ffxtlbr@mysearchdial.com\content\tmplt.js, In Quarantäne, [4ffeabb9a5d749ed46c6b47140c3857b], PUP.Optional.MySearchDial.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\ffxtlbr@mysearchdial.com\content\imgs\arwDwn.gif, In Quarantäne, [4ffeabb9a5d749ed46c6b47140c3857b], PUP.Optional.MySearchDial.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\ffxtlbr@mysearchdial.com\content\imgs\closeo.png, In Quarantäne, [4ffeabb9a5d749ed46c6b47140c3857b], PUP.Optional.MySearchDial.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\ffxtlbr@mysearchdial.com\content\imgs\help_16.gif, In Quarantäne, [4ffeabb9a5d749ed46c6b47140c3857b], PUP.Optional.MySearchDial.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\ffxtlbr@mysearchdial.com\content\imgs\home.gif, In Quarantäne, [4ffeabb9a5d749ed46c6b47140c3857b], PUP.Optional.MySearchDial.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\ffxtlbr@mysearchdial.com\content\imgs\icon_seperator.png, In Quarantäne, [4ffeabb9a5d749ed46c6b47140c3857b], PUP.Optional.MySearchDial.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\ffxtlbr@mysearchdial.com\content\imgs\logo.PNG, In Quarantäne, [4ffeabb9a5d749ed46c6b47140c3857b], PUP.Optional.MySearchDial.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\ffxtlbr@mysearchdial.com\content\imgs\privecy_16_hot.gif, In Quarantäne, [4ffeabb9a5d749ed46c6b47140c3857b], PUP.Optional.MySearchDial.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\ffxtlbr@mysearchdial.com\content\imgs\sign.jpg, In Quarantäne, [4ffeabb9a5d749ed46c6b47140c3857b], PUP.Optional.MySearchDial.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\ffxtlbr@mysearchdial.com\content\imgs\specialoffer.gif, In Quarantäne, [4ffeabb9a5d749ed46c6b47140c3857b], PUP.Optional.MySearchDial.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\ffxtlbr@mysearchdial.com\content\imgs\tellafriend.gif, In Quarantäne, [4ffeabb9a5d749ed46c6b47140c3857b], PUP.Optional.MySearchDial.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\ffxtlbr@mysearchdial.com\content\imgs\flgs\ae.png, In Quarantäne, [4ffeabb9a5d749ed46c6b47140c3857b], PUP.Optional.MySearchDial.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\ffxtlbr@mysearchdial.com\content\imgs\flgs\bg.png, In Quarantäne, [4ffeabb9a5d749ed46c6b47140c3857b], PUP.Optional.MySearchDial.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\ffxtlbr@mysearchdial.com\content\imgs\flgs\ch.png, In Quarantäne, [4ffeabb9a5d749ed46c6b47140c3857b], PUP.Optional.MySearchDial.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\ffxtlbr@mysearchdial.com\content\imgs\flgs\cn.png, In Quarantäne, [4ffeabb9a5d749ed46c6b47140c3857b], PUP.Optional.MySearchDial.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\ffxtlbr@mysearchdial.com\content\imgs\flgs\cz.png, In Quarantäne, [4ffeabb9a5d749ed46c6b47140c3857b], PUP.Optional.MySearchDial.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\ffxtlbr@mysearchdial.com\content\imgs\flgs\de.png, In Quarantäne, [4ffeabb9a5d749ed46c6b47140c3857b], PUP.Optional.MySearchDial.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\ffxtlbr@mysearchdial.com\content\imgs\flgs\eg.png, In Quarantäne, [4ffeabb9a5d749ed46c6b47140c3857b], PUP.Optional.MySearchDial.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\ffxtlbr@mysearchdial.com\content\imgs\flgs\en.png, In Quarantäne, [4ffeabb9a5d749ed46c6b47140c3857b], PUP.Optional.MySearchDial.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\ffxtlbr@mysearchdial.com\content\imgs\flgs\es.png, In Quarantäne, [4ffeabb9a5d749ed46c6b47140c3857b], PUP.Optional.MySearchDial.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\ffxtlbr@mysearchdial.com\content\imgs\flgs\fr.png, In Quarantäne, [4ffeabb9a5d749ed46c6b47140c3857b], PUP.Optional.MySearchDial.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\ffxtlbr@mysearchdial.com\content\imgs\flgs\gr.png, In Quarantäne, [4ffeabb9a5d749ed46c6b47140c3857b], PUP.Optional.MySearchDial.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\ffxtlbr@mysearchdial.com\content\imgs\flgs\he.png, In Quarantäne, [4ffeabb9a5d749ed46c6b47140c3857b], PUP.Optional.MySearchDial.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\ffxtlbr@mysearchdial.com\content\imgs\flgs\il.png, In Quarantäne, [4ffeabb9a5d749ed46c6b47140c3857b], PUP.Optional.MySearchDial.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\ffxtlbr@mysearchdial.com\content\imgs\flgs\it.png, In Quarantäne, [4ffeabb9a5d749ed46c6b47140c3857b], PUP.Optional.MySearchDial.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\ffxtlbr@mysearchdial.com\content\imgs\flgs\ja.png, In Quarantäne, [4ffeabb9a5d749ed46c6b47140c3857b], PUP.Optional.MySearchDial.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\ffxtlbr@mysearchdial.com\content\imgs\flgs\jp.png, In Quarantäne, [4ffeabb9a5d749ed46c6b47140c3857b], PUP.Optional.MySearchDial.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\ffxtlbr@mysearchdial.com\content\imgs\flgs\nl.png, In Quarantäne, [4ffeabb9a5d749ed46c6b47140c3857b], PUP.Optional.MySearchDial.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\ffxtlbr@mysearchdial.com\content\imgs\flgs\no.png, In Quarantäne, [4ffeabb9a5d749ed46c6b47140c3857b], PUP.Optional.MySearchDial.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\ffxtlbr@mysearchdial.com\content\imgs\flgs\pl.png, In Quarantäne, [4ffeabb9a5d749ed46c6b47140c3857b], PUP.Optional.MySearchDial.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\ffxtlbr@mysearchdial.com\content\imgs\flgs\pt.png, In Quarantäne, [4ffeabb9a5d749ed46c6b47140c3857b], PUP.Optional.MySearchDial.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\ffxtlbr@mysearchdial.com\content\imgs\flgs\ro.png, In Quarantäne, [4ffeabb9a5d749ed46c6b47140c3857b], PUP.Optional.MySearchDial.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\ffxtlbr@mysearchdial.com\content\imgs\flgs\ru.png, In Quarantäne, [4ffeabb9a5d749ed46c6b47140c3857b], PUP.Optional.MySearchDial.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\ffxtlbr@mysearchdial.com\content\imgs\flgs\sa.png, In Quarantäne, [4ffeabb9a5d749ed46c6b47140c3857b], PUP.Optional.MySearchDial.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\ffxtlbr@mysearchdial.com\content\imgs\flgs\se.png, In Quarantäne, [4ffeabb9a5d749ed46c6b47140c3857b], PUP.Optional.MySearchDial.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\ffxtlbr@mysearchdial.com\content\imgs\flgs\sv.png, In Quarantäne, [4ffeabb9a5d749ed46c6b47140c3857b], PUP.Optional.MySearchDial.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\ffxtlbr@mysearchdial.com\content\imgs\flgs\tr.png, In Quarantäne, [4ffeabb9a5d749ed46c6b47140c3857b], PUP.Optional.MySearchDial.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\ffxtlbr@mysearchdial.com\content\imgs\flgs\ua.png, In Quarantäne, [4ffeabb9a5d749ed46c6b47140c3857b], PUP.Optional.MySearchDial.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\ffxtlbr@mysearchdial.com\content\imgs\flgs\us.png, In Quarantäne, [4ffeabb9a5d749ed46c6b47140c3857b], PUP.Optional.MySearchDial.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\ffxtlbr@mysearchdial.com\META-INF\manifest.mf, In Quarantäne, [4ffeabb9a5d749ed46c6b47140c3857b], PUP.Optional.MySearchDial.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\ffxtlbr@mysearchdial.com\META-INF\zigbert.rsa, In Quarantäne, [4ffeabb9a5d749ed46c6b47140c3857b], PUP.Optional.MySearchDial.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\ffxtlbr@mysearchdial.com\META-INF\zigbert.sf, In Quarantäne, [4ffeabb9a5d749ed46c6b47140c3857b], PUP.Optional.SpeedTest.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\speedtest4354@BestOffers\chrome.manifest, In Quarantäne, [7ad37aea7dffc1752afd2df8ff04e719], PUP.Optional.SpeedTest.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\speedtest4354@BestOffers\icon.png, In Quarantäne, [7ad37aea7dffc1752afd2df8ff04e719], PUP.Optional.SpeedTest.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\speedtest4354@BestOffers\install.rdf, In Quarantäne, [7ad37aea7dffc1752afd2df8ff04e719], PUP.Optional.SpeedTest.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\speedtest4354@BestOffers\chrome\content\background.html, In Quarantäne, [7ad37aea7dffc1752afd2df8ff04e719], PUP.Optional.SpeedTest.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\speedtest4354@BestOffers\chrome\content\button.js, In Quarantäne, [7ad37aea7dffc1752afd2df8ff04e719], PUP.Optional.SpeedTest.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\speedtest4354@BestOffers\chrome\content\button.xml, In Quarantäne, [7ad37aea7dffc1752afd2df8ff04e719], PUP.Optional.SpeedTest.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\speedtest4354@BestOffers\chrome\content\config.js, In Quarantäne, [7ad37aea7dffc1752afd2df8ff04e719], PUP.Optional.SpeedTest.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\speedtest4354@BestOffers\chrome\content\content.js, In Quarantäne, [7ad37aea7dffc1752afd2df8ff04e719], PUP.Optional.SpeedTest.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\speedtest4354@BestOffers\chrome\content\framework.js, In Quarantäne, [7ad37aea7dffc1752afd2df8ff04e719], PUP.Optional.SpeedTest.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\speedtest4354@BestOffers\chrome\content\framework.png, In Quarantäne, [7ad37aea7dffc1752afd2df8ff04e719], PUP.Optional.SpeedTest.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\speedtest4354@BestOffers\chrome\content\framework.xul, In Quarantäne, [7ad37aea7dffc1752afd2df8ff04e719], PUP.Optional.SpeedTest.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\speedtest4354@BestOffers\chrome\content\icon128.ico, In Quarantäne, [7ad37aea7dffc1752afd2df8ff04e719], PUP.Optional.SpeedTest.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\speedtest4354@BestOffers\chrome\content\icon128.png, In Quarantäne, [7ad37aea7dffc1752afd2df8ff04e719], PUP.Optional.SpeedTest.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\speedtest4354@BestOffers\chrome\content\icon16.ico, In Quarantäne, [7ad37aea7dffc1752afd2df8ff04e719], PUP.Optional.SpeedTest.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\speedtest4354@BestOffers\chrome\content\icon16.png, In Quarantäne, [7ad37aea7dffc1752afd2df8ff04e719], PUP.Optional.SpeedTest.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\speedtest4354@BestOffers\chrome\content\icon18.ico, In Quarantäne, [7ad37aea7dffc1752afd2df8ff04e719], PUP.Optional.SpeedTest.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\speedtest4354@BestOffers\chrome\content\icon18.png, In Quarantäne, [7ad37aea7dffc1752afd2df8ff04e719], PUP.Optional.SpeedTest.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\speedtest4354@BestOffers\chrome\content\icon24.ico, In Quarantäne, [7ad37aea7dffc1752afd2df8ff04e719], PUP.Optional.SpeedTest.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\speedtest4354@BestOffers\chrome\content\icon24.png, In Quarantäne, [7ad37aea7dffc1752afd2df8ff04e719], PUP.Optional.SpeedTest.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\speedtest4354@BestOffers\chrome\content\icon32.ico, In Quarantäne, [7ad37aea7dffc1752afd2df8ff04e719], PUP.Optional.SpeedTest.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\speedtest4354@BestOffers\chrome\content\icon32.png, In Quarantäne, [7ad37aea7dffc1752afd2df8ff04e719], PUP.Optional.SpeedTest.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\speedtest4354@BestOffers\chrome\content\icon48.ico, In Quarantäne, [7ad37aea7dffc1752afd2df8ff04e719], PUP.Optional.SpeedTest.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\speedtest4354@BestOffers\chrome\content\icon48.png, In Quarantäne, [7ad37aea7dffc1752afd2df8ff04e719], PUP.Optional.SpeedTest.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\speedtest4354@BestOffers\chrome\content\icon64.ico, In Quarantäne, [7ad37aea7dffc1752afd2df8ff04e719], PUP.Optional.SpeedTest.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\speedtest4354@BestOffers\chrome\content\icon64.png, In Quarantäne, [7ad37aea7dffc1752afd2df8ff04e719], PUP.Optional.SpeedTest.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\speedtest4354@BestOffers\chrome\content\jquery-1.9.1.min.js, In Quarantäne, [7ad37aea7dffc1752afd2df8ff04e719], PUP.Optional.SpeedTest.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\speedtest4354@BestOffers\chrome\content\options.xul, In Quarantäne, [7ad37aea7dffc1752afd2df8ff04e719], PUP.Optional.SpeedTest.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\speedtest4354@BestOffers\chrome\content\rjs.js, In Quarantäne, [7ad37aea7dffc1752afd2df8ff04e719], PUP.Optional.SpeedTest.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\speedtest4354@BestOffers\chrome\content\settings.json, In Quarantäne, [7ad37aea7dffc1752afd2df8ff04e719], PUP.Optional.SpeedTest.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\speedtest4354@BestOffers\chrome\content\subscriptloader.js, In Quarantäne, [7ad37aea7dffc1752afd2df8ff04e719], PUP.Optional.SpeedTest.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\speedtest4354@BestOffers\chrome\skin\framework.css, In Quarantäne, [7ad37aea7dffc1752afd2df8ff04e719], PUP.Optional.SimpleNewTab.A, C:\Users\Verena\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmgkeimkiojpjcoiiipekfjaopchhjga\1.0.0_0\manifest.json, In Quarantäne, [3b12cc98304cba7c7ad70f1f9e65dc24], PUP.Optional.SimpleNewTab.A, C:\Users\Verena\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmgkeimkiojpjcoiiipekfjaopchhjga\1.0.0_0\newtab.js, In Quarantäne, [3b12cc98304cba7c7ad70f1f9e65dc24], PUP.Optional.SimpleNewTab.A, C:\Users\Verena\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmgkeimkiojpjcoiiipekfjaopchhjga\1.0.0_0\options.html, In Quarantäne, [3b12cc98304cba7c7ad70f1f9e65dc24], PUP.Optional.SimpleNewTab.A, C:\Users\Verena\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmgkeimkiojpjcoiiipekfjaopchhjga\1.0.0_0\options.js, In Quarantäne, [3b12cc98304cba7c7ad70f1f9e65dc24], PUP.Optional.SimpleNewTab.A, C:\Users\Verena\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmgkeimkiojpjcoiiipekfjaopchhjga\1.0.0_0\snt.html, In Quarantäne, [3b12cc98304cba7c7ad70f1f9e65dc24], PUP.Optional.OfferMosquito.A, C:\Users\Verena\AppData\Local\Google\Chrome\User Data\Default\ext_offermosquito\ext_offermosquito.crx, In Quarantäne, [58f5164efd7fb086b0a64ae41be8a25e], PUP.Optional.IePluginServices.A, C:\ProgramData\IePluginServices\update\conf, In Quarantäne, [202d521297e51422bc2caa8a59aad22e], PUP.Optional.FastStart.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\faststartff@gmail.com\install.rdf, In Quarantäne, [f954ff6592ea85b1ce3d85b1b350cc34], PUP.Optional.FastStart.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\faststartff@gmail.com\chrome\content\index.html, In Quarantäne, [f954ff6592ea85b1ce3d85b1b350cc34], PUP.Optional.FastStart.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\faststartff@gmail.com\chrome\content\quick_start.xul, In Quarantäne, [f954ff6592ea85b1ce3d85b1b350cc34], PUP.Optional.FastStart.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\faststartff@gmail.com\chrome\skin\default_logo.png, In Quarantäne, [f954ff6592ea85b1ce3d85b1b350cc34], PUP.Optional.FastStart.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\faststartff@gmail.com\chrome\skin\googlelogo.png, In Quarantäne, [f954ff6592ea85b1ce3d85b1b350cc34], PUP.Optional.FastStart.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\faststartff@gmail.com\chrome\skin\google_trends.png, In Quarantäne, [f954ff6592ea85b1ce3d85b1b350cc34], PUP.Optional.FastStart.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\faststartff@gmail.com\chrome\skin\icon.png, In Quarantäne, [f954ff6592ea85b1ce3d85b1b350cc34], PUP.Optional.FastStart.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\faststartff@gmail.com\chrome\skin\loading.gif, In Quarantäne, [f954ff6592ea85b1ce3d85b1b350cc34], PUP.Optional.FastStart.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\faststartff@gmail.com\chrome\skin\logo.png, In Quarantäne, [f954ff6592ea85b1ce3d85b1b350cc34], PUP.Optional.FastStart.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\faststartff@gmail.com\chrome\skin\simple.css, In Quarantäne, [f954ff6592ea85b1ce3d85b1b350cc34], PUP.Optional.FastStart.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\faststartff@gmail.com\chrome\skin\style.css, In Quarantäne, [f954ff6592ea85b1ce3d85b1b350cc34], PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\log\ProtectWindowsManager_2014-11-01[11-30-43-607].log, In Quarantäne, [1736df85324a999d58ed41f6cc379e62], PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\update\conf, In Quarantäne, [1736df85324a999d58ed41f6cc379e62], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\ient.json, In Quarantäne, [6be20f55cab2063071e0b5883ec5d62a], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\bk_shadow.png, In Quarantäne, [6be20f55cab2063071e0b5883ec5d62a], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\btn.png, In Quarantäne, [6be20f55cab2063071e0b5883ec5d62a], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\close.png, In Quarantäne, [6be20f55cab2063071e0b5883ec5d62a], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\main.xml, In Quarantäne, [6be20f55cab2063071e0b5883ec5d62a], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\main.xml.bak, In Quarantäne, [6be20f55cab2063071e0b5883ec5d62a], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\image\ck_box.png, In Quarantäne, [6be20f55cab2063071e0b5883ec5d62a], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\image\ck_check.png, In Quarantäne, [6be20f55cab2063071e0b5883ec5d62a], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\image\radio_bk.png, In Quarantäne, [6be20f55cab2063071e0b5883ec5d62a], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\image\radio_check.png, In Quarantäne, [6be20f55cab2063071e0b5883ec5d62a], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\data.html, In Quarantäne, [6be20f55cab2063071e0b5883ec5d62a], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\indexIE.html, In Quarantäne, [6be20f55cab2063071e0b5883ec5d62a], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\indexIE8.html, In Quarantäne, [6be20f55cab2063071e0b5883ec5d62a], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\main.css, In Quarantäne, [6be20f55cab2063071e0b5883ec5d62a], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\ver.txt, In Quarantäne, [6be20f55cab2063071e0b5883ec5d62a], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\google_trends.png, In Quarantäne, [6be20f55cab2063071e0b5883ec5d62a], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\icon128.png, In Quarantäne, [6be20f55cab2063071e0b5883ec5d62a], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\icon16.png, In Quarantäne, [6be20f55cab2063071e0b5883ec5d62a], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\icon48.png, In Quarantäne, [6be20f55cab2063071e0b5883ec5d62a], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\loading.gif, In Quarantäne, [6be20f55cab2063071e0b5883ec5d62a], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\en-US\messages.json, In Quarantäne, [6be20f55cab2063071e0b5883ec5d62a], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-419\messages.json, In Quarantäne, [6be20f55cab2063071e0b5883ec5d62a], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-ES\messages.json, In Quarantäne, [6be20f55cab2063071e0b5883ec5d62a], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-BE\messages.json, In Quarantäne, [6be20f55cab2063071e0b5883ec5d62a], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CA\messages.json, In Quarantäne, [6be20f55cab2063071e0b5883ec5d62a], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CH\messages.json, In Quarantäne, [6be20f55cab2063071e0b5883ec5d62a], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-FR\messages.json, In Quarantäne, [6be20f55cab2063071e0b5883ec5d62a], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-LU\messages.json, In Quarantäne, [6be20f55cab2063071e0b5883ec5d62a], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-CH\messages.json, In Quarantäne, [6be20f55cab2063071e0b5883ec5d62a], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-IT\messages.json, In Quarantäne, [6be20f55cab2063071e0b5883ec5d62a], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pl\messages.json, In Quarantäne, [6be20f55cab2063071e0b5883ec5d62a], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt\messages.json, In Quarantäne, [6be20f55cab2063071e0b5883ec5d62a], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt-BR\messages.json, In Quarantäne, [6be20f55cab2063071e0b5883ec5d62a], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru\messages.json, In Quarantäne, [6be20f55cab2063071e0b5883ec5d62a], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru-MO\messages.json, In Quarantäne, [6be20f55cab2063071e0b5883ec5d62a], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\tr-TR\messages.json, In Quarantäne, [6be20f55cab2063071e0b5883ec5d62a], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\vi-VI\messages.json, In Quarantäne, [6be20f55cab2063071e0b5883ec5d62a], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-CN\messages.json, In Quarantäne, [6be20f55cab2063071e0b5883ec5d62a], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-TW\messages.json, In Quarantäne, [6be20f55cab2063071e0b5883ec5d62a], PUP.Optional.BetterAds.A, C:\Users\Verena\AppData\Local\MediaBA\betterads.crx, In Quarantäne, [3a135e06710bfb3b85e6b58d8b78758b], PUP.Optional.GboxApp.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\prefs.js, Gut: (), Schlecht: (user_pref("browser.startup.homepage", "hxxp://search.gboxapp.com/");), Ersetzt,[68e586de710b5cda6c2901a90203d52b] PUP.Optional.MySearchDial.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\prefs.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.AL", 2);), Ersetzt,[74d9075dd6a6e05690d69b119471619f] PUP.Optional.MySearchDial.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\prefs.js, Gut: (), Schlecht: (ser Preferences /* Do not edit this file. * * If y), Ersetzt,[3716194b9ede2f070462406c36cf9b65] PUP.Optional.MySearchDial.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\prefs.js, Gut: (), Schlecht: (ces /* Do not edit this file. * * If you make changes to this file while the app), Ersetzt,[76d7bba997e5330380e6f5b70df84bb5] PUP.Optional.MySearchDial.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\prefs.js, Gut: (), Schlecht: ( * * If you make changes to this file while the application is running, * the changes will be overwritten when the application exits. * * To make a ), Ersetzt,[7ecfd88cc1bba88e54121696808511ef] PUP.Optional.MySearchDial.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\prefs.js, Gut: (), Schlecht: (g, * the changes will be overwritten when the a), Ersetzt,[75d86cf8027ade582c3a6844f0158779] PUP.Optional.MySearchDial.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\prefs.js, Gut: (), Schlecht: (eferences /* Do not edit this file. * * If you ma), Ersetzt,[74d9154f8bf155e1c0a6416b6b9a26da] PUP.Optional.MySearchDial.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\prefs.js, Gut: (), Schlecht: (nces /* Do not edit this file. * * If you ma), Ersetzt,[0e3f7ce8ea92f541b7af5953f31222de] PUP.Optional.MySearchDial.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\prefs.js, Gut: (), Schlecht: (eferences /* Do not edit this file. * * If you ), Ersetzt,[0548b1b31f5d6bcb0660f3b957ae0cf4] PUP.Optional.MySearchDial.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\prefs.js, Gut: (), Schlecht: (rences /* Do not edit this file. * * If you m), Ersetzt,[0f3e87ddb3c9a78f79ed1498d530619f] PUP.Optional.MySearchDial.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\prefs.js, Gut: (), Schlecht: (ferences /* Do not edit this file. * * If you make changes to this file while the application is running, * the changes will be overwritten when the application exits. * * To make a manual change to preferences, you can visit the URL about:config */ user_pref("accessibility.typeaheadfind.flashBar", 0); user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1416327943); user_pref("app.update.lastUpdateTime.background-update-timer", 1416674828); user_pref("app.update.lastUpdateTime.blocklist-background-update-timer", 1416328063); user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails"), Ersetzt,[b09d97cdf78579bd5313545823e2dd23] PUP.Optional.MySearchDial.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\prefs.js, Gut: (), Schlecht: (.update.lastUpdateTime.browser-cleanup-thumbnails", 14), Ersetzt,[78d52e364d2f0e28acba406c44c126da] PUP.Optional.MySearchDial.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\prefs.js, Gut: (), Schlecht: (nces /* Do not edit this file. * * If you make chan), Ersetzt,[b69799cb007c979f5214e5c77a8bd927] PUP.Optional.MySearchDial.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\prefs.js, Gut: (), Schlecht: (es /* Do not edit this file. * * If you make ch), Ersetzt,[85c8560e1e5e45f14d198a22887d1de3] PUP.Optional.MySearchDial.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\prefs.js, Gut: (), Schlecht: (rences /* Do not edit this file. * * If you make changes to this file while), Ersetzt,[16375e067c009e98f27409a36a9b8b75] PUP.Optional.MySearchDial.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\prefs.js, Gut: (), Schlecht: (file. * * If you make changes to this file w), Ersetzt,[80cdde865f1d6bcb0c5a9d0f09fc1de3] PUP.Optional.MySearchDial.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\prefs.js, Gut: (), Schlecht: (references /* Do not edit this file. * * If you make changes to this file while the application is running, * the changes will be overwritten when the application exits. * * To make a manual change to preferences, you ca), Ersetzt,[aba24c18304cc0760462d2da5ea7c937] PUP.Optional.MySearchDial.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\prefs.js, Gut: (), Schlecht: (* To make a manual change to preferences, you can visit the ), Ersetzt,[f954b7ada6d6082e1353c5e7cf3635cb] PUP.Optional.MySearchDial.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\prefs.js, Gut: (), Schlecht: (/* Do not edit this file. * * If you make changes t), Ersetzt,[52fb73f1b6c68aac79ed5f4d12f3d62a] PUP.Optional.MySearchDial.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\prefs.js, Gut: (), Schlecht: (ces /* Do not edit this file. * * If you make), Ersetzt,[95b83f25631982b4372fdad21bea11ef] PUP.Optional.MySearchDial.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\prefs.js, Gut: (), Schlecht: (ferences /* Do not edit this file. * * If you make changes to this file while the application is running, * the changes will be overwritten when the application exits. * * To make a manual change to preferences, you can v), Ersetzt,[c08def75a1db51e5acba18946f9634cc] PUP.Optional.MySearchDial.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\prefs.js, Gut: (), Schlecht: ( To make a manual change to preferences, you can vis), Ersetzt,[65e885dfa4d8cd69bcaa00ac30d535cb] PUP.Optional.MySearchDial.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\prefs.js, Gut: (), Schlecht: (rences /* Do not edit this file. * * If you make changes to this file while the application is running, * the changes will be overwritten when the application exits. * * To make a manual change to preferences, you can visi), Ersetzt,[82cb0064c3b9063068fe723a51b4916f] PUP.Optional.MySearchDial.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\prefs.js, Gut: (), Schlecht: (To make a manual change to preferences, you can visit the URL about:config */ user_pref("accessibility.typeaheadfind.flashBar", 0); user_pref("app.update.lastUpdateTime.addon-backgr), Ersetzt,[de6f9cc8c0bc61d51353327a2ed749b7] PUP.Optional.MySearchDial.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\prefs.js, Gut: (), Schlecht: (overwritten when the application exits. * * To make a m), Ersetzt,[420bd292a8d4b680ec7ab2faf3124cb4] PUP.Optional.MySearchDial.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\prefs.js, Gut: (), Schlecht: ( /* Do not edit this file. * * If you make changes to thi), Ersetzt,[44091252b9c366d03d293e6e828330d0] PUP.Optional.MySearchDial.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\prefs.js, Gut: (), Schlecht: (* Do not edit this file. * * If you make changes ), Ersetzt,[2627d58f6319e353bbab9c10f60fd52b] PUP.Optional.MySearchDial.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\prefs.js, Gut: (), Schlecht: (ences /* Do not edit this file. * * If you make changes to), Ersetzt,[86c7b6aed7a5b87e77ef07a56f961ce4] PUP.Optional.MySearchDial.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\prefs.js, Gut: (), Schlecht: (Do not edit this file. * * If you make changes t), Ersetzt,[47064e16a5d74ee8e77f3973c3422ed2] PUP.Optional.MySearchDial.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\prefs.js, Gut: (), Schlecht: (rences /* Do not edit this file. * * If you make changes to this file while the application is running, * the changes will be overwritten when the application exits. * * To make a manual change to preferences, you can visit the), Ersetzt,[7ad35113e9933afc4521f2ba12f302fe] PUP.Optional.MySearchDial.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\prefs.js, Gut: (), Schlecht: (ke a manual change to preferences, you can visit the U), Ersetzt,[fa536cf8225a60d6e28443693cc95aa6] PUP.Optional.MySearchDial.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\prefs.js, Gut: (), Schlecht: (nces /* Do not edit this file. * * If you make cha), Ersetzt,[6ce123413b416ec8f4720ba1bb4a12ee] PUP.Optional.MySearchDial.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\prefs.js, Gut: (), Schlecht: (ferences /* Do not edit this file. * * If you ma), Ersetzt,[2726bda7d3a97db995d102aa887d0000] PUP.Optional.MySearchDial.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\prefs.js, Gut: (), Schlecht: (ences /* Do not edit this file. * * If you make ch), Ersetzt,[a3aad1932d4f2c0a84e2218bcd3826da] PUP.Optional.MySearchDial.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\prefs.js, Gut: (), Schlecht: (ces /* Do not edit this file. * * If you make changes to this), Ersetzt,[29243c286715e94d94d2f0bcf0154db3] PUP.Optional.MySearch.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\user.js, Gut: (), Schlecht: (user_pref("extensions.irmysearch.aflt", "irmsd0101");), Ersetzt,[0647fb69bdbf40f6d688208c4bbacf31] PUP.Optional.MySearch.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\user.js, Gut: (), Schlecht: (ysearchdial.hmpg", true); user_pref("extensions), Ersetzt,[f15c1e46bebeab8b72ecc1eb9d6830d0] PUP.Optional.MySearch.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\user.js, Gut: (), Schlecht: (ons.mysearchdial.hmpg", true); user_pref("extension), Ersetzt,[d578f074b6c6f83e045aedbf70951fe1] PUP.Optional.MySearch.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\user.js, Gut: (), Schlecht: (mysearchdial.hmpg", true); user_pref("extensions.mysearchdial.hmpgUrl", "hxxp://start.mysearchdial.com/?f=1&a=irmsd0101&cd=2XzuyEtN2Y1L1Qzu0EyE0DyDtA0D0AtC), Ersetzt,[04493232d4a849ed302efcb0e223dd23] PUP.Optional.MySearchDial.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\user.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.hmpg", true);), Ersetzt,[aaa3f07445370531f3740f9dce37aa56] PUP.Optional.MySearchDial.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\user.js, Gut: (), Schlecht: (sions.mysearchdial.hmpg", true); user_pref("extensions.mysearchdial.hmpgUrl", "hxxp://start.mysearchdial.com/?f=1&a=irmsd0101&cd=2XzuyEtN2Y1L1Qzu0EyE0DyDtA0D0AtCzyyCyEyEyEyC0C0EtN0D0Tzu0SyByDtDtN1L2XzutBtFtBtFtCyDtFtCyDzytBtN1L1Cz), Ersetzt,[103d5c089edeed49d2955c50699cb749] PUP.Optional.MySearchDial.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\user.js, Gut: (), Schlecht: (Tzu0SyByDtDtN1L2XzutBtFtBtFtCyDtFtCyDzytBtN1L1CzutDz), Ersetzt,[6de03331324a7cbaff6808a40cf97b85] PUP.Optional.MySearchDial.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\user.js, Gut: (), Schlecht: (s.mysearchdial.hmpg", true); user_pref("extensions.mysearchdia), Ersetzt,[47060d57bbc14ee85e099e0e867f56aa] PUP.Optional.MySearchDial.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\user.js, Gut: (), Schlecht: (ial.hmpg", true); user_pref("extensions.mysearchd), Ersetzt,[1f2e01636e0e90a67bec4b61fd08ae52] PUP.Optional.MySearchDial.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\user.js, Gut: (), Schlecht: (ons.mysearchdial.hmpg", true); user_pref("extensions), Ersetzt,[c08d2f35275550e64423affdf60fba46] PUP.Optional.MySearchDial.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\user.js, Gut: (), Schlecht: (.mysearchdial.hmpg", true); user_pref("extensions.mysearchdial.hmpgUrl", "hxxp://start.mysearchdial.com/?f=1&a=irmsd0101&cd=2XzuyEtN2Y1L1Qzu0EyE0DyDtA0D0AtCzyyCyEyEyEyC0C0EtN0D0Tzu0SyByDtDtN1L2XzutBtFtBtFtCyDtFtCyDzytBtN1L1CzutDzytD), Ersetzt,[7ad3560e384479bdafb8307c61a48878] PUP.Optional.MySearchDial.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\user.js, Gut: (), Schlecht: (u0SyByDtDtN1L2XzutBtFtBtFtCyDtFtCyDzytBtN1L1CzutDzytDtCtG1T&cr=1780154535&ir="); user_pref("extensions.mysearchdial.dfltSrch", true); user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial"); user_pref("extensions.mysearchdial.dn), Ersetzt,[fb521f4579035dd998cf2a8221e4d22e] PUP.Optional.MySearchDial.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\user.js, Gut: (), Schlecht: (yDtDtN1L2XzutBtFtBtFtCyDtFtCyDzytBtN1L1CzutDzytDtCtG1T&cr=17), Ersetzt,[282572f2f785191d392ecede11f44fb1] PUP.Optional.MySearchDial.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\user.js, Gut: (), Schlecht: (chdial.hmpg", true); user_pref("extensions.mysearchdia), Ersetzt,[c88583e1b4c832046ff8fdafa560c040] PUP.Optional.MySearchDial.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\user.js, Gut: (), Schlecht: (ysearchdial.hmpg", true); user_pref("extensions.mysea), Ersetzt,[202dd193c1bbee4892d5624a08fd35cb] PUP.Optional.MySearchDial.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\user.js, Gut: (), Schlecht: (mysearchdial.hmpg", true); user_pref("extensions.mysea), Ersetzt,[82cb1252c4b875c1382f5e4e3dc86e92] PUP.Optional.MySearchDial.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\user.js, Gut: (), Schlecht: (ysearchdial.hmpg", true); user_pref("extensions.mysearchdial.hmpg), Ersetzt,[3d104f15423a58dea8bf1a929d68b848] PUP.Optional.MySearchDial.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\user.js, Gut: (), Schlecht: (.hmpg", true); user_pref("extensions.mysearchdial.hmpgUrl", ), Ersetzt,[87c6dc88ccb0f6401a4db7f5f90c51af] PUP.Optional.MySearchDial.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\user.js, Gut: (), Schlecht: (hdial.hmpg", true); user_pref("extensions.mysearchdial.hmp), Ersetzt,[3e0fdf8503793bfb78efab010500ae52] PUP.Optional.MySearchDial.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\user.js, Gut: (), Schlecht: (rchdial.hmpg", true); user_pref("extensions.mysearchdi), Ersetzt,[aca173f1720aee48481f208cfe07a060] PUP.Optional.MySearchDial.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\user.js, Gut: (), Schlecht: (ysearchdial.hmpg", true); user_pref("extensions.mysear), Ersetzt,[b499abb984f8b77f70f7763652b351af] PUP.Optional.MySearchDial.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\user.js, Gut: (), Schlecht: (ysearchdial.hmpg", true); user_pref("extensions.mys), Ersetzt,[53fa5d07235957df5e092785dc29a35d] PUP.Optional.MySearchDial.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\user.js, Gut: (), Schlecht: (s.mysearchdial.hmpg", true); user_pref("extension), Ersetzt,[b19cf56ffd7f8ea86ff873392adb639d] PUP.Optional.MySearchDial.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\user.js, Gut: (), Schlecht: (ons.mysearchdial.hmpg", true); user_pref("extens), Ersetzt,[321b74f05c204cea3d2adad2848118e8] PUP.Optional.MySearchDial.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\user.js, Gut: (), Schlecht: (ions.mysearchdial.hmpg", true); user_pref("extensions.mysearchdial.hmpgUrl", "http:/), Ersetzt,[d27b1252651730060760cede06ff41bf] PUP.Optional.MySearchDial.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\user.js, Gut: (), Schlecht: (r_pref("extensions.mysearchdial.hmpgUrl", "hxxp://st), Ersetzt,[98b5055fbcc0e94da4c37636fc09a35d] PUP.Optional.MySearchDial.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\user.js, Gut: (), Schlecht: (ons.mysearchdial.hmpg", true); user_pref("extensions.), Ersetzt,[321b4d17aad23df9d88fe7c55da85ca4] PUP.Optional.MySearchDial.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\user.js, Gut: (), Schlecht: (mysearchdial.hmpg", true); user_pref("extensions.mysearchdial.hmpgUrl", "hxxp://start.mysearchdial.com/?f=1&a=irmsd0101&cd=2XzuyEtN2Y1L1Qzu0EyE0DyDtA0D0AtCzy), Ersetzt,[5bf2cd97aecefa3c046329833dc82cd4] PUP.Optional.MySearchDial.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\user.js, Gut: (), Schlecht: (?f=1&a=irmsd0101&cd=2XzuyEtN2Y1L1Qzu0EyE0Dy), Ersetzt,[db72550f0b7169cd2d3a9517e81dd32d] PUP.Optional.MySearchDial.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\user.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.hmpgUrl", "hxxp://start.mysearchdial.com/?f=1&a=irmsd0101&cd=2XzuyEtN2Y1L1Qzu0EyE0DyDtA0D0AtCzyyCyEyEyEyC0C0EtN0D0Tzu0SyByDtDtN1L2XzutBtFtBtFtCyDtFtCyDzytBtN1L1CzutDzytDtCtG1T&cr=1780154535&ir=");), Ersetzt,[9cb1ec7895e79a9c2246bfedf015ec14] PUP.Optional.MySearchDial.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\user.js, Gut: (), Schlecht: ("Mysearchdial"); user_pref("extensions.mysearchdial.dnsErr", true); user_pref("extensions.mysearchdial_i.newTab", false); user_pref("extensions.mysearchdial.newTabUrl", "hxxp://start.mysearchdial.com/?f=2&a=irmsd0101&cd=2XzuyEtN2Y), Ersetzt,[064790d488f480b6f37576364abb6898] PUP.Optional.MySearchDial.A, C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\user.js, Gut: (), Schlecht: (1Qzu0EyE0DyDtA0D0AtCzyyCyEyEyEyC0C0EtN0D0Tzu0SyByDtDtN1L2XzutBtFtBtFtCyDtFtCyDzytBtN1L1CzutDzytDtCtG1T&cr=1780154535&ir="); user_pref("extensions.mysearchdial.dfltSrch", true); user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdia), Ersetzt,[ce7fb4b0611ba4924e1a248856af718f] Physische Sektoren: 0 (Keine schädliche Elemente erkannt) (end) |
|
18.12.2014, 22:50
| #8 |
| | Deinstallation von PC Performer Das von AdwCleaner: Code:
ATTFilter # AdwCleaner v4.105 - Bericht erstellt am 18/12/2014 um 22:18:10
# Aktualisiert 08/12/2014 von Xplode
# Database : 2014-12-16.1 [Live]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Verena - VERENA-PC
# Gestartet von : C:\Users\Verena\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MDHLABU8\AdwCleaner_4.105.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\websaver
Ordner Gelöscht : C:\ProgramData\499c43985399aa96
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\open it!
Ordner Gelöscht : C:\Program Files (x86)\openit
Ordner Gelöscht : C:\Program Files (x86)\vGrabber-software
Ordner Gelöscht : C:\Users\Verena\AppData\Local\genienext
Ordner Gelöscht : C:\Users\Verena\AppData\Local\Mobogenie
Ordner Gelöscht : C:\Users\Verena\AppData\Local\Software
Ordner Gelöscht : C:\Users\Verena\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z
Ordner Gelöscht : C:\Users\Verena\AppData\Roaming\DigitalSites
Ordner Gelöscht : C:\Users\Verena\AppData\Roaming\PerformerSoft
Ordner Gelöscht : C:\Users\Verena\AppData\Roaming\Security Systems
Ordner Gelöscht : C:\Users\Verena\Documents\Mobogenie
Ordner Gelöscht : C:\Users\Verena\Documents\Optimizer Pro
Ordner Gelöscht : C:\Users\Verena\AppData\Local\Google\Chrome\User Data\Default\Extensions\cacclhdpfoingihegojhoipnihfnoaki
Ordner Gelöscht : C:\Users\Verena\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Ordner Gelöscht : C:\Users\Verena\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfenflmklmpohipcckmagnmbmbibnolo
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Users\Verena\daemonprocess.txt
Datei Gelöscht : C:\Users\Verena\AppData\LocalLow\SkwConfig.bin
Datei Gelöscht : C:\Users\Verena\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mobogenie.lnk
Datei Gelöscht : C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\invalidprefs.js
Datei Gelöscht : C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\user.js
***** [ Tasks ] *****
Task Gelöscht : PC Performer
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\cacclhdpfoingihegojhoipnihfnoaki
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\AddonsFramework.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\ButtonSite.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\ScriptHost.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\BackgroundHost.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\.
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\..9
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SoftCoup.SoftCoup
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SoftCoup.SoftCoup.9
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\WowCoupon.WowCoupon
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\WowCoupon.WowCoupon.9
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{18B9B16E-716F-43DF-A6AD-512C7D2EB983}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{19975B78-1907-4DD6-A437-4C48120F46A4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{562B9316-C08A-444A-9482-62080DD851AE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{562B9317-C08A-444A-9482-62080DD851AE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{75CC1BBE-D96F-45DF-A622-D60BFA8AF49E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E09EF104-3849-47F4-B005-A120558F3FEF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FB61B649-3FC8-4754-89A2-501456130AB5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{2938fdcb-0797-4627-b111-e5dc14d88fe4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6e06b38e-808c-4648-9545-7f97eaa4899e}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{a1f6f650-d786-467a-9fb5-c7dc558f2781}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{ee5c5c14-ba82-4f60-8acc-e9b0229b21a9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{045F91B3-695F-423A-98C7-8DE3C47AA020}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1348BD1B-C32A-41A7-9BD4-5377AA1AB925}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2D017725-74A0-4513-913D-2939ADF6D0F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3061B3C3-8B7F-4DBD-82DF-0B6CE9AA60E8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{395AFE6E-8308-48DB-89BE-ED5F4AA3D3EC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{43969E3F-3E7C-4911-A8F1-79C6CA6AC731}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{43B390F0-6BA2-45CA-ABF2-5DB0CEE9B49D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{458BD324-E5D0-412C-954D-EDFD69A59ED9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{806ED5AF-3ED0-454C-BE4E-6644DD7BEDD1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9275FE6D-8F84-4CA5-97E7-DD3AFD5E4BDE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{94CADA2E-1D3F-419F-8A3D-06C58EDF53C8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9ADA5C62-B227-45A9-9D77-E5609A43E943}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E52EB8B-8DD9-4605-AD36-D352BCD482F2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A1440EC3-F0FA-407A-B811-DE6668C06D29}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A37DD83A-DABA-4EF0-98AA-CDDA88839172}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A70CA55D-8EE5-4997-8BC3-B341E36ACBBA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B5445928-B77D-474B-84F6-6F1323CA5701}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B9A84AD0-5777-46FD-8B8F-1EBD06750FBC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BBBE01ED-0F1E-44DB-88C1-5CC1AEE3B462}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BE6C7021-0352-4A7E-8A5B-46126353049E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C1995F88-1C7F-40D7-B0FA-6F107F6308B8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C815E3DA-0823-49B0-9270-D1771D58B317}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D2AA22AE-2103-4D78-9C0D-46DE64EE0ED7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D94BA844-0355-4F02-97F2-6856CD94FE66}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DFBED68E-BBF6-454A-940F-C84C7E7B4CE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E4A994B0-5550-4680-A4C6-B9470B888069}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EE95078D-518C-4FD2-8093-FD1D4E33D3CA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F4F96034-2761-4BAF-B906-E4B59E5D50EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F9EB11AB-9384-4736-9B33-993940F88895}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FE42F7F2-D931-40CD-ACE7-7B47383ACE25}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{3013E03D-89D5-4580-8560-DB198297CC29}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{53FDCCB0-2404-4274-9002-5A3A1FD40426}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{B69509B5-4A90-4433-A2DE-BE439F6581F2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2938fdcb-0797-4627-b111-e5dc14d88fe4}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6e06b38e-808c-4648-9545-7f97eaa4899e}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{a1f6f650-d786-467a-9fb5-c7dc558f2781}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{ee5c5c14-ba82-4f60-8acc-e9b0229b21a9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8DCB7100-DF86-4384-8842-8FA844297B3F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2938fdcb-0797-4627-b111-e5dc14d88fe4}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6e06b38e-808c-4648-9545-7f97eaa4899e}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{a1f6f650-d786-467a-9fb5-c7dc558f2781}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{ee5c5c14-ba82-4f60-8acc-e9b0229b21a9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2938fdcb-0797-4627-b111-e5dc14d88fe4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6e06b38e-808c-4648-9545-7f97eaa4899e}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a1f6f650-d786-467a-9fb5-c7dc558f2781}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{ee5c5c14-ba82-4f60-8acc-e9b0229b21a9}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{75CC1BBE-D96F-45DF-A622-D60BFA8AF49E}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{E09EF104-3849-47F4-B005-A120558F3FEF}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{FB61B649-3FC8-4754-89A2-501456130AB5}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{2938fdcb-0797-4627-b111-e5dc14d88fe4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{6e06b38e-808c-4648-9545-7f97eaa4899e}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{a1f6f650-d786-467a-9fb5-c7dc558f2781}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{ee5c5c14-ba82-4f60-8acc-e9b0229b21a9}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{045F91B3-695F-423A-98C7-8DE3C47AA020}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{1348BD1B-C32A-41A7-9BD4-5377AA1AB925}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2D017725-74A0-4513-913D-2939ADF6D0F3}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3061B3C3-8B7F-4DBD-82DF-0B6CE9AA60E8}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{395AFE6E-8308-48DB-89BE-ED5F4AA3D3EC}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{43969E3F-3E7C-4911-A8F1-79C6CA6AC731}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{43B390F0-6BA2-45CA-ABF2-5DB0CEE9B49D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{458BD324-E5D0-412C-954D-EDFD69A59ED9}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{806ED5AF-3ED0-454C-BE4E-6644DD7BEDD1}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{9275FE6D-8F84-4CA5-97E7-DD3AFD5E4BDE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{94CADA2E-1D3F-419F-8A3D-06C58EDF53C8}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{9ADA5C62-B227-45A9-9D77-E5609A43E943}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{9E52EB8B-8DD9-4605-AD36-D352BCD482F2}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A1440EC3-F0FA-407A-B811-DE6668C06D29}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A37DD83A-DABA-4EF0-98AA-CDDA88839172}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A70CA55D-8EE5-4997-8BC3-B341E36ACBBA}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{B5445928-B77D-474B-84F6-6F1323CA5701}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{B9A84AD0-5777-46FD-8B8F-1EBD06750FBC}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{BBBE01ED-0F1E-44DB-88C1-5CC1AEE3B462}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{BE6C7021-0352-4A7E-8A5B-46126353049E}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C1995F88-1C7F-40D7-B0FA-6F107F6308B8}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C815E3DA-0823-49B0-9270-D1771D58B317}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D2AA22AE-2103-4D78-9C0D-46DE64EE0ED7}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D94BA844-0355-4F02-97F2-6856CD94FE66}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{DFBED68E-BBF6-454A-940F-C84C7E7B4CE6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E4A994B0-5550-4680-A4C6-B9470B888069}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{EE95078D-518C-4FD2-8093-FD1D4E33D3CA}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{F4F96034-2761-4BAF-B906-E4B59E5D50EA}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{F9EB11AB-9384-4736-9B33-993940F88895}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FE42F7F2-D931-40CD-ACE7-7B47383ACE25}
Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Schlüssel Gelöscht : HKCU\Software\PerformerSoft
Schlüssel Gelöscht : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gelöscht : HKLM\SOFTWARE\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Schlüssel Gelöscht : HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Schlüssel Gelöscht : HKLM\SOFTWARE\InstallCore
Schlüssel Gelöscht : HKLM\SOFTWARE\PerformerSoft
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1B8A71D1-31D4-EE6A-C32F-836E0BFFA6D3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2D471A31-4FA7-95BA-1880-D441113ED736}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\openit open it!
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7540FDBD-7FDC-30AE-3778-815CB87DBE46}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0702826FCAC36EE52AC0441EEEEE2170
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1198E28F40C3E185E9958608554D4253
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\15A073601B9AEC3549BE4A9314794615
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1F7C80F9CE5CDF44E9AADDC99402534C
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\206AF45B775E3A445B3B2273827DA85F
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\225C3CBCEB850204D860A6C7CC7724AF
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2310FC151CD4F185798FA0996B3524D7
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\28572D2E2DE533256AC6B560EA573C22
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29C79786B109AC443B0DC7BFD61B1896
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2ABB56EABB920EB59B04BDDD26A62083
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2DABA02DFED47E352A2FA2EBDD6F6187
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\311567B4A9A002050BB9423FD73FB880
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\373FCED70D7F84E5FB5F3F7B76BEE024
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3BE992C130B235E53A2937391FDCA35B
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3DA5F64B3483DE549947A9164ACBAD21
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3ED93605BB9B6635E9D0D86615AF31F1
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4759B017032BA185F9BA6F7DBC95A2D4
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4A78ABCBB54E46E5482A3EE0AD66C39E
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4F9E947B6B895EB5A86757FC5D3DB862
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4FEEA83BF72B97E43A2DF0EE4BE4F261
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\509EC7EFB89B7D942997574AB14037A4
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\50A730A9A3A61BF5BA70CA8A3B7C133B
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\51A95A1D4CDE4F958A9451FBB39BF54A
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\536133807DE80465BA6CD0A9742B7DE5
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5E25036E68895D45B95E72D1C3C58C74
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\60ECC80C54085B141A40437A96CA2618
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\60FD8CD5BE007315CA3B5C7E41F24017
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\618E7D05458C4F257909ED9C8CDC0D66
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\621C21014D3C152529E2460FA6304EE3
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6241FF6F317CABD4EBBEE0DE9076BD94
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\636B9C23C79154B57AB561F39A139BFD
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\65AAF0F0CB7F0B45F900FDF19CEAAF2B
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6879A5E348601C45986308CA84958E94
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6A6F3B7A9805E1F5492A1020EEDF2341
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6B1F5D204E4EEB342A5AD1D7E60D61BF
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7005A2A4DCF9DD7548137AB17E3A3AF3
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\712EAF07EE73CC65C822CC3BAE3B2483
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\75FF6D97AF9FC004A9521D4B83FA6321
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7947B301B2446E752A3FE06EAD7D26B5
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7987CE52D13E16258B0E1E3DB1BB0974
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7BEED197C514FDA53901AE8DD8EF0891
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DFDCF03D46C34159BDE29FBDBF1ACF5
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\890F436B85B790A55A582B7307DA12CE
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8C13DA6755F685B529615C8E92B3CA39
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8D07CD9CB3E6BE652872BF06A1CCA782
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\90841B1FC98200349925C88999866F17
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\94194FDD4DF523E53A888D65722A135D
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\95266D07D008D2E4E9B6F8E0DD15432A
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A4223BBC9438CAD49BBE10B4E344B1DD
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A72F23B1D745C27508518132197BC982
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A89E2B6FB14D8275DA63D075171DA184
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A9C43CD4001E9E4518B274AF9A0EFDA9
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AABA081CF7F19915FBB80B3BAF47CE63
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AC2A0FFD0A1686D53A4E24D6E96949E4
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AE5BDB2750259915D8442D4591A7717B
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B1A79C71D5DC1C150B76B6ED11195DFC
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B6D497DB33974935488761F7C4C3D755
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B752EF3300008394886C402CC27B474F
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B8C8BCC1206978D51A8B9EECBF806C53
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BAD3576CEA646895B962F94754612791
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BB4091512C8F4295E99CE2D061ED2020
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BEE6BBC9A31531F598794A62120B51C7
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C19162788CA4D235E829F88E2F771567
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C71F07DA356B66B5484A8E7F2ADEB7DC
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C96AD15EE8E887B56BAF2136A9088503
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C9E6B66ECC49D155888399C51D05C49E
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA360F24F0B214744BE40657FDA0B727
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CB13D869D7D092348847B7481BB59E27
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CE85F265816AE2D4E9B73C3E207E679C
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D5389AEEA4A1E20428D045E86BCF643B
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D5B62BB7BC607FB539585E2B7B6AFD16
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB027F01D4D53765C8E4FBE7DB77E07E
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DC2EB492393411F5ABE8ED13C59FBF20
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DDA2534BD056D1F44B6EC96AAA7F1F6E
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DDCA763D4C48A105086B4CCCEE78043F
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DEF7558C7CD27EF46AF802AFBE402675
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E05B987540A9E2849AAF9E5B06C27DA8
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E09F4A6B9D2A08B599AE9E38BFC93CD6
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E27B6535D0D94A24E91047C7D86F27BC
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E45D171E075A5425CBACF6631A45FA39
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E513C2076D90AD04F888BD762143F191
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E8F4C985459564F5B8DCFF2B3C7EBD27
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E96E33222BAC06B57A1FA9D72951C945
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EAA46CE9007F70A5CAFA5F26E5DDEBE5
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EE43FF091A8714A599F33EF2533FB59A
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EE790015CF30DAA569960905FF1651A0
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EEB44C47185BD304D80FDF5A4BBE8F54
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F214EB834D2EC474CA76C1CDE306CF3A
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F25491036D0FA5D5FA6742F5742F151A
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F4D1BA8B482D9734E943EE260A7ADEF2
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F6704141BAAF6884785EC6843143D6A7
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7507D4D4C310125E9A22BD909A41FB6
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7652513C62FF63448CFF05163719DB7
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F79C21D785419125595AC59458A6142D
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA15C90F092A60F53A4E0F88CED02968
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA1CF130B3D58B553833ACB6BE8AFAD4
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB0F1A18E4F0DBD509A42F4D4C05C02A
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FD17ED194F1C2B457B4F6EF4AE8DEAF3
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F1057DD419AED0B468AD8888429E139A
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17496
-\\ Mozilla Firefox v33.0.3 (x86 en-US)
[fpx32vvt.default-1374689957011\prefs.js] - Zeile gelöscht : user_pref("browser.search.order.1", "Mysearchdial");
[fpx32vvt.default-1374689957011\prefs.js] - Zeile gelöscht : user_pref("extensions.cZg3rwSch3sLnNNN.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.index[...]
[fpx32vvt.default-1374689957011\prefs.js] - Zeile gelöscht : user_pref("extensions.irmysearch.aflt", "irmsd0101");
[fpx32vvt.default-1374689957011\prefs.js] - Zeile gelöscht : user_pref("extensions.irmysearch.cd", "2XzuyEtN2Y1L1Qzu0EyE0DyDtA0D0AtCzyyCyEyEyEyC0C0EtN0D0Tzu0SyByDtDtN1L2XzutBtFtBtFtCyDtFtCyDzytBtN1L1CzutDzytDtCtG1T");
[fpx32vvt.default-1374689957011\prefs.js] - Zeile gelöscht : user_pref("extensions.irmysearch.cr", "1780154535");
[fpx32vvt.default-1374689957011\prefs.js] - Zeile gelöscht : user_pref("extensions.irmysearch.instlRef", "");
[fpx32vvt.default-1374689957011\prefs.js] - Zeile gelöscht : user_pref("extensions.mysearchdial.aflt", "irmsd0101");
[fpx32vvt.default-1374689957011\prefs.js] - Zeile gelöscht : user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}");
[fpx32vvt.default-1374689957011\prefs.js] - Zeile gelöscht : user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1Qzu0EyE0DyDtA0D0AtCzyyCyEyEyEyC0C0EtN0D0Tzu0SyByDtDtN1L2XzutBtFtBtFtCyDtFtCyDzytBtN1L1CzutDzytDtCtG1T");
[fpx32vvt.default-1374689957011\prefs.js] - Zeile gelöscht : user_pref("extensions.mysearchdial.cntry", "DE");
[fpx32vvt.default-1374689957011\prefs.js] - Zeile gelöscht : user_pref("extensions.mysearchdial.cr", "1780154535");
[fpx32vvt.default-1374689957011\prefs.js] - Zeile gelöscht : user_pref("extensions.mysearchdial.dfltLng", "");
[fpx32vvt.default-1374689957011\prefs.js] - Zeile gelöscht : user_pref("extensions.mysearchdial.dfltSrch", true);
[fpx32vvt.default-1374689957011\prefs.js] - Zeile gelöscht : user_pref("extensions.mysearchdial.dnsErr", true);
[fpx32vvt.default-1374689957011\prefs.js] - Zeile gelöscht : user_pref("extensions.mysearchdial.dpkLst", "3654782829,1334533236,1121012847,231756876,1895130307,603719297,4288797614,3754950497,426401714,3046281807,752626116,1657571787,3224935090,2597085128,18285[...]
[fpx32vvt.default-1374689957011\prefs.js] - Zeile gelöscht : user_pref("extensions.mysearchdial.dpk_blck", "true");
[fpx32vvt.default-1374689957011\prefs.js] - Zeile gelöscht : user_pref("extensions.mysearchdial.dpk_prompt", "true");
[fpx32vvt.default-1374689957011\prefs.js] - Zeile gelöscht : user_pref("extensions.mysearchdial.excTlbr", false);
[fpx32vvt.default-1374689957011\prefs.js] - Zeile gelöscht : user_pref("extensions.mysearchdial.hdrMd5", "5FB039EC5EC9ACDCE67E0558B8C48DEB");
[fpx32vvt.default-1374689957011\prefs.js] - Zeile gelöscht : user_pref("extensions.mysearchdial.hmpg", true);
[fpx32vvt.default-1374689957011\prefs.js] - Zeile gelöscht : user_pref("extensions.mysearchdial.hmpgUrl", "hxxp://start.mysearchdial.com/?f=1&a=irmsd0101&cd=2XzuyEtN2Y1L1Qzu0EyE0DyDtA0D0AtCzyyCyEyEyEyC0C0EtN0D0Tzu0SyByDtDtN1L2XzutBtFtBtFtCyDtFtCyDzytBtN1L1CzutD[...]
[fpx32vvt.default-1374689957011\prefs.js] - Zeile gelöscht : user_pref("extensions.mysearchdial.id", "E4D53DA1964446CE");
[fpx32vvt.default-1374689957011\prefs.js] - Zeile gelöscht : user_pref("extensions.mysearchdial.instlDay", "16090");
[fpx32vvt.default-1374689957011\prefs.js] - Zeile gelöscht : user_pref("extensions.mysearchdial.instlRef", "");
[fpx32vvt.default-1374689957011\prefs.js] - Zeile gelöscht : user_pref("extensions.mysearchdial.lastB", "hxxp://search.conduit.com/?gd=&ctid=CT3321540&octid=EB_ORIGINAL_CTID&ISID=M2C5C09B1-4FA6-43BE-AADE-097EDA496441&SearchSource=55&CUI=&UM=5&UP=SPC71B1AF7-F814[...]
[fpx32vvt.default-1374689957011\prefs.js] - Zeile gelöscht : user_pref("extensions.mysearchdial.lastVrsnTs", "");
[fpx32vvt.default-1374689957011\prefs.js] - Zeile gelöscht : user_pref("extensions.mysearchdial.newTabUrl", "hxxp://start.mysearchdial.com/?f=2&a=irmsd0101&cd=2XzuyEtN2Y1L1Qzu0EyE0DyDtA0D0AtCzyyCyEyEyEyC0C0EtN0D0Tzu0SyByDtDtN1L2XzutBtFtBtFtCyDtFtCyDzytBtN1L1Czu[...]
[fpx32vvt.default-1374689957011\prefs.js] - Zeile gelöscht : user_pref("extensions.mysearchdial.pnu_base", "{\"newVrsn\":\"96\",\"lastVrsn\":\"96\",\"vrsnLoad\":\"\",\"showMsg\":\"false\",\"showSilent\":\"true\",\"msgTs\":0,\"lstMsgTs\":\"0\"}");
[fpx32vvt.default-1374689957011\prefs.js] - Zeile gelöscht : user_pref("extensions.mysearchdial.prdct", "mysearchdial");
[fpx32vvt.default-1374689957011\prefs.js] - Zeile gelöscht : user_pref("extensions.mysearchdial.prtnrId", "mysearchdial");
[fpx32vvt.default-1374689957011\prefs.js] - Zeile gelöscht : user_pref("extensions.mysearchdial.sg", "{smplGrp}");
[fpx32vvt.default-1374689957011\prefs.js] - Zeile gelöscht : user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial");
[fpx32vvt.default-1374689957011\prefs.js] - Zeile gelöscht : user_pref("extensions.mysearchdial.tlbrId", "base");
[fpx32vvt.default-1374689957011\prefs.js] - Zeile gelöscht : user_pref("extensions.mysearchdial.tlbrSrchUrl", "hxxp://start.mysearchdial.com/?f=3&a=irmsd0101&cd=2XzuyEtN2Y1L1Qzu0EyE0DyDtA0D0AtCzyyCyEyEyEyC0C0EtN0D0Tzu0SyByDtDtN1L2XzutBtFtBtFtCyDtFtCyDzytBtN1L1C[...]
[fpx32vvt.default-1374689957011\prefs.js] - Zeile gelöscht : user_pref("extensions.mysearchdial.vrsn", "1.8.21.0");
[fpx32vvt.default-1374689957011\prefs.js] - Zeile gelöscht : user_pref("extensions.mysearchdial.vrsni", "1.8.21.0");
[fpx32vvt.default-1374689957011\prefs.js] - Zeile gelöscht : user_pref("extensions.mysearchdial_i.hmpg", true);
[fpx32vvt.default-1374689957011\prefs.js] - Zeile gelöscht : user_pref("extensions.mysearchdial_i.newTab", false);
[fpx32vvt.default-1374689957011\prefs.js] - Zeile gelöscht : user_pref("extensions.mysearchdial_i.smplGrp", "none");
[fpx32vvt.default-1374689957011\prefs.js] - Zeile gelöscht : user_pref("extensions.mysearchdial_i.vrsnTs", "1.8.21.011:34:19");
-\\ Google Chrome v39.0.2171.65
[C:\Users\Verena\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://mystart.incredibar.com/mb155/?loc=IB_DS&search={searchTerms}&a=6OyTjcYoyn&i=26
[C:\Users\Verena\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://mystart.incredibar.com/mb155/?loc=IB_DS&search={searchTerms}&a=6OyTjcYoyn&i=26
[C:\Users\Verena\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://isearch.babylon.com/?q={searchTerms}&affID=116223&tt=4412_7&babsrc=SP_ss&mntrId=3a7346ce000000000000e4d53da19644
[C:\Users\Verena\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://isearch.babylon.com/?q={searchTerms}&affID=116223&tt=4412_7&babsrc=SP_ss&mntrId=3a7346ce000000000000e4d53da19644
[C:\Users\Verena\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://isearch.babylon.com/?q={searchTerms}&affID=116223&tt=4412_7&babsrc=SP_ss&mntrId=3a7346ce000000000000e4d53da19644
[C:\Users\Verena\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://search.fbdownloader.com/search.php?channel=sfde203fbdgy21&q={searchTerms}
[C:\Users\Verena\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=3A73E4D53DA19644&affID=119557&tsp=4966
[C:\Users\Verena\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://search.fbdownloader.com/search.php?channel=sfde203fbdgy21&q={searchTerms}
[C:\Users\Verena\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd0101&cd=2XzuyEtN2Y1L1Qzu0EyE0DyDtA0D0AtCzyyCyEyEyEyC0C0EtN0D0Tzu0SyByDtDtN1L2XzutBtFtBtFtCyDtFtCyDzytBtN1L1CzutDzytDtCtG1T&cr=1780154535&ir=
[C:\Users\Verena\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://search.conduit.com/Results.aspx?gd=&ctid=CT3321540&octid=EB_ORIGINAL_CTID&ISID=M2C5C09B1-4FA6-43BE-AADE-097EDA496441&SearchSource=58&CUI=&UM=5&UP=SPC71B1AF7-F814-4A73-8032-4F6C53F28399&q={searchTerms}&SSPV=
[C:\Users\Verena\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://search.conduit.com/Results.aspx?gd=&ctid=CT3321540&octid=EB_ORIGINAL_CTID&ISID=M2C5C09B1-4FA6-43BE-AADE-097EDA496441&SearchSource=58&CUI=&UM=5&UP=SPC71B1AF7-F814-4A73-8032-4F6C53F28399&q={searchTerms}&SSPV=
[C:\Users\Verena\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://istart.webssearches.com/web/?type=ds&ts=1414837765&from=cov&uid=WDCXWD6400BPVT-22HXZT3_WD-WX91A91P5075P5075&q={searchTerms}
[C:\Users\Verena\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://istart.webssearches.com/web/?type=ds&ts=1414837765&from=cov&uid=WDCXWD6400BPVT-22HXZT3_WD-WX91A91P5075P5075&q={searchTerms}
*************************
AdwCleaner[R0].txt - [44648 octets] - [06/01/2014 21:57:18]
AdwCleaner[R1].txt - [41354 octets] - [18/12/2014 22:10:27]
AdwCleaner[R2].txt - [41415 octets] - [18/12/2014 22:15:14]
AdwCleaner[S0].txt - [42817 octets] - [06/01/2014 21:58:21]
AdwCleaner[S1].txt - [40835 octets] - [18/12/2014 22:18:10]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [40896 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.0 (11.29.2014:1)
OS: Windows 7 Home Premium x64
Ran by Verena on 18.12.2014 at 22:25:24,99
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
Successfully deleted: [File] "C:\Windows\wininit.ini"
~~~ Folders
Successfully deleted: [Empty Folder] C:\Users\Verena\appdata\local\{38175F0F-D20A-4F89-9D8F-239F0042C1BE}
Successfully deleted: [Empty Folder] C:\Users\Verena\appdata\local\{57757D2D-BD05-4BC5-96EF-2C89F612A518}
Successfully deleted: [Empty Folder] C:\Users\Verena\appdata\local\{E8D36D78-C2AF-4425-8CC8-19E082C6E579}
~~~ FireFox
Successfully deleted: [File] C:\user.js
Successfully deleted: [Folder] C:\Users\Verena\AppData\Roaming\mozilla\firefox\profiles\fpx32vvt.default-1374689957011\extensions\staged
Emptied folder: C:\Users\Verena\AppData\Roaming\mozilla\firefox\profiles\fpx32vvt.default-1374689957011\minidumps [14 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 18.12.2014 at 22:29:33,26
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-12-2014 Ran by Verena (administrator) on VERENA-PC on 18-12-2014 22:31:32 Running from C:\Users\Verena\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YLMV93GT Loaded Profiles: UpdatusUser & Verena (Available profiles: UpdatusUser & Verena) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Dropbox, Inc.) C:\Users\Verena\AppData\Roaming\Dropbox\bin\Dropbox.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe (Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe (brother) C:\Program Files (x86)\Brownie\BrStsW64.exe (Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe () C:\Windows\Samsung\PanelMgr\SSMMgr.exe () C:\Windows\twain_32\Samsung\CLX3180\Scan2Pc.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Brownie\BRNIPMON.exe () C:\Windows\Samsung\PanelMgr\caller64.exe (brother) C:\Program Files (x86)\Brownie\brpjp04a.exe (NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe (Samsung Electronics Co., Ltd.) C:\Windows\System32\spool\drivers\x64\3\NetFaxServer64.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_15_0_0_246_ActiveX.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2589992 2011-04-05] (ELAN Microelectronics Corp.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12673128 2011-08-16] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277480 2011-08-16] (Realtek Semiconductor) HKLM\...\Run: [Power Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1831016 2011-08-02] (Acer Incorporated) HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [297280 2011-04-24] (NTI Corporation) HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1103440 2011-07-01] (Dritek System Inc.) HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Dolby PCEE4\pcee4.exe [506712 2011-06-01] (Dolby Laboratories Inc.) HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [341360 2011-09-20] (Egis Technology Inc.) HKLM-x32\...\Run: [BrStsWnd] => C:\Program Files (x86)\Brownie\BrstsW64.exe [3695984 2011-03-25] (brother) HKLM-x32\...\Run: [Samsung PanelMgr] => C:\Windows\Samsung\PanelMgr\SSMMgr.exe [688128 2011-07-06] () HKLM-x32\...\Run: [CLX3180_Scan2Pc] => C:\Windows\Twain_32\Samsung\CLX3180\Scan2pc.exe [1990144 2011-04-29] () HKLM-x32\...\Run: [3180 Scan2PC] => C:\Windows\twain_32\Samsung\CLX3180\Scan2Pc.exe [1990144 2011-04-29] () HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707472 2014-03-12] (Cisco Systems, Inc.) HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [295072 2012-12-16] (RealNetworks, Inc.) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-1577607291-3742472165-1464039351-1000\...\Run: [AVG-Secure-Search-Update_JUNE2013_TB] => "C:\Program Files (x86)\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe" /PROMPT /CMPID=JUNE2013_TB HKU\S-1-5-21-1577607291-3742472165-1464039351-1000\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid} HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid} AppInit_DLLs: c:\Windows\System32\nvinitx.dll => c:\Windows\System32\nvinitx.dll [241984 2011-10-16] (NVIDIA Corporation) Startup: C:\Users\Verena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Verena\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\Verena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-1577607291-3742472165-1464039351-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-1577607291-3742472165-1464039351-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-1577607291-3742472165-1464039351-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie HKU\S-1-5-21-1577607291-3742472165-1464039351-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/ StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1577607291-3742472165-1464039351-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1577607291-3742472165-1464039351-1001 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = https://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-1577607291-3742472165-1464039351-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = https://www.google.com/search?q={searchTerms} BHO: Adblock IE -> {667BEE43-20BD-4CE3-94AC-E63E04D4B191} -> C:\Program Files\MGTEK\Adblock IE\adblockie.dll (MGTEK) BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader) BHO-x32: SwissAcademic.Citavi.Picker.IEPicker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation) BHO-x32: Adblock IE -> {667BEE43-20BD-4CE3-94AC-E63E04D4B191} -> C:\Program Files (x86)\MGTEK\Adblock IE\adblockie.dll (MGTEK) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) DPF: HKLM {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: HKLM {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011 FF DefaultSearchEngine: Yahoo MSD FF SelectedSearchEngine: Yahoo MSD FF Keyword.URL: FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=10.5.1 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @mcafee.com/SAFFPlugin -> C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @real.com/nppl3260;version=16.0.0.282 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.0 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.0 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.0 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpplugin;version=16.0.0.282 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\4\NP_wtapp.dll () FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\searchplugins\yahoo-msd.xml FF Extension: Amazon-Icon - C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\Extensions\amazon-icon@giga.de [2014-11-01] FF Extension: Foxi Security - C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\Extensions\foxi@securitii-dhfjs.com [2014-11-01] FF Extension: Simple New Tab - C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\Extensions\snt@dotlabs.co [2013-11-28] FF Extension: Suche App - C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\Extensions\{47744fca-0011-4ba5-ba33-24ae19355a42}.xpi [2014-07-26] FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor FF HKLM-x32\...\Firefox\Extensions: [{34712C68-7391-4c47-94F3-8F88D49AD632}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2012-12-16] FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext FF Extension: No Name - C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\snt@dotlabs.co.xpi [Not Found] FF Extension: No Name - C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\om@offermosquito.com.xpi [Not Found] FF Extension: No Name - C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\freegames4357@BestOffers [Not Found] FF Extension: No Name - C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\speedtest4354@BestOffers [Not Found] FF Extension: No Name - C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\faststartff@gmail.com [Not Found] FF Extension: No Name - om@offermosquito.com [Not Found] FF Extension: No Name - freegames4357@BestOffers [Not Found] FF Extension: No Name - speedtest4354@BestOffers [Not Found] FF Extension: No Name - faststartff@gmail.com [Not Found] Chrome: ======= CHR dev: Chrome dev build detected! <======= ATTENTION CHR Profile: C:\Users\Verena\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (RealDownloader) - C:\Users\Verena\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-05-02] CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2012-11-29] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [108032 2014-02-04] (Freemake) [File not signed] R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832 2011-04-24] (NTI Corporation) R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [38608 2012-11-29] () R2 Samsung Network Fax Server; C:\Windows\system32\spool\drivers\x64\3\NetFaxServer64.exe [229888 2011-04-28] (Samsung Electronics Co., Ltd.) [File not signed] S2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) S2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [53816 2009-07-13] (Samsung Electronics Co., Ltd.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-18] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation) S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52592 2014-03-12] (Cisco Systems, Inc.) S3 b57xdbd; system32\DRIVERS\b57xdbd.sys [X] S3 b57xdmp; system32\DRIVERS\b57xdmp.sys [X] S3 bScsiMSa; system32\DRIVERS\bScsiMSa.sys [X] S3 bScsiSDa; system32\DRIVERS\bScsiSDa.sys [X] S3 catchme; \??\C:\ComboFix\catchme.sys [X] S1 rhqeqdug; \??\C:\Windows\system32\drivers\rhqeqdug.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-18 22:29 - 2014-12-18 22:29 - 00001332 _____ () C:\Users\Verena\Desktop\JRT.txt 2014-12-18 22:25 - 2014-12-18 22:25 - 00000000 ____D () C:\Windows\ERUNT 2014-12-18 22:09 - 2014-12-18 22:09 - 00090916 _____ () C:\mbam.txt 2014-12-18 21:28 - 2014-12-18 22:30 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-12-18 21:28 - 2014-12-18 21:28 - 00001110 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-12-18 21:28 - 2014-12-18 21:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-12-18 21:28 - 2014-12-18 21:28 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-12-18 21:28 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-12-18 21:28 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-12-18 09:51 - 2014-12-18 09:51 - 00000000 ____D () C:\Windows\system32\appraiser 2014-12-18 09:23 - 2014-10-18 03:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll 2014-12-18 09:23 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll 2014-12-18 09:23 - 2014-07-07 03:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll 2014-12-18 09:23 - 2014-07-07 03:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe 2014-12-18 09:23 - 2014-07-07 03:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe 2014-12-18 09:23 - 2014-07-07 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll 2014-12-18 09:23 - 2014-07-07 02:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll 2014-12-18 09:23 - 2014-07-07 02:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe 2014-12-18 09:23 - 2014-07-07 02:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe 2014-12-18 09:23 - 2014-07-07 02:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll 2014-12-17 22:09 - 2014-12-17 22:09 - 00041650 _____ () C:\ComboFix.txt 2014-12-17 21:39 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe 2014-12-17 21:39 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe 2014-12-17 21:39 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2014-12-17 21:39 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2014-12-17 21:39 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2014-12-17 21:39 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe 2014-12-17 21:39 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe 2014-12-17 21:39 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe 2014-12-17 21:38 - 2014-12-17 22:09 - 00000000 ____D () C:\Qoobox 2014-12-17 21:38 - 2014-12-17 21:38 - 00013356 _____ () C:\Users\Verena\Desktop\ComboFix - Verknüpfung.lnk 2014-12-17 21:37 - 2014-12-17 22:07 - 00000000 ____D () C:\Windows\erdnt 2014-12-17 21:36 - 2014-12-17 21:37 - 05601641 ____R (Swearware) C:\Users\Verena\Downloads\ComboFix.exe 2014-12-17 21:02 - 2014-12-17 21:02 - 00001272 _____ () C:\Users\Verena\Desktop\Revo Uninstaller.lnk 2014-12-17 21:02 - 2014-12-17 21:02 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2014-12-17 21:01 - 2014-12-17 21:01 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Verena\Downloads\revosetup95.exe 2014-12-17 20:04 - 2014-12-17 20:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2014-12-17 14:52 - 2014-12-17 14:52 - 01364048 _____ () C:\Users\Verena\Downloads\Referat.zip 2014-12-16 21:43 - 2014-12-18 22:31 - 00000000 ____D () C:\FRST 2014-12-16 12:28 - 2014-12-16 12:28 - 00000000 ____D () C:\ProgramData\meiloodpcmaeadffghmjokemifmbeaba 2014-12-11 13:49 - 2014-12-04 03:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2014-12-11 13:49 - 2014-12-04 03:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2014-12-11 13:49 - 2014-12-04 03:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2014-12-11 13:49 - 2014-12-04 03:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2014-12-11 13:49 - 2014-12-04 03:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-12-11 13:49 - 2014-12-04 03:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll 2014-12-11 13:49 - 2014-12-04 03:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-12-11 13:49 - 2014-12-02 00:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe 2014-12-11 13:49 - 2014-11-27 02:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-12-11 13:49 - 2014-11-27 02:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-12-11 13:49 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-12-11 13:49 - 2014-11-22 04:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-12-11 13:49 - 2014-11-22 04:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-12-11 13:49 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-12-11 13:49 - 2014-11-22 03:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-12-11 13:49 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-12-11 13:49 - 2014-11-22 03:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-12-11 13:49 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-12-11 13:49 - 2014-11-22 03:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-12-11 13:49 - 2014-11-22 03:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-12-11 13:49 - 2014-11-22 03:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-12-11 13:49 - 2014-11-22 03:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-12-11 13:49 - 2014-11-22 03:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-12-11 13:49 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-12-11 13:49 - 2014-11-22 03:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-12-11 13:49 - 2014-11-22 03:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-12-11 13:49 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-12-11 13:49 - 2014-11-22 03:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-12-11 13:49 - 2014-11-22 03:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-12-11 13:49 - 2014-11-22 03:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-12-11 13:49 - 2014-11-22 03:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-12-11 13:49 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-12-11 13:49 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-12-11 13:49 - 2014-11-22 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-12-11 13:49 - 2014-11-22 03:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-12-11 13:49 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-12-11 13:49 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-12-11 13:49 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-12-11 13:49 - 2014-11-22 02:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-12-11 13:49 - 2014-11-22 02:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-12-11 13:49 - 2014-11-22 02:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-12-11 13:49 - 2014-11-22 02:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-12-11 13:49 - 2014-11-22 02:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-12-11 13:49 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-12-11 13:49 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-12-11 13:49 - 2014-11-22 02:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-12-11 13:49 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-12-11 13:49 - 2014-11-22 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-12-11 13:49 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-12-11 13:49 - 2014-11-22 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-12-11 13:49 - 2014-11-22 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-12-11 13:49 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-12-11 13:49 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-12-11 13:49 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-12-11 13:49 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-12-11 13:49 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-12-11 13:49 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-12-11 13:49 - 2014-11-22 02:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-12-11 13:49 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-12-11 13:49 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-12-11 13:49 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-12-11 13:49 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-12-11 13:49 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-12-11 13:49 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-12-11 13:49 - 2014-11-11 04:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2014-12-11 13:49 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2014-12-11 13:49 - 2014-11-11 02:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys 2014-12-11 13:47 - 2014-11-08 04:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2014-12-11 13:47 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2014-12-11 13:47 - 2014-10-30 03:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe 2014-12-11 13:47 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe 2014-12-11 13:47 - 2014-10-03 03:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll 2014-12-11 13:47 - 2014-10-03 03:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll 2014-12-11 13:47 - 2014-10-03 03:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll 2014-12-11 13:47 - 2014-10-03 03:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll 2014-12-11 13:47 - 2014-10-03 03:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe 2014-12-11 13:47 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll 2014-12-11 13:47 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll 2014-12-11 13:47 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll 2014-12-11 13:47 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll 2014-12-11 13:47 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe 2014-12-01 16:14 - 2014-12-18 22:20 - 00000380 _____ () C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Verena.job 2014-12-01 16:14 - 2014-12-18 18:50 - 00002964 _____ () C:\Windows\System32\Tasks\ReclaimerUpdateXML_Verena 2014-12-01 16:14 - 2014-12-18 18:50 - 00000370 _____ () C:\Windows\Tasks\ReclaimerUpdateXML_Verena.job 2014-12-01 16:14 - 2014-12-17 09:44 - 00002968 _____ () C:\Windows\System32\Tasks\ReclaimerUpdateFiles_Verena 2014-12-01 16:14 - 2014-12-17 09:44 - 00000374 _____ () C:\Windows\Tasks\ReclaimerUpdateFiles_Verena.job 2014-12-01 16:14 - 2014-12-01 16:14 - 00003618 _____ () C:\Windows\System32\Tasks\RNUpgradeHelperResumePrompt_Verena 2014-12-01 16:14 - 2014-12-01 16:14 - 00002672 _____ () C:\Windows\System32\Tasks\RNUpgradeHelperLogonPrompt_Verena 2014-11-30 15:27 - 2014-11-30 15:27 - 00001092 _____ () C:\Users\Public\Desktop\MuseScore.lnk 2014-11-30 15:27 - 2014-11-30 15:27 - 00000000 ____D () C:\Users\Verena\AppData\Roaming\MusE 2014-11-30 15:27 - 2014-11-30 15:27 - 00000000 ____D () C:\Users\Verena\AppData\Local\MusE 2014-11-30 15:26 - 2014-11-30 15:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MuseScore 2014-11-30 15:26 - 2014-11-30 15:26 - 00000000 ____D () C:\Program Files (x86)\MuseScore 2014-11-30 15:23 - 2014-11-30 15:23 - 00000739 _____ () C:\Windows\Debug.ini 2014-11-30 15:21 - 2014-11-30 15:21 - 00001039 _____ () C:\Users\Verena\Desktop\PriMusFree.lnk 2014-11-30 15:21 - 2014-11-30 15:21 - 00000000 ____D () C:\Users\Verena\Documents\PriMusFree 2014-11-30 15:21 - 2014-11-30 15:21 - 00000000 ____D () C:\Users\Verena\AppData\Roaming\Columbus Soft 2014-11-30 15:21 - 2014-11-30 15:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PriMusFree 2014-11-30 15:21 - 2014-11-30 15:21 - 00000000 ____D () C:\Program Files (x86)\PriMusFree 2014-11-30 13:38 - 2014-11-30 13:39 - 00000000 ____D () C:\Users\Verena\Documents\capella 2014-11-30 13:38 - 2014-11-30 13:38 - 00001958 _____ () C:\Users\Public\Desktop\capella 7.lnk 2014-11-30 13:38 - 2014-11-30 13:38 - 00000000 ____D () C:\Users\Verena\AppData\Roaming\capella-software 2014-11-30 13:38 - 2014-11-30 13:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\capella-software 2014-11-30 13:37 - 2014-11-30 13:37 - 00000000 ____D () C:\Program Files (x86)\capella-software 2014-11-20 14:40 - 2014-11-20 14:41 - 01313888 _____ () C:\Windows\Minidump\112014-48672-01.dmp 2014-11-19 15:06 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-11-19 15:06 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll 2014-11-19 15:06 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-11-19 15:06 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll 2014-11-19 07:32 - 2014-11-19 07:32 - 00000000 __SHD () C:\Users\Verena\AppData\Local\EmieBrowserModeList 2014-11-19 04:31 - 2014-11-19 04:31 - 01217192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FM20.DLL 2014-11-18 17:39 - 2014-11-18 17:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-18 22:29 - 2014-01-06 21:50 - 00000000 ____D () C:\AdwCleaner 2014-12-18 22:29 - 2009-07-14 05:45 - 00024400 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-12-18 22:29 - 2009-07-14 05:45 - 00024400 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-12-18 22:26 - 2011-12-02 10:47 - 01385033 _____ () C:\Windows\WindowsUpdate.log 2014-12-18 22:23 - 2014-11-02 17:04 - 00000000 ___RD () C:\Users\Verena\Dropbox 2014-12-18 22:23 - 2014-11-02 17:02 - 00000000 ____D () C:\Users\Verena\AppData\Roaming\Dropbox 2014-12-18 22:21 - 2012-05-07 17:32 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-12-18 22:21 - 2012-04-15 11:24 - 00000585 _____ () C:\Windows\Brownie.ini 2014-12-18 22:20 - 2012-05-07 17:32 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-12-18 22:20 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-12-18 22:19 - 2014-01-23 20:28 - 00010395 _____ () C:\Windows\setupact.log 2014-12-18 22:19 - 2010-11-21 04:47 - 00437104 _____ () C:\Windows\PFRO.log 2014-12-18 22:18 - 2012-04-13 15:57 - 00000000 ____D () C:\Users\Verena 2014-12-18 22:00 - 2011-10-14 04:41 - 00000000 ____D () C:\Windows\nl 2014-12-18 21:28 - 2014-01-06 22:12 - 00000000 ____D () C:\Users\Verena\AppData\Roaming\Malwarebytes 2014-12-18 21:28 - 2014-01-06 22:11 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-12-18 21:01 - 2012-08-27 20:13 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-12-18 18:56 - 2013-11-05 16:20 - 00000000 ____D () C:\Users\Verena\Documents\Outlook-Dateien 2014-12-18 10:02 - 2011-12-02 19:39 - 00703214 _____ () C:\Windows\system32\perfh007.dat 2014-12-18 10:02 - 2011-12-02 19:39 - 00150822 _____ () C:\Windows\system32\perfc007.dat 2014-12-18 10:02 - 2009-07-14 06:13 - 01629436 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-12-18 09:51 - 2014-05-08 06:59 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-12-18 09:51 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions 2014-12-18 09:51 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat 2014-12-18 09:36 - 2012-04-15 11:54 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-12-18 09:27 - 2013-08-01 13:25 - 00000000 ____D () C:\Windows\system32\MRT 2014-12-18 09:27 - 2012-08-03 08:45 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-12-17 23:18 - 2012-04-14 20:19 - 01649782 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2014-12-17 22:09 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default 2014-12-17 22:03 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini 2014-12-17 22:01 - 2014-01-26 16:00 - 00003366 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1577607291-3742472165-1464039351-1001 2014-12-17 22:01 - 2014-01-26 16:00 - 00003234 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1577607291-3742472165-1464039351-1001 2014-12-17 21:05 - 2012-04-14 21:41 - 00000000 ____D () C:\Users\Verena\AppData\Roaming\Skype 2014-12-17 20:05 - 2011-10-14 04:30 - 00000000 ____D () C:\ProgramData\Skype 2014-12-17 20:04 - 2013-01-24 19:43 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-12-16 22:10 - 2011-10-14 04:47 - 00000000 ____D () C:\ProgramData\Symantec 2014-12-16 22:06 - 2012-11-18 17:47 - 00000000 ____D () C:\ProgramData\Thomson.ResearchSoft.Installers 2014-12-16 22:03 - 2012-12-18 20:01 - 00000000 ____D () C:\Users\Verena\AppData\Local\Unity 2014-12-16 21:58 - 2011-10-14 04:20 - 00000000 ____D () C:\Program Files\Broadcom 2014-12-16 21:16 - 2014-11-02 17:03 - 00000000 ____D () C:\Users\Verena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-12-16 12:23 - 2012-12-24 08:56 - 00000454 ____H () C:\Windows\Tasks\Norton Security Scan for Verena.job 2014-12-11 16:21 - 2013-07-21 21:09 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2014-12-10 09:50 - 2012-08-27 20:13 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-12-10 09:50 - 2012-08-27 20:13 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-12-10 09:50 - 2011-10-14 04:49 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-12-01 18:20 - 2012-04-15 11:48 - 00000121 _____ () C:\Users\Public\LMDebug.log 2014-12-01 13:14 - 2012-12-16 14:04 - 00003344 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1577607291-3742472165-1464039351-1001 2014-12-01 13:14 - 2012-12-16 14:04 - 00003212 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1577607291-3742472165-1464039351-1001 2014-12-01 13:10 - 2012-04-13 15:59 - 00141200 _____ () C:\Users\Verena\AppData\Local\GDIPFONTCACHEV1.DAT 2014-12-01 13:10 - 2009-07-14 05:45 - 00481304 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-11-25 17:01 - 2013-07-21 21:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-11-24 14:04 - 2010-11-21 04:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2014-11-22 17:36 - 2013-06-24 20:36 - 00000000 ____D () C:\Users\Verena\Documents\Leimoniade 2014-11-21 06:14 - 2014-01-06 22:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-11-20 14:40 - 2014-03-03 10:20 - 637683392 _____ () C:\Windows\MEMORY.DMP 2014-11-20 14:40 - 2013-10-25 08:52 - 00000000 ____D () C:\Windows\Minidump Some content of TEMP: ==================== C:\Users\Verena\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpjcnnfs.dll C:\Users\Verena\AppData\Local\Temp\Quarantine.exe C:\Users\Verena\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-03-02 11:29 ==================== End Of Log ============================ --- --- --- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-12-2014
Ran by Verena at 2014-12-18 22:32:52
Running from C:\Users\Verena\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YLMV93GT
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Acer Backup Manager (HKLM-x32\...\InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}) (Version: 3.0.0.99 - NTI Corporation)
Acer Crystal Eye Webcam (HKLM-x32\...\InstallShield_{A0382E3C-7384-429A-9BFA-AF5888E5A193}) (Version: 1.5.2904.00 - CyberLink Corp.)
Acer Crystal Eye Webcam (x32 Version: 1.5.2904.00 - CyberLink Corp.) Hidden
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 6.00.3008 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3504 - Acer Incorporated)
Acer Games (HKLM-x32\...\WildTangent acer Master Uninstall) (Version: 1.0.2.5 - WildTangent)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.04.3504 - Acer Incorporated)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3502 - Acer Incorporated)
Adblock IE 2.3 (HKLM\...\{58161756-037B-42CD-B575-AF804A2F0F47}) (Version: 2.3.1756 - MGTEK)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.249 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.9 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98 - WildTangent) Hidden
Ahnenblatt 2.74 (HKLM-x32\...\Ahnenblatt_is1) (Version: 2.74.0.1 - Dirk Boettcher)
ALDI Bestellsoftware 4.12.1 (HKLM-x32\...\ALDI Bestellsoftware) (Version: 4.12.1 - ORWO Net)
AnyMP4 PDF Converter Ultimate 3.1.8 (HKLM-x32\...\{9C783402-EB68-4dd3-A185-F8DF3FB91CFE}_is1) (Version: 3.1.8 - AnyMP4 Studio)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
AVM FRITZ!Box Dokumentation (HKLM-x32\...\AVMFBox) (Version: - AVM Berlin)
Backup Manager V3 (x32 Version: 3.0.0.99 - NTI Corporation) Hidden
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Broadcom NetLink Controller (HKLM\...\{C91DCB72-F5BB-410D-A91A-314F5D1B4284}) (Version: 14.8.4.1 - Broadcom Corporation)
Brother HL-3040CN (HKLM-x32\...\{B3D02AE6-DA7C-4A0F-B14F-3EE30992E5B7}) (Version: 1.00 - Brother)
capella 7 (HKLM-x32\...\{7CEB4C23-E07B-4183-9511-2FD4DC5C09B9}) (Version: 7.1.25 - capella software AG)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.05160 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.05160 - Cisco Systems, Inc.) Hidden
Citavi (HKLM-x32\...\{E12C6653-1FF0-4686-ADB8-589C13AE761F}) (Version: 3.3.0.0 - Swiss Academic Software)
Crazy Chicken Kart 2 (x32 Version: 2.2.0.97 - WildTangent) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Defraggler (HKLM\...\Defraggler) (Version: 2.16 - Piriform)
Die Sims 2 (HKLM-x32\...\{6E7DD182-9FC6-4651-0095-2E666CC6AF35}) (Version: - )
Die Sims™ 2 Apartment-Leben (HKLM-x32\...\{B6F5B704-06D3-4687-90F3-6195304AD755}) (Version: - Electronic Arts)
Die Sims™ 2 Freizeit-Spaß (HKLM-x32\...\{87F6C83D-F949-4d14-B5CB-DC8C75F8932D}) (Version: - Electronic Arts)
Die Sims™ 2 Gute Reise (HKLM-x32\...\{F248ADFA-64E0-4b03-8A83-059078BED6A0}) (Version: - Electronic Arts)
Die Sims™ 2 H&M®-Fashion-Accessoires (HKLM-x32\...\{84DDE556-43EF-43ed-B2DF-37AF9E5DDD75}) (Version: - )
Die Sims™ 2 IKEA® Home-Accessoires (HKLM-x32\...\{6E17F9751-F056-4335-B718-8AF1B1092AFB}) (Version: - Electronic Arts)
Die Sims™ 2 Küchen- und Bad-Einrichtungs-Accessoires (HKLM-x32\...\{6522C636-B04C-4333-9BEB-9E0C0B6350D6}) (Version: - Electronic Arts)
Die Sims™ 2 Party-Accessoires (HKLM-x32\...\{EAA38532-7AD0-4f78-918A-4F4F02096ECE}) (Version: - )
Die Sims™ 2 Vier Jahreszeiten (HKLM-x32\...\{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}) (Version: - )
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.7000.7 - Dolby Laboratories Inc)
Dropbox (HKU\S-1-5-21-1577607291-3742472165-1464039351-1001\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
ETDWare PS/2-X64 8.0.6.3_WHQL (HKLM\...\Elantech) (Version: 8.0.6.3 - ELAN Microelectronic Corp.)
Evernote v. 4.5.1 (HKLM-x32\...\{28921580-E4BB-11E0-9FD7-1CC1DEF07CBE}) (Version: 4.5.1.5451 - Evernote Corp.)
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
Final Drive: Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Free YouTube Download version 3.2.12.827 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.12.827 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.12.827 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.12.827 - DVDVideoSoft Ltd.)
Freemake Audio Converter Version 1.1.0 (HKLM-x32\...\Freemake Audio Converter_is1) (Version: 1.1.0 - Ellora Assets Corporation)
FreePDFReader (HKLM-x32\...\FreePDFReader) (Version: - FreePDFConverter)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotogràfica del Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.65 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3501 - Acer Incorporated)
Insaniquarium Deluxe (x32 Version: 2.2.0.97 - WildTangent) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2418 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.5.0.1026 - Intel Corporation)
Jewel Match 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Jewel Quest Solitaire (x32 Version: 2.2.0.95 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 5.1.7 - Acer Inc.)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Mathematics-Add-In (32 Bit) (HKLM-x32\...\{E2C98732-F973-4985-A9C5-DC06178E16EE}) (Version: 2.0.041222.01 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 33.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.0.3 (x86 en-US)) (Version: 33.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MuseScore 1.3 (HKLM-x32\...\MuseScore) (Version: 1.3.0 - Werner Schweer and Others)
Mystery of Mortlake Mansion (x32 Version: 2.2.0.98 - WildTangent) Hidden
MyWinLocker (Version: 4.0.14.27 - Egis Technology Inc.) Hidden
MyWinLocker 4 (x32 Version: 4.0.14.27 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.19 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 4.0.14.19 - Egis Technology Inc.) Hidden
Norton Security Scan (HKLM-x32\...\NSS) (Version: 4.0.3.27 - Symantec Corporation)
NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.9002 - NTI Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.9002 - NTI Corporation) Hidden
NVIDIA Grafiktreiber 285.64 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 285.64 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}) (Version: 9.10.0514 - NVIDIA Corporation)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
PriMus Free 1.1 (Build 10806) (HKLM-x32\...\PriMus Free_is1) (Version: 1.1.0.10806 - Columbus Soft)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Readiris Pro 10 (HKLM-x32\...\{14D08502-FEE4-40E5-90D3-8A967A1D8BA2}) (Version: - )
RealDownloader (x32 Version: 1.3.0 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.0 - RealNetworks)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6438 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
ResearchSoft Direct Export Helper (HKLM-x32\...\ResearchSoft Direct Export Helper) (Version: - )
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
RollerCoaster Tycoon 2 (HKLM-x32\...\{72DF62BD-FF36-424E-AA5F-D89BAFF2C249}) (Version: - )
RollerCoaster Tycoon 2: Time Twister (HKLM-x32\...\{BA1E1AFD-D1F2-4C52-88C3-186FC5E61604}) (Version: 1.00.000 - )
RollerCoaster Tycoon 2: Wacky Worlds (HKLM-x32\...\{B1AD83A0-DC92-41E3-B111-E9472349768C}) (Version: - )
Samsung Network PC Fax (HKLM-x32\...\Samsung Network PC Fax) (Version: 1.05.22.00 - Samsung Electronics Co., Ltd.)
Samsung Scan Assistant (HKLM-x32\...\Samsung Scan Assistant) (Version: 1.04.20.00 - Samsung Electronics Co., Ltd.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Skype™ 6.22 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.22.107 - Skype Technologies S.A.)
Slingo Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
SmarThru 4 (HKLM-x32\...\{90F1943D-EA4A-4460-B59F-30023F3BA69A}) (Version: - Samsung Electronics Co., Ltd.)
The KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: 3.4.0.59 - KMP Media co., Ltd)
Torchlight (x32 Version: 2.2.0.97 - WildTangent) Hidden
Überwachungstool für die Intel® Turbo-Boost-Technik 2.0 (HKLM\...\{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}) (Version: 2.1.23.0 - Intel)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.97 - WildTangent) Hidden
Wartung Samsung CLX-3180 Series (HKLM-x32\...\Samsung CLX-3180 Series) (Version: - Samsung Electronics Co., Ltd.)
Wedding Dash (x32 Version: 2.2.0.95 - WildTangent) Hidden
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3504 - Acer Incorporated)
WildTangent Games App (x32 Version: 4.0.10.5 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-1577607291-3742472165-1464039351-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Verena\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1577607291-3742472165-1464039351-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Verena\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1577607291-3742472165-1464039351-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Verena\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1577607291-3742472165-1464039351-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Verena\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1577607291-3742472165-1464039351-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Verena\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1577607291-3742472165-1464039351-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Verena\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1577607291-3742472165-1464039351-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Verena\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1577607291-3742472165-1464039351-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Verena\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1577607291-3742472165-1464039351-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Verena\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
==================== Restore Points =========================
25-11-2014 17:09:42 Windows Update
30-11-2014 13:36:38 capella 7 wird installiert
02-12-2014 09:39:46 Windows Update
05-12-2014 21:11:06 Windows Update
11-12-2014 13:47:21 Windows Update
16-12-2014 12:21:42 Windows Update
16-12-2014 21:56:17 Removed Broadcom Card Reader Driver Installer.
16-12-2014 22:03:59 Removed EndNote X5
16-12-2014 22:08:45 Removed Norton Online Backup
17-12-2014 21:03:24 Revo Uninstaller's restore point - DMUninstaller
17-12-2014 21:05:48 Revo Uninstaller's restore point - Free Games 111
17-12-2014 21:07:17 Revo Uninstaller's restore point - Interenet Optimizer
17-12-2014 21:08:38 Revo Uninstaller's restore point - LizardSales
17-12-2014 21:09:56 Revo Uninstaller's restore point - Lollipop
17-12-2014 21:11:42 Revo Uninstaller's restore point - Mobogenie
17-12-2014 21:13:58 Revo Uninstaller's restore point - Pandora Service
17-12-2014 21:15:48 Revo Uninstaller's restore point - PC Performer
17-12-2014 21:16:58 Revo Uninstaller's restore point - Speed Test 127
17-12-2014 21:17:50 Revo Uninstaller's restore point - Zip Opener Packages
17-12-2014 21:29:14 Revo Uninstaller's restore point - Zip Opener Packages
18-12-2014 09:21:24 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2014-12-17 22:02 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {161EB941-8BBA-48DD-870A-9B6D2AA188B1} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1577607291-3742472165-1464039351-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2012-11-29] (RealNetworks, Inc.)
Task: {1FE0E0A4-4CF8-4E17-97B7-57791F7914EC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-10] (Adobe Systems Incorporated)
Task: {208FB049-E7AE-4CDA-AE45-B984248CBD94} - System32\Tasks\{CADFF3D7-DB59-4FA7-804F-68027FE700EA} => pcalua.exe -a C:\Users\Verena\AppData\Local\Temp\Temp1_rct187ge.zip\RCT-GE.exe
Task: {210C3455-F008-47B7-BCB1-B3A018FD8785} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1577607291-3742472165-1464039351-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.)
Task: {344F258C-1AC4-4A64-8DBF-3E58B265CA0B} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1577607291-3742472165-1464039351-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.)
Task: {51835281-D590-4C15-AF49-EE6BFBF621AB} - System32\Tasks\ReclaimerUpdateXML_Verena => C:\Users\Verena\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.03\agent\rnupgagent.exe [2014-12-01] (RealNetworks, Inc.)
Task: {53AD5418-3187-42DB-A06F-CCF620E65ABA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-01] (Google Inc.)
Task: {65AF588D-C2D7-4D76-BDE5-873319993184} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {67632EAA-44A4-45D0-B425-A8BE344CF7DC} - System32\Tasks\Go for FilesUpdate => C:\Program Files (x86)\GoforFiles\GFFUpdater.exe <==== ATTENTION
Task: {6D0F2D2D-0A1F-4879-BD69-37CC7369EDCC} - System32\Tasks\{65C1EE69-71E9-4DD4-927C-D14FC54A6C7D} => pcalua.exe -a "C:\Program Files (x86)\Uninstall Information\97\4450\uninstall.exe" -c /PUninstall="HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\PC Performer_is1" /reg=32 /cid=97
Task: {8C5214E5-AD61-413E-8A77-F11883972A74} - System32\Tasks\RNUpgradeHelperLogonPrompt_Verena => C:\Users\Verena\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.03\agent\rnupgagent.exe [2014-12-01] (RealNetworks, Inc.)
Task: {9C65D4C5-0CC5-4EA3-B2FF-78DA6BA41AD1} - System32\Tasks\RNUpgradeHelperResumePrompt_Verena => C:\Users\Verena\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.03\agent\rnupgagent.exe [2014-12-01] (RealNetworks, Inc.)
Task: {AC221520-C8D2-41AD-9F61-469B48B82B52} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1577607291-3742472165-1464039351-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2012-11-29] (RealNetworks, Inc.)
Task: {C6AF9F15-C0AF-48C1-A9C6-541EA44F55D8} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1577607291-3742472165-1464039351-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.)
Task: {CF370D8A-BD60-473E-82B0-591DE48C37DA} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1577607291-3742472165-1464039351-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2012-11-29] (RealNetworks, Inc.)
Task: {D328BEC2-3BF2-494D-9EAB-0B75B61DB1AD} - System32\Tasks\ReclaimerUpdateFiles_Verena => C:\Users\Verena\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.03\agent\rnupgagent.exe [2014-12-01] (RealNetworks, Inc.)
Task: {DDA3F5E2-A250-4830-9725-21E97CD2E795} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1577607291-3742472165-1464039351-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.)
Task: {FC7EEAFB-A9FE-4758-840C-E0D0CE0EBA6D} - System32\Tasks\Norton Security Scan for Verena => C:\Program Files (x86)\Norton Security Scan\Engine\4.0.3.27\Nss.exe [2013-10-11] (Symantec Corporation)
Task: {FC99122A-3C3C-4CFA-9073-13A897D83B54} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-01] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Norton Security Scan for Verena.job => C:\PROGRA~2\NORTON~2\Engine\403~1.27\Nss.exe
Task: C:\Windows\Tasks\ReclaimerUpdateFiles_Verena.job => C:\Users\Verena\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.03\agent\rnupgagent.exe
Task: C:\Windows\Tasks\ReclaimerUpdateXML_Verena.job => C:\Users\Verena\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.03\agent\rnupgagent.exe
Task: C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Verena.job => C:\Users\Verena\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.03\agent\rnupgagent.exe
==================== Loaded Modules (whitelisted) =============
2012-04-15 11:31 - 2011-06-22 08:14 - 00034304 _____ () C:\Windows\System32\sst2cl6.dll
2011-10-14 04:57 - 2011-06-10 18:36 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-04-15 11:30 - 2011-07-06 13:17 - 00688128 _____ () C:\Windows\Samsung\PanelMgr\SSMMgr.exe
2012-04-15 11:32 - 2011-04-29 08:58 - 01990144 _____ () C:\Windows\twain_32\Samsung\CLX3180\Scan2Pc.exe
2012-04-15 11:30 - 2009-09-29 10:47 - 00306688 _____ () C:\Windows\Samsung\PanelMgr\caller64.exe
2012-11-29 20:31 - 2012-11-29 20:31 - 00038608 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2014-03-12 21:53 - 2014-03-12 21:53 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00750080 _____ () C:\Users\Verena\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2014-12-18 22:22 - 2014-12-18 22:22 - 00043008 _____ () c:\users\verena\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpjcnnfs.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00047616 _____ () C:\Users\Verena\AppData\Roaming\Dropbox\bin\libEGL.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00863744 _____ () C:\Users\Verena\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00200704 _____ () C:\Users\Verena\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2011-04-24 02:29 - 2011-04-24 02:29 - 00465640 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
2012-04-15 11:32 - 2009-10-31 14:42 - 01384520 _____ () C:\Windows\twain_32\Samsung\CLX3180\ssole.dll
2011-04-24 02:29 - 2011-04-24 02:29 - 01081664 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\ACE.dll
2011-04-24 02:29 - 2011-04-24 02:29 - 00125760 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\MailConverter32.dll
2014-10-17 07:54 - 2014-10-17 07:54 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\c152a64e30c5b94894d75ac86aa7aad2\IsdiInterop.ni.dll
2011-10-14 04:15 - 2011-04-30 08:28 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: TkBellExe => "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
========================= Accounts: ==========================
Administrator (S-1-5-21-1577607291-3742472165-1464039351-500 - Administrator - Disabled)
Gast (S-1-5-21-1577607291-3742472165-1464039351-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1577607291-3742472165-1464039351-1005 - Limited - Enabled)
UpdatusUser (S-1-5-21-1577607291-3742472165-1464039351-1000 - Limited - Enabled) => C:\Users\UpdatusUser
Verena (S-1-5-21-1577607291-3742472165-1464039351-1001 - Administrator - Enabled) => C:\Users\Verena
==================== Faulty Device Manager Devices =============
Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
System errors:
=============
Microsoft Office Sessions:
=========================
CodeIntegrity Errors:
===================================
Date: 2014-12-17 21:51:40.974
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-12-17 21:51:40.787
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz
Percentage of memory in use: 27%
Total physical RAM: 8043.86 MB
Available physical RAM: 5822.05 MB
Total Pagefile: 16085.9 MB
Available Pagefile: 13685.88 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB
==================== Drives ================================
Drive c: (Acer) (Fixed) (Total:578.07 GB) (Free:426.59 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: 17332B7C)
Partition 1: (Not Active) - (Size=18 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=578.1 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
19.12.2014, 21:18
| #9 |
| /// the machine /// TB-Ausbilder | Deinstallation von PC PerformerESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
06.01.2015, 22:55
| #10 |
| | Deinstallation von PC Performer Hallo schrauber, hier das von Eset: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=01e9f29a08c00e41aea3a9362d02e152
# engine=16541
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-01-06 11:54:15
# local_time=2014-01-07 12:54:15 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 204390 140682305 0 0
# scanned=167732
# found=12
# cleaned=0
# scan_time=8210
sh=E726D8BAED9714F2CCF9E8EE01DA76F32716870A ft=1 fh=3a4d9e1ea77ed494 vn="a variant of Win32/SpeedingUpMyPC application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\optimizer pro\OptimizerPro.exe.vir"
sh=C5828B700B9EF61FA1534D5D18482BF12F591CBF ft=1 fh=0404da55e35b3671 vn="a variant of Win32/AdWare.SpeedingUpMyPC.D application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\optimizer pro\OptProLauncher.exe.vir"
sh=DDD2974F59F7DBB2C99557C05FB33787C7B27748 ft=1 fh=b62022df389e395a vn="a variant of Win32/Adware.SpeedingUpMyPC.C application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\optimizer pro\OptProSmartScan.exe.vir"
sh=F6BAD53145D71BFE0DD9D7E43ED5801DAE946BC6 ft=1 fh=8b20f90984fb4b31 vn="a variant of Win32/Kryptik.BACR trojan" ac=I fn="C:\Users\Verena\AppData\Local\Temp\~tmp5412746166827365742.exe"
sh=11E9DDC592694D63587E75FE6A54F5606DFE202D ft=1 fh=ea0659465c62f9db vn="Win32/Agent.UJJ trojan" ac=I fn="C:\Users\Verena\AppData\Local\Temp\tmp40de7bee\674454.exe"
sh=CC810CAFCFA3DFEB3915E3FB4FCB70AF06EE177D ft=1 fh=be13cd3566136975 vn="Win32/Agent.UJJ trojan" ac=I fn="C:\Users\Verena\AppData\Local\Temp\tmp60c67489\034.exe"
sh=848EA95D1505E38E40EF3297FF03DC9F02FE5CE6 ft=1 fh=b26f4ab487d5291a vn="a variant of Win32/AdWare.Lollipop.R application" ac=I fn="C:\Users\Verena\AppData\Local\Temp\ykmoncpwznaq\software\LollipopInstaller_14656.exe"
sh=A87B7647DC34B5B6186209377786E946B677C574 ft=1 fh=c2834f18f25710d9 vn="multiple threats" ac=I fn="C:\Users\Verena\AppData\Local\Temp\{A97D8C28-5FF0-4BD3-8DB7-1F3F81998D8A}\setup.exe"
sh=81A84BB015981CEDCFC2729C570C2BE7E76CE4F7 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\Verena\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\3ece88d5-312aa064"
sh=81E9A204273A21D792FB6328AE58630421D2E1D0 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\Verena\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\4079d6de-26c7f679"
sh=151168D862BE01E2B0F7EA3CE895026035E00903 ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.CVE-2013-2423.AI trojan" ac=I fn="C:\Users\Verena\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\2450b6a3-4feae86e"
sh=7057CB5A4EF9A6E41929B694B3192950C5653B09 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\Verena\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\cb37ca9-5d329b18"
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=01e9f29a08c00e41aea3a9362d02e152
# engine=21839
# end=stopped
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-01-06 06:42:39
# local_time=2015-01-06 07:42:39 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 7131 172199609 0 0
# scanned=44804
# found=65
# cleaned=0
# scan_time=811
sh=984A756CCC52B4FB93431768C789239CC6CD5958 ft=1 fh=c71c001148eb71fa vn="Variante von Win32/Toolbar.Perion.J evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\IB Updater\DGChrome.exe.vir"
sh=DCD4360B500FEC023D69701789A4D27CCDDBDD36 ft=1 fh=376b562bd6f4cdbc vn="Variante von Win32/Toolbar.Perion.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\IB Updater\Extension32.dll.vir"
sh=09231BCABACCFD12D7EF933C3DE4E3B24650BC20 ft=1 fh=b6be9342ffc60f8b vn="Variante von Win64/Toolbar.Perion.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\IB Updater\Extension64.dll.vir"
sh=D9497EDFE3B5E102A7BC46A2039721DFF803AB34 ft=1 fh=1e08259f608ba0bf vn="Variante von Win32/Toolbar.BitCocktail.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\IB Updater\ExtensionUpdaterService.exe.vir"
sh=730C3C60BF729832E4D08E8B4A2179245A488405 ft=1 fh=44f31356adc46a18 vn="Variante von Win32/Toolbar.BitCocktail.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\IB Updater\InstallerHelper.dll.vir"
sh=05F172E15709DB6378CA6C23C9EF970A58C6B0E4 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Perion.K evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\IB Updater\Firefox\chrome\content\main.js.vir"
sh=8C4EBEFA00C5146974AFA68BE39D3923D8453C20 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Perion.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\IB Updater\Firefox\chrome\content\resources\localscript.js.vir"
sh=8C4EBEFA00C5146974AFA68BE39D3923D8453C20 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Perion.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\IB Updater\resources\localscript.js.vir"
sh=8992F72873D09212597E582A16F8D9BC60E6A22A ft=1 fh=e21391a34e842ffc vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\DVDVideoSoft\TB\ConduitInstaller.exe.vir"
sh=DF23BFDC539596FD533FB7BE4F407D81D626ED43 ft=1 fh=adcacbbc82a302d0 vn="Variante von Win32/Toolbar.Iminent.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\Umbrella\Umbrella.exe.vir"
sh=97BCCD25561F44E9B13F05F6EEF083C9CE9BA529 ft=1 fh=641f1fb3d2e699c4 vn="Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert.dll.vir"
sh=74F9FC7659F4AA3EE4006C74DEF09C46EAFEC700 ft=1 fh=1c2f8eb000a89c11 vn="Win32/Somoto.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\FilesFrog Update Checker\update_checker.exe.vir"
sh=CEFF33B379AD83E6CC7F6274934F01A412CB4746 ft=1 fh=7e6d0b116b69b319 vn="Variante von Win32/YourFileDownloader.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\goforfiles\GFFUpdater.exe.vir"
sh=A04B38DDEF8612909CE5E82BE27632553D978C4F ft=1 fh=51d179a78bea0785 vn="Variante von Win32/YourFileDownloader.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\goforfiles\GoforFiles.exe.vir"
sh=6272C7A02DCCEAC3D8F65B460E2037D53E178DE5 ft=1 fh=d8a5557067100270 vn="Win32/YourFileDownloader.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\goforfiles\goforfilesdl.exe.vir"
sh=2DB4ABB2ADB87893C52F2771FA7EAAF0F9DEFE75 ft=1 fh=1645e9c29f6dcd5a vn="Variante von Win32/Toolbar.Iminent.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\f_in_box.dll.vir"
sh=8DBDCA65F8E3F5EFC6E2631DC0C7E81A6EAEF6D3 ft=1 fh=6b11d5b20e476e82 vn="Variante von Win32/Toolbar.Iminent.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\Iminent.AxImp.dll.vir"
sh=E26B7F5215A340B7816388BD1D490CD77735A874 ft=1 fh=6453da747928f624 vn="Variante von Win32/Toolbar.Iminent.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\Iminent.Booster.UI.dll.vir"
sh=76BA08CC95A3E91CFCBBFADD4EAF63FC5004F476 ft=1 fh=b94a3f119a020dc3 vn="Variante von Win32/Toolbar.Iminent.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\Iminent.Business.Connect.dll.vir"
sh=ED5D7FD219DEAE6E067830DFA4549B202881D3BD ft=1 fh=87b82fc1ad6cc462 vn="Variante von Win32/Toolbar.Iminent.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\Iminent.Business.dll.vir"
sh=FC3E36A91ED3FA28347CC0669701258CF081542A ft=1 fh=ccab723f09d28131 vn="Variante von Win32/Toolbar.Iminent.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\Iminent.Entity.dll.vir"
sh=3267B6E07E1752D9A3E3962E7DCF947F57930B3F ft=1 fh=c50b65080c0e5451 vn="Variante von Win32/Toolbar.Iminent.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\Iminent.exe.vir"
sh=2EAF37C2904195258C4FBCE4F196EE25FCE46C85 ft=1 fh=7eb3f79d3b68c533 vn="Variante von Win32/Toolbar.Iminent.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\Iminent.Mediator.ActivePlayers.dll.vir"
sh=A79CB99E52FC42CDBF0CA3D74C39F1A307E302AE ft=1 fh=8b98e45444122949 vn="Variante von Win32/Toolbar.Iminent.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\Iminent.Mediator.dll.vir"
sh=DC1EBC856FBCBB9ECC20C903286778D2E75EEEEA ft=1 fh=153c2e7cde611c85 vn="Variante von Win32/Toolbar.Iminent.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\Iminent.Messengers.exe.vir"
sh=2758DDACB548C0D80A947790A08EC49B50745920 ft=1 fh=a983910803b34571 vn="Variante von Win32/Toolbar.Iminent.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\Iminent.Services.dll.vir"
sh=834D7B3FD54064751DA020AE2B8D14BE821EF0DB ft=1 fh=65fbd9e83f5cb5a2 vn="Variante von Win32/Toolbar.Iminent.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\Iminent.WebBooster.InternetExplorer.dll.vir"
sh=DB9D9590984DF6DD3E25DCE476E0876B283B3C8B ft=1 fh=80778de74c10e57d vn="Variante von Win32/Toolbar.Iminent.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\Iminent.WinCore.dll.vir"
sh=CF14755A285BD989951FEC1790D2D1514851B64C ft=1 fh=02c366ed5982e431 vn="Variante von Win32/Toolbar.Iminent.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\Iminent.WinCore.WLM.WinEvents.dll.vir"
sh=3DB8443BB981FCD760FD907874F64F2D4E4AC357 ft=1 fh=656a911d601f37a1 vn="Variante von Win32/Toolbar.Iminent.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\Iminent.WinCore.WLM15.dll.vir"
sh=0ECA214D732D75D1769E6D8C15144A061489C703 ft=1 fh=85cc08e15b0e4e90 vn="Variante von Win32/Toolbar.Iminent.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\Iminent.WinCore.Yahoo.dll.vir"
sh=28CBC19B525BDF1DE7E5077991D5F7B923C723B3 ft=1 fh=71ca373a834edd2f vn="Variante von Win32/Toolbar.Iminent.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\Iminent.Windows.dll.vir"
sh=572387759A1976DA899F7CD2D7B04EA60AF7A47B ft=1 fh=acf96a714232ceba vn="Variante von Win32/Toolbar.Iminent.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\Iminent.Workflow.dll.vir"
sh=11F42961801C9155BCCDABB0142808CCE8D619CE ft=1 fh=ae5b8860f9e3ec6e vn="Variante von Win32/Toolbar.Iminent.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\Microsoft.DirectX.AudioVideoPlayback.dll.vir"
sh=44ECCC6BE2130271788043E36EDB657FED579011 ft=1 fh=e0fa64e03a49a633 vn="Variante von Win32/Toolbar.Iminent.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\Microsoft.Expression.Interactions.dll.vir"
sh=7931631E731B5D8A260D7EFCF919E199FF93A78D ft=1 fh=1242396652463a35 vn="Variante von Win32/Toolbar.Iminent.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\System.Data.SQLite.dll.vir"
sh=6442ED51FAA4A9E7CB6FE26EBE802A47295E4740 ft=1 fh=29e60ce7a2042e47 vn="Variante von Win32/Toolbar.Iminent.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\System.Windows.Interactivity.dll.vir"
sh=8A20C5B921845A44DA3B8516B7A81BDF4B390A65 ft=1 fh=a537c4966d8587bc vn="Variante von Win32/Toolbar.Iminent.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\WPFLocalizeExtension.dll.vir"
sh=D9BA376454FC89F9D4C4BCD118973E9ECF7C4215 ft=1 fh=f8af1e1642e03375 vn="Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mobogenie\DaemonProcess.exe.vir"
sh=6CD498216C53A44174541A6902B4273A58A420FF ft=1 fh=4851f10b3453ba34 vn="Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mobogenie\Mobogenie.exe.vir"
sh=8E6A6992A3C7FEC4000FA1A4D764DD597109E0B5 ft=1 fh=c71c0011cd00713e vn="Win32/NextLive.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mobogenie\nengine.dll.vir"
sh=07BB0C2DE850F6C0D4B28E48BA6B0C26A8A87AB6 ft=1 fh=81cd605d26c5c78d vn="Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mobogenie\UpdateMoboGenie.exe.vir"
sh=9B28F35A352DE4C5512BC252EBC813DBEB26BC61 ft=1 fh=d37c366403454630 vn="MSIL/MyPCBackup.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\MyPC Backup\MyPC Backup.exe.vir"
sh=E726D8BAED9714F2CCF9E8EE01DA76F32716870A ft=1 fh=3a4d9e1ea77ed494 vn="Win32/SpeedingUpMyPC.O Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\optimizer pro\OptimizerPro.exe.vir"
sh=4F22A8123ED706701232FDE6D4604391E115DE3B ft=1 fh=e63205094a8c3bf5 vn="Variante von Win32/SProtector.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\optimizer pro\OptProCrash.dll.vir"
sh=D45270CB648ED4B4BF9C7F160CB7B162DCC4AB5A ft=1 fh=2475d3aacda770df vn="Variante von Win32/SProtector.J evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\optimizer pro\OptProCrashSvc.dll.vir"
sh=8C4AC20C311E985E905ECE946EA53CAE1BC3F59C ft=1 fh=f0a226371419f2cf vn="Variante von Win64/SProtector.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\optimizer pro\OptProCrash_x64.dll.vir"
sh=C5828B700B9EF61FA1534D5D18482BF12F591CBF ft=1 fh=0404da55e35b3671 vn="Variante von Win32/AdWare.SpeedingUpMyPC.D Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\optimizer pro\OptProLauncher.exe.vir"
sh=43AC9629FA094C18E88A853BE09DFDF95285999D ft=1 fh=c42cd406f4868ff2 vn="Variante von Win32/Adware.SpeedingUpMyPC.V Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\optimizer pro\OptProReminder.exe.vir"
sh=DDD2974F59F7DBB2C99557C05FB33787C7B27748 ft=1 fh=b62022df389e395a vn="Variante von Win32/Adware.SpeedingUpMyPC.C Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\optimizer pro\OptProSmartScan.exe.vir"
sh=B1CC1BBCD9FE490869E78FFA57CBBF7ABCB5CB24 ft=0 fh=0000000000000000 vn="JS/OfferMosquito.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Verena\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbmdkmlcnbapgegninelmjbfibaghdmk\0.5_0\offermosquito.js.vir"
sh=D4290B72810DBCDDFE49B3A887C32B8210448F23 ft=0 fh=0000000000000000 vn="Win32/SweetIM.J evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Verena\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.4.0.4\flavour.js.vir"
sh=96782E610940265452A5866899E108A440602F61 ft=1 fh=e2b5f6e68841dc2b vn="Win32/SweetIM.J evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Verena\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.4.0.4\mgHelperGC.dll.vir"
sh=102237472CEAAC2888FF21F2564A25A5DACB306F ft=0 fh=0000000000000000 vn="Win32/SweetIM.J evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Verena\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.4.0.4\newtab.js.vir"
sh=9B267C770C94DDC2618C0556335D312BFD244E1E ft=0 fh=0000000000000000 vn="Win32/SweetIM.J evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Verena\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.4.0.4\toolbar.js.vir"
sh=EB64FF1BDA3899E88F054FA1D0FF9774E957EE8B ft=1 fh=1298a8b4cd5f030d vn="Variante von Win32/Skintrim.LU Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Verena\AppData\Local\lollipop\lollipop_01041556.exe.vir"
sh=2B71A57C96480FE13CB46A9F319794A0AF697642 ft=1 fh=296865a4b95bf4e8 vn="Variante von Win32/Toolbar.Babylon.W evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Verena\AppData\Roaming\BabSolution\Shared\enhancedNT.dll.vir"
sh=5AF5234514E6EE5014C2E553E6514ABBEFCFC67E ft=1 fh=c71c0011fee7b097 vn="Variante von Win32/FileScout.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Verena\AppData\Roaming\file scout\filescout.exe.vir"
sh=1421E080E6F9F8A0AB3EA5975E688A001BE89711 ft=1 fh=ad7078b1c3a0e413 vn="Win32/AdWare.Snoozer.A Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Verena\AppData\Roaming\Snz\Snz.exe.vir"
sh=B9FC82819237DF1B959CC03DE0B44C75686520FE ft=1 fh=9eb5a6909c749019 vn="Variante von Win32/Toolbar.Perion.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\SysWOW64\ARFC\wrtc.exe.vir"
sh=84577EB0DE6DFEF55BC04F52AE1F5F3E2068D3AC ft=1 fh=d5ed4e4f25a0e0a0 vn="Variante von Win32/Toolbar.Perion.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\SysWOW64\jmdp\lmrn.dll.vir"
sh=4355403823B442E0C375C6E26F291F4F4066FAFB ft=1 fh=afd92d15453d2679 vn="Variante von Win32/Toolbar.Perion.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\SysWOW64\jmdp\stij.exe.vir"
sh=D39A433484FCAF232AFC632B599153A863DDB7D6 ft=1 fh=8fe5834fd01e2d08 vn="Win32/Toolbar.Perion.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\SysWOW64\WNLT\Installation\HSChromeRegSetup.exe.vir"
sh=D9EE6B80A0799254672CEDD44F173BD38A604757 ft=1 fh=28f332d88c5a495a vn="Variante von Win32/Toolbar.Perion.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\SysWOW64\WNLT\Installation\SKSetup.exe.vir"
sh=1A739914A874A42A4520CE05D8B8761A884ADFB7 ft=1 fh=de394184ef561da5 vn="Variante von Win32/Toolbar.Perion.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\SysWOW64\WNLT\Installation\WSSetup.exe.vir"
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=01e9f29a08c00e41aea3a9362d02e152
# engine=21839
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-01-06 09:08:53
# local_time=2015-01-06 10:08:53 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 15905 172208383 0 0
# scanned=234684
# found=98
# cleaned=0
# scan_time=8726
sh=984A756CCC52B4FB93431768C789239CC6CD5958 ft=1 fh=c71c001148eb71fa vn="Variante von Win32/Toolbar.Perion.J evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\IB Updater\DGChrome.exe.vir"
sh=DCD4360B500FEC023D69701789A4D27CCDDBDD36 ft=1 fh=376b562bd6f4cdbc vn="Variante von Win32/Toolbar.Perion.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\IB Updater\Extension32.dll.vir"
sh=09231BCABACCFD12D7EF933C3DE4E3B24650BC20 ft=1 fh=b6be9342ffc60f8b vn="Variante von Win64/Toolbar.Perion.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\IB Updater\Extension64.dll.vir"
sh=D9497EDFE3B5E102A7BC46A2039721DFF803AB34 ft=1 fh=1e08259f608ba0bf vn="Variante von Win32/Toolbar.BitCocktail.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\IB Updater\ExtensionUpdaterService.exe.vir"
sh=730C3C60BF729832E4D08E8B4A2179245A488405 ft=1 fh=44f31356adc46a18 vn="Variante von Win32/Toolbar.BitCocktail.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\IB Updater\InstallerHelper.dll.vir"
sh=775D36458D022E18DD83B8AFF3DC75F20DA0E38D ft=0 fh=0000000000000000 vn="Win32/Toolbar.Perion.K evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\IB Updater\source.crx.vir"
sh=05F172E15709DB6378CA6C23C9EF970A58C6B0E4 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Perion.K evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\IB Updater\Firefox\chrome\content\main.js.vir"
sh=8C4EBEFA00C5146974AFA68BE39D3923D8453C20 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Perion.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\IB Updater\Firefox\chrome\content\resources\localscript.js.vir"
sh=8C4EBEFA00C5146974AFA68BE39D3923D8453C20 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Perion.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\IB Updater\resources\localscript.js.vir"
sh=8992F72873D09212597E582A16F8D9BC60E6A22A ft=1 fh=e21391a34e842ffc vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\DVDVideoSoft\TB\ConduitInstaller.exe.vir"
sh=DF23BFDC539596FD533FB7BE4F407D81D626ED43 ft=1 fh=adcacbbc82a302d0 vn="Variante von Win32/Toolbar.Iminent.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\Umbrella\Umbrella.exe.vir"
sh=97BCCD25561F44E9B13F05F6EEF083C9CE9BA529 ft=1 fh=641f1fb3d2e699c4 vn="Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert.dll.vir"
sh=74F9FC7659F4AA3EE4006C74DEF09C46EAFEC700 ft=1 fh=1c2f8eb000a89c11 vn="Win32/Somoto.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\FilesFrog Update Checker\update_checker.exe.vir"
sh=CEFF33B379AD83E6CC7F6274934F01A412CB4746 ft=1 fh=7e6d0b116b69b319 vn="Variante von Win32/YourFileDownloader.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\goforfiles\GFFUpdater.exe.vir"
sh=A04B38DDEF8612909CE5E82BE27632553D978C4F ft=1 fh=51d179a78bea0785 vn="Variante von Win32/YourFileDownloader.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\goforfiles\GoforFiles.exe.vir"
sh=6272C7A02DCCEAC3D8F65B460E2037D53E178DE5 ft=1 fh=d8a5557067100270 vn="Win32/YourFileDownloader.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\goforfiles\goforfilesdl.exe.vir"
sh=2DB4ABB2ADB87893C52F2771FA7EAAF0F9DEFE75 ft=1 fh=1645e9c29f6dcd5a vn="Variante von Win32/Toolbar.Iminent.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\f_in_box.dll.vir"
sh=8DBDCA65F8E3F5EFC6E2631DC0C7E81A6EAEF6D3 ft=1 fh=6b11d5b20e476e82 vn="Variante von Win32/Toolbar.Iminent.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\Iminent.AxImp.dll.vir"
sh=E26B7F5215A340B7816388BD1D490CD77735A874 ft=1 fh=6453da747928f624 vn="Variante von Win32/Toolbar.Iminent.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\Iminent.Booster.UI.dll.vir"
sh=76BA08CC95A3E91CFCBBFADD4EAF63FC5004F476 ft=1 fh=b94a3f119a020dc3 vn="Variante von Win32/Toolbar.Iminent.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\Iminent.Business.Connect.dll.vir"
sh=ED5D7FD219DEAE6E067830DFA4549B202881D3BD ft=1 fh=87b82fc1ad6cc462 vn="Variante von Win32/Toolbar.Iminent.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\Iminent.Business.dll.vir"
sh=FC3E36A91ED3FA28347CC0669701258CF081542A ft=1 fh=ccab723f09d28131 vn="Variante von Win32/Toolbar.Iminent.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\Iminent.Entity.dll.vir"
sh=3267B6E07E1752D9A3E3962E7DCF947F57930B3F ft=1 fh=c50b65080c0e5451 vn="Variante von Win32/Toolbar.Iminent.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\Iminent.exe.vir"
sh=2EAF37C2904195258C4FBCE4F196EE25FCE46C85 ft=1 fh=7eb3f79d3b68c533 vn="Variante von Win32/Toolbar.Iminent.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\Iminent.Mediator.ActivePlayers.dll.vir"
sh=A79CB99E52FC42CDBF0CA3D74C39F1A307E302AE ft=1 fh=8b98e45444122949 vn="Variante von Win32/Toolbar.Iminent.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\Iminent.Mediator.dll.vir"
sh=DC1EBC856FBCBB9ECC20C903286778D2E75EEEEA ft=1 fh=153c2e7cde611c85 vn="Variante von Win32/Toolbar.Iminent.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\Iminent.Messengers.exe.vir"
sh=2758DDACB548C0D80A947790A08EC49B50745920 ft=1 fh=a983910803b34571 vn="Variante von Win32/Toolbar.Iminent.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\Iminent.Services.dll.vir"
sh=834D7B3FD54064751DA020AE2B8D14BE821EF0DB ft=1 fh=65fbd9e83f5cb5a2 vn="Variante von Win32/Toolbar.Iminent.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\Iminent.WebBooster.InternetExplorer.dll.vir"
sh=DB9D9590984DF6DD3E25DCE476E0876B283B3C8B ft=1 fh=80778de74c10e57d vn="Variante von Win32/Toolbar.Iminent.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\Iminent.WinCore.dll.vir"
sh=CF14755A285BD989951FEC1790D2D1514851B64C ft=1 fh=02c366ed5982e431 vn="Variante von Win32/Toolbar.Iminent.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\Iminent.WinCore.WLM.WinEvents.dll.vir"
sh=3DB8443BB981FCD760FD907874F64F2D4E4AC357 ft=1 fh=656a911d601f37a1 vn="Variante von Win32/Toolbar.Iminent.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\Iminent.WinCore.WLM15.dll.vir"
sh=0ECA214D732D75D1769E6D8C15144A061489C703 ft=1 fh=85cc08e15b0e4e90 vn="Variante von Win32/Toolbar.Iminent.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\Iminent.WinCore.Yahoo.dll.vir"
sh=28CBC19B525BDF1DE7E5077991D5F7B923C723B3 ft=1 fh=71ca373a834edd2f vn="Variante von Win32/Toolbar.Iminent.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\Iminent.Windows.dll.vir"
sh=572387759A1976DA899F7CD2D7B04EA60AF7A47B ft=1 fh=acf96a714232ceba vn="Variante von Win32/Toolbar.Iminent.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\Iminent.Workflow.dll.vir"
sh=11F42961801C9155BCCDABB0142808CCE8D619CE ft=1 fh=ae5b8860f9e3ec6e vn="Variante von Win32/Toolbar.Iminent.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\Microsoft.DirectX.AudioVideoPlayback.dll.vir"
sh=44ECCC6BE2130271788043E36EDB657FED579011 ft=1 fh=e0fa64e03a49a633 vn="Variante von Win32/Toolbar.Iminent.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\Microsoft.Expression.Interactions.dll.vir"
sh=7931631E731B5D8A260D7EFCF919E199FF93A78D ft=1 fh=1242396652463a35 vn="Variante von Win32/Toolbar.Iminent.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\System.Data.SQLite.dll.vir"
sh=6442ED51FAA4A9E7CB6FE26EBE802A47295E4740 ft=1 fh=29e60ce7a2042e47 vn="Variante von Win32/Toolbar.Iminent.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\System.Windows.Interactivity.dll.vir"
sh=8A20C5B921845A44DA3B8516B7A81BDF4B390A65 ft=1 fh=a537c4966d8587bc vn="Variante von Win32/Toolbar.Iminent.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\WPFLocalizeExtension.dll.vir"
sh=D9BA376454FC89F9D4C4BCD118973E9ECF7C4215 ft=1 fh=f8af1e1642e03375 vn="Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mobogenie\DaemonProcess.exe.vir"
sh=6CD498216C53A44174541A6902B4273A58A420FF ft=1 fh=4851f10b3453ba34 vn="Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mobogenie\Mobogenie.exe.vir"
sh=DCDAFDA3D713E40441BEB285780962150C143DB0 ft=0 fh=0000000000000000 vn="Variante von Android/Mobserv.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mobogenie\MUServer.apk.vir"
sh=8E6A6992A3C7FEC4000FA1A4D764DD597109E0B5 ft=1 fh=c71c0011cd00713e vn="Win32/NextLive.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mobogenie\nengine.dll.vir"
sh=07BB0C2DE850F6C0D4B28E48BA6B0C26A8A87AB6 ft=1 fh=81cd605d26c5c78d vn="Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mobogenie\UpdateMoboGenie.exe.vir"
sh=9B28F35A352DE4C5512BC252EBC813DBEB26BC61 ft=1 fh=d37c366403454630 vn="MSIL/MyPCBackup.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\MyPC Backup\MyPC Backup.exe.vir"
sh=E726D8BAED9714F2CCF9E8EE01DA76F32716870A ft=1 fh=3a4d9e1ea77ed494 vn="Win32/SpeedingUpMyPC.O Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\optimizer pro\OptimizerPro.exe.vir"
sh=4F22A8123ED706701232FDE6D4604391E115DE3B ft=1 fh=e63205094a8c3bf5 vn="Variante von Win32/SProtector.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\optimizer pro\OptProCrash.dll.vir"
sh=D45270CB648ED4B4BF9C7F160CB7B162DCC4AB5A ft=1 fh=2475d3aacda770df vn="Variante von Win32/SProtector.J evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\optimizer pro\OptProCrashSvc.dll.vir"
sh=8C4AC20C311E985E905ECE946EA53CAE1BC3F59C ft=1 fh=f0a226371419f2cf vn="Variante von Win64/SProtector.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\optimizer pro\OptProCrash_x64.dll.vir"
sh=C5828B700B9EF61FA1534D5D18482BF12F591CBF ft=1 fh=0404da55e35b3671 vn="Variante von Win32/AdWare.SpeedingUpMyPC.D Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\optimizer pro\OptProLauncher.exe.vir"
sh=43AC9629FA094C18E88A853BE09DFDF95285999D ft=1 fh=c42cd406f4868ff2 vn="Variante von Win32/Adware.SpeedingUpMyPC.V Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\optimizer pro\OptProReminder.exe.vir"
sh=DDD2974F59F7DBB2C99557C05FB33787C7B27748 ft=1 fh=b62022df389e395a vn="Variante von Win32/Adware.SpeedingUpMyPC.C Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\optimizer pro\OptProSmartScan.exe.vir"
sh=B1CC1BBCD9FE490869E78FFA57CBBF7ABCB5CB24 ft=0 fh=0000000000000000 vn="JS/OfferMosquito.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Verena\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbmdkmlcnbapgegninelmjbfibaghdmk\0.5_0\offermosquito.js.vir"
sh=D4290B72810DBCDDFE49B3A887C32B8210448F23 ft=0 fh=0000000000000000 vn="Win32/SweetIM.J evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Verena\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.4.0.4\flavour.js.vir"
sh=96782E610940265452A5866899E108A440602F61 ft=1 fh=e2b5f6e68841dc2b vn="Win32/SweetIM.J evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Verena\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.4.0.4\mgHelperGC.dll.vir"
sh=102237472CEAAC2888FF21F2564A25A5DACB306F ft=0 fh=0000000000000000 vn="Win32/SweetIM.J evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Verena\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.4.0.4\newtab.js.vir"
sh=9B267C770C94DDC2618C0556335D312BFD244E1E ft=0 fh=0000000000000000 vn="Win32/SweetIM.J evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Verena\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.4.0.4\toolbar.js.vir"
sh=EB64FF1BDA3899E88F054FA1D0FF9774E957EE8B ft=1 fh=1298a8b4cd5f030d vn="Variante von Win32/Skintrim.LU Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Verena\AppData\Local\lollipop\lollipop_01041556.exe.vir"
sh=2B71A57C96480FE13CB46A9F319794A0AF697642 ft=1 fh=296865a4b95bf4e8 vn="Variante von Win32/Toolbar.Babylon.W evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Verena\AppData\Roaming\BabSolution\Shared\enhancedNT.dll.vir"
sh=5AF5234514E6EE5014C2E553E6514ABBEFCFC67E ft=1 fh=c71c0011fee7b097 vn="Variante von Win32/FileScout.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Verena\AppData\Roaming\file scout\filescout.exe.vir"
sh=1421E080E6F9F8A0AB3EA5975E688A001BE89711 ft=1 fh=ad7078b1c3a0e413 vn="Win32/AdWare.Snoozer.A Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Verena\AppData\Roaming\Snz\Snz.exe.vir"
sh=B9FC82819237DF1B959CC03DE0B44C75686520FE ft=1 fh=9eb5a6909c749019 vn="Variante von Win32/Toolbar.Perion.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\SysWOW64\ARFC\wrtc.exe.vir"
sh=84577EB0DE6DFEF55BC04F52AE1F5F3E2068D3AC ft=1 fh=d5ed4e4f25a0e0a0 vn="Variante von Win32/Toolbar.Perion.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\SysWOW64\jmdp\lmrn.dll.vir"
sh=4355403823B442E0C375C6E26F291F4F4066FAFB ft=1 fh=afd92d15453d2679 vn="Variante von Win32/Toolbar.Perion.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\SysWOW64\jmdp\stij.exe.vir"
sh=E5E55F157C1CC8F09FD2FDE4D943CFA502A8E636 ft=0 fh=0000000000000000 vn="Win32/SweetIM.J evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\SysWOW64\jmdp\SweetNT.crx.vir"
sh=D39A433484FCAF232AFC632B599153A863DDB7D6 ft=1 fh=8fe5834fd01e2d08 vn="Win32/Toolbar.Perion.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\SysWOW64\WNLT\Installation\HSChromeRegSetup.exe.vir"
sh=6C0C9FD608D380296603E6032E64332D64E5261F ft=1 fh=5d0c986a876671aa vn="Win32/SweetIM.J evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\SysWOW64\WNLT\Installation\NTSetup.exe.vir"
sh=D9EE6B80A0799254672CEDD44F173BD38A604757 ft=1 fh=28f332d88c5a495a vn="Variante von Win32/Toolbar.Perion.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\SysWOW64\WNLT\Installation\SKSetup.exe.vir"
sh=1A739914A874A42A4520CE05D8B8761A884ADFB7 ft=1 fh=de394184ef561da5 vn="Variante von Win32/Toolbar.Perion.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\SysWOW64\WNLT\Installation\WSSetup.exe.vir"
sh=44C2A0D7CFE08D11DA6B0FD9F29B80274C228A53 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\ProgramData\meiloodpcmaeadffghmjokemifmbeaba\QGJeJ7si.js"
sh=BB88C3CCAF14038BC4967E26DC02375B892DB388 ft=1 fh=8faacd88e04a08e6 vn="Variante von Win32/Toolbar.Besttoolbars.J evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\Free Games 111\ScRIpthost64.dll.vir"
sh=1022729A03AE1EE7245404144A85076AA206B99C ft=1 fh=02c6b3b58a4624e4 vn="Variante von Win32/Toolbar.Besttoolbars.I evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\Speed Test 127\AddonsFramework.Typelib.dll.vir"
sh=112C392B2803837A18EAE38D2AE7554F8A299A79 ft=1 fh=60abaa6b700cc78e vn="Win64/Toolbar.Besttoolbars.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\Speed Test 127\AddonsFramework.Typelib64.dll.vir"
sh=D9AC66012AA2EB9AD9F95DAE569C563023CBAF74 ft=1 fh=f0ff556d3619374a vn="Variante von Win32/Toolbar.Besttoolbars.G evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\Speed Test 127\BackgroundHost.exe.vir"
sh=69CBF3EBA00C795155FFE5787A23987DB5DE8C34 ft=1 fh=2e7ee03c6aed0bab vn="Variante von Win64/Toolbar.Besttoolbars.A evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\Speed Test 127\BackgroundHost64.exe.vir"
sh=818FF91B61230E4C3EB0BC46F77F1CE0B4D92E3E ft=1 fh=2eabe045491068b1 vn="Variante von Win32/Toolbar.Besttoolbars.J evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\Speed Test 127\ScriptHost.dll.vir"
sh=4FDF85D0459BEB65E652EB33DF68D2B2EA520F58 ft=1 fh=ba00c479d30efde5 vn="Variante von Win32/Toolbar.Besttoolbars.J evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\Speed Test 127\ScRIpthost64.dll.vir"
sh=EE013F24AEA61092A57A808EC0F4B437E26EB736 ft=1 fh=48d725e0853640bd vn="Variante von Win32/Kryptik.CPUR Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Verena\AppData\Local\mikporw.dll.vir"
sh=3B023189F45356DDFCB2D1149B6BF12F6928952A ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Verena\AppData\Local\Google\Chrome\User Data\Default\Extensions\gihkgljdimgfffabkemicpaeljmoobil\175\OLA2Mgd.js.vir"
sh=F9A0661FB313F16753F82EE6338336D9D1057C8E ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Verena\AppData\Local\Google\Chrome\User Data\Default\Extensions\glieaboaghdnlglpkekghloldikefofo\191\lnLx.js.vir"
sh=A21E362B32F7437D2476355E06BA075D0CC52057 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\PJ51@yhV.com\content\bg.js.vir"
sh=39CA7F186608FA3DA1FF2894A88DB59BFF755011 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\staged\0mD@dJ.org\content\bg.js.vir"
sh=D7C1CE08B7747152E2BE2CE1E34363DF503315B0 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\staged\B@RfZ.edu\content\bg.js.vir"
sh=C239CF6DAA1A1FFCB393BCFC2FF0EB29627D33F3 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\staged\LSC@MA.net\content\bg.js.vir"
sh=44C2A0D7CFE08D11DA6B0FD9F29B80274C228A53 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Users\All Users\meiloodpcmaeadffghmjokemifmbeaba\QGJeJ7si.js"
sh=81A84BB015981CEDCFC2729C570C2BE7E76CE4F7 ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\Verena\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\3ece88d5-312aa064"
sh=81E9A204273A21D792FB6328AE58630421D2E1D0 ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\Verena\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\4079d6de-26c7f679"
sh=151168D862BE01E2B0F7EA3CE895026035E00903 ft=0 fh=0000000000000000 vn="Variante von Java/Exploit.CVE-2013-2423.AI Trojaner" ac=I fn="C:\Users\Verena\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\2450b6a3-4feae86e"
sh=7057CB5A4EF9A6E41929B694B3192950C5653B09 ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\Verena\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\cb37ca9-5d329b18"
sh=44B508486E8FAA1FCCF5AB8F4EA59A50BAAFBA24 ft=1 fh=91897b2ff6e6a068 vn="Variante von Win32/Toolbar.Besttoolbars.J evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Verena\Desktop\(.)\betterads_local.exe"
sh=68C62EDE9C2FA6BBA8327B0D0FD9F01E9277E581 ft=1 fh=6ab3c0d4a4cd300f vn="Variante von Win32/OpenInstall evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Verena\Desktop\(.)\Fonts\WinZip165Multi-language.exe"
sh=4FB10415B81B03D51DB12E524C8FD767555C8DE1 ft=0 fh=0000000000000000 vn="JS/OfferMosquito.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Verena\Desktop\(.)\Old Firefox Data\extensions\om@offermosquito.com.xpi"
sh=540D67A521DB6B50340E45B24BE6D01FDE3A6302 ft=1 fh=df620f156d7bf5db vn="Variante von Win32/InstallCore.BB evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Verena\Downloads\PDFCreatorSetup.exe"
sh=CC49E4D1B1A598DFCC1320A962FC23B2D4485E40 ft=1 fh=c71c0011a69fb8e7 vn="Variante von Win32/InstallCore.IT evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Verena\Downloads\ZipOpenerSetup.exe"
sh=6B6505FCB5E85CF54469BBDE98C12476388A2ED2 ft=1 fh=c71c00111d4398f2 vn="Variante von Win32/InstallCore.BY evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Verena\Downloads\Fonts\FolksyStitches_Font_Installer.exe"
sh=D71BBAB99AB231D48C69434FE86201BDD0614358 ft=1 fh=77d75d93933a2da2 vn="Variante von Win32/Somoto.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Verena\Downloads\Fonts\MutluvonSchriftartenFontsde_downloader_by_SchriftartenFontsde.exe"
sh=74E7D99D3B29F1E124EBDCA6BE0184E24619EC5E ft=1 fh=57c05034de303995 vn="Variante von Win32/Toolbar.Perion.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F3U8VPRZ\update[1]"
sh=74E7D99D3B29F1E124EBDCA6BE0184E24619EC5E ft=1 fh=57c05034de303995 vn="Variante von Win32/Toolbar.Perion.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F3U8VPRZ\update[1]"
Code:
ATTFilter UNSUPPORTED OPERATING SYSTEM! ABORTED!
|
|
06.01.2015, 22:56
| #11 |
| | Deinstallation von PC Performer Und das FRST log: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-01-2015
Ran by Verena (administrator) on VERENA-PC on 06-01-2015 22:32:19
Running from C:\Users\Verena\Desktop
Loaded Profiles: UpdatusUser & Verena (Available profiles: UpdatusUser & Verena)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Dropbox, Inc.) C:\Users\Verena\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(brother) C:\Program Files (x86)\Brownie\BrStsW64.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
() C:\Windows\Samsung\PanelMgr\SSMMgr.exe
() C:\Windows\twain_32\Samsung\CLX3180\Scan2Pc.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brownie\BRNIPMON.exe
() C:\Windows\Samsung\PanelMgr\caller64.exe
(brother) C:\Program Files (x86)\Brownie\brpjp04a.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(Samsung Electronics Co., Ltd.) C:\Windows\System32\spool\drivers\x64\3\NetFaxServer64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Source Engine\OSE.EXE
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Adobe\Director\SWDNLD.EXE
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2589992 2011-04-05] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12673128 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277480 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [Power Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1831016 2011-08-02] (Acer Incorporated)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [297280 2011-04-24] (NTI Corporation)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1103440 2011-07-01] (Dritek System Inc.)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Dolby PCEE4\pcee4.exe [506712 2011-06-01] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [341360 2011-09-20] (Egis Technology Inc.)
HKLM-x32\...\Run: [BrStsWnd] => C:\Program Files (x86)\Brownie\BrstsW64.exe [3695984 2011-03-25] (brother)
HKLM-x32\...\Run: [Samsung PanelMgr] => C:\Windows\Samsung\PanelMgr\SSMMgr.exe [688128 2011-07-06] ()
HKLM-x32\...\Run: [CLX3180_Scan2Pc] => C:\Windows\Twain_32\Samsung\CLX3180\Scan2pc.exe [1990144 2011-04-29] ()
HKLM-x32\...\Run: [3180 Scan2PC] => C:\Windows\twain_32\Samsung\CLX3180\Scan2Pc.exe [1990144 2011-04-29] ()
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707472 2014-03-12] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [295072 2012-12-16] (RealNetworks, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1577607291-3742472165-1464039351-1000\...\Run: [AVG-Secure-Search-Update_JUNE2013_TB] => "C:\Program Files (x86)\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe" /PROMPT /CMPID=JUNE2013_TB
HKU\S-1-5-21-1577607291-3742472165-1464039351-1000\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-1577607291-3742472165-1464039351-1001\...\RunOnce: [Adobe Speed Launcher] => 1418971810
HKU\S-1-5-21-1577607291-3742472165-1464039351-1001\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_15_0_0_246_ActiveX.exe [855216 2014-12-10] (Adobe Systems Incorporated)
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
AppInit_DLLs: c:\Windows\System32\nvinitx.dll => c:\Windows\System32\nvinitx.dll [241984 2011-10-16] (NVIDIA Corporation)
Startup: C:\Users\Verena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Verena\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Verena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-1577607291-3742472165-1464039351-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1577607291-3742472165-1464039351-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1577607291-3742472165-1464039351-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
HKU\S-1-5-21-1577607291-3742472165-1464039351-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1577607291-3742472165-1464039351-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1577607291-3742472165-1464039351-1001 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1577607291-3742472165-1464039351-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = https://www.google.com/search?q={searchTerms}
BHO: Adblock IE -> {667BEE43-20BD-4CE3-94AC-E63E04D4B191} -> C:\Program Files\MGTEK\Adblock IE\adblockie.dll (MGTEK)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: SwissAcademic.Citavi.Picker.IEPicker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Adblock IE -> {667BEE43-20BD-4CE3-94AC-E63E04D4B191} -> C:\Program Files (x86)\MGTEK\Adblock IE\adblockie.dll (MGTEK)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
DPF: HKLM {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011
FF DefaultSearchEngine: Yahoo MSD
FF SelectedSearchEngine: Yahoo MSD
FF Keyword.URL:
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.5.1 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/SAFFPlugin -> C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.0.282 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.0 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.0 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.0 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.0.282 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\4\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\searchplugins\yahoo-msd.xml
FF Extension: Amazon-Icon - C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\Extensions\amazon-icon@giga.de [2014-11-01]
FF Extension: Foxi Security - C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\Extensions\foxi@securitii-dhfjs.com [2014-11-01]
FF Extension: Simple New Tab - C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\Extensions\snt@dotlabs.co [2013-11-28]
FF Extension: Suche App - C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\Extensions\{47744fca-0011-4ba5-ba33-24ae19355a42}.xpi [2014-07-26]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF HKLM-x32\...\Firefox\Extensions: [{34712C68-7391-4c47-94F3-8F88D49AD632}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2012-12-16]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: No Name - C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\snt@dotlabs.co.xpi [Not Found]
FF Extension: No Name - C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\om@offermosquito.com.xpi [Not Found]
FF Extension: No Name - C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\freegames4357@BestOffers [Not Found]
FF Extension: No Name - C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\speedtest4354@BestOffers [Not Found]
FF Extension: No Name - C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\fpx32vvt.default-1374689957011\extensions\faststartff@gmail.com [Not Found]
Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Verena\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (RealDownloader) - C:\Users\Verena\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-05-02]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2012-11-29]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [108032 2014-02-04] (Freemake) [File not signed]
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832 2011-04-24] (NTI Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [38608 2012-11-29] ()
R2 Samsung Network Fax Server; C:\Windows\system32\spool\drivers\x64\3\NetFaxServer64.exe [229888 2011-04-28] (Samsung Electronics Co., Ltd.) [File not signed]
S2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [53816 2009-07-13] (Samsung Electronics Co., Ltd.)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52592 2014-03-12] (Cisco Systems, Inc.)
S3 b57xdbd; system32\DRIVERS\b57xdbd.sys [X]
S3 b57xdmp; system32\DRIVERS\b57xdmp.sys [X]
S3 bScsiMSa; system32\DRIVERS\bScsiMSa.sys [X]
S3 bScsiSDa; system32\DRIVERS\bScsiSDa.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S1 rhqeqdug; \??\C:\Windows\system32\drivers\rhqeqdug.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-06 22:32 - 2015-01-06 22:33 - 00020035 _____ () C:\Users\Verena\Desktop\FRST.txt
2015-01-06 22:31 - 2015-01-06 22:31 - 02123776 _____ (Farbar) C:\Users\Verena\Desktop\FRST64.exe
2015-01-06 22:25 - 2015-01-06 22:26 - 00852505 _____ () C:\Users\Verena\Desktop\SecurityCheck.exe
2015-01-06 19:08 - 2015-01-06 19:09 - 02347384 _____ (ESET) C:\Users\Verena\Desktop\esetsmartinstaller_deu.exe
2015-01-06 18:38 - 2015-01-06 18:38 - 00000000 ____D () C:\Users\Verena\Documents\Uni Tübingen
2014-12-18 22:29 - 2014-12-18 22:29 - 00001332 _____ () C:\Users\Verena\Desktop\JRT.txt
2014-12-18 22:25 - 2014-12-18 22:25 - 00000000 ____D () C:\Windows\ERUNT
2014-12-18 22:09 - 2014-12-18 22:09 - 00090916 _____ () C:\mbam.txt
2014-12-18 21:28 - 2015-01-06 18:59 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-18 21:28 - 2014-12-18 21:28 - 00001110 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-12-18 21:28 - 2014-12-18 21:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-12-18 21:28 - 2014-12-18 21:28 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-12-18 21:28 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-18 21:28 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-18 09:51 - 2014-12-18 09:51 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-18 09:42 - 2014-12-13 06:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-18 09:42 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-18 09:23 - 2014-10-18 03:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-18 09:23 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-12-18 09:23 - 2014-07-07 03:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-12-18 09:23 - 2014-07-07 03:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-12-18 09:23 - 2014-07-07 03:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-12-18 09:23 - 2014-07-07 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-12-18 09:23 - 2014-07-07 02:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-12-18 09:23 - 2014-07-07 02:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2014-12-18 09:23 - 2014-07-07 02:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2014-12-18 09:23 - 2014-07-07 02:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2014-12-17 22:09 - 2014-12-17 22:09 - 00041650 _____ () C:\ComboFix.txt
2014-12-17 21:39 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-12-17 21:39 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-12-17 21:39 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-12-17 21:39 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-12-17 21:39 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-12-17 21:39 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-12-17 21:39 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-12-17 21:39 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-12-17 21:38 - 2014-12-17 22:09 - 00000000 ____D () C:\Qoobox
2014-12-17 21:38 - 2014-12-17 21:38 - 00013356 _____ () C:\Users\Verena\Desktop\ComboFix - Verknüpfung.lnk
2014-12-17 21:37 - 2014-12-17 22:07 - 00000000 ____D () C:\Windows\erdnt
2014-12-17 21:36 - 2014-12-17 21:37 - 05601641 ____R (Swearware) C:\Users\Verena\Downloads\ComboFix.exe
2014-12-17 21:02 - 2014-12-17 21:02 - 00001272 _____ () C:\Users\Verena\Desktop\Revo Uninstaller.lnk
2014-12-17 21:02 - 2014-12-17 21:02 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-12-17 21:01 - 2014-12-17 21:01 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Verena\Downloads\revosetup95.exe
2014-12-17 20:04 - 2014-12-17 20:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-12-17 14:52 - 2014-12-17 14:52 - 01364048 _____ () C:\Users\Verena\Downloads\Referat.zip
2014-12-16 21:43 - 2015-01-06 22:32 - 00000000 ____D () C:\FRST
2014-12-16 12:28 - 2014-12-16 12:28 - 00000000 ____D () C:\ProgramData\meiloodpcmaeadffghmjokemifmbeaba
2014-12-11 13:49 - 2014-12-04 03:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-11 13:49 - 2014-12-04 03:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-11 13:49 - 2014-12-04 03:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-11 13:49 - 2014-12-04 03:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-11 13:49 - 2014-12-04 03:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-11 13:49 - 2014-12-04 03:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-11 13:49 - 2014-12-04 03:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-11 13:49 - 2014-12-02 00:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2014-12-11 13:49 - 2014-11-27 02:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-11 13:49 - 2014-11-27 02:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-11 13:49 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-11 13:49 - 2014-11-22 04:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-11 13:49 - 2014-11-22 04:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-11 13:49 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-11 13:49 - 2014-11-22 03:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-11 13:49 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-11 13:49 - 2014-11-22 03:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-11 13:49 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-11 13:49 - 2014-11-22 03:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-11 13:49 - 2014-11-22 03:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-11 13:49 - 2014-11-22 03:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-11 13:49 - 2014-11-22 03:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-11 13:49 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-11 13:49 - 2014-11-22 03:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-11 13:49 - 2014-11-22 03:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-11 13:49 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-11 13:49 - 2014-11-22 03:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-11 13:49 - 2014-11-22 03:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-11 13:49 - 2014-11-22 03:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-11 13:49 - 2014-11-22 03:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-11 13:49 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-11 13:49 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-11 13:49 - 2014-11-22 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-11 13:49 - 2014-11-22 03:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-12-11 13:49 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-11 13:49 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-11 13:49 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-11 13:49 - 2014-11-22 02:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-11 13:49 - 2014-11-22 02:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-11 13:49 - 2014-11-22 02:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-11 13:49 - 2014-11-22 02:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-12-11 13:49 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-11 13:49 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-11 13:49 - 2014-11-22 02:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-11 13:49 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-11 13:49 - 2014-11-22 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-11 13:49 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-11 13:49 - 2014-11-22 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-11 13:49 - 2014-11-22 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-11 13:49 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-11 13:49 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-11 13:49 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-11 13:49 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-11 13:49 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-11 13:49 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-11 13:49 - 2014-11-22 02:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-12-11 13:49 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-11 13:49 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-11 13:49 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-11 13:49 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-11 13:49 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-11 13:49 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-11 13:49 - 2014-11-11 04:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-11 13:49 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-11 13:49 - 2014-11-11 02:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-11 13:47 - 2014-11-08 04:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-11 13:47 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-12-11 13:47 - 2014-10-30 03:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-11 13:47 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2014-12-11 13:47 - 2014-10-03 03:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-11 13:47 - 2014-10-03 03:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-11 13:47 - 2014-10-03 03:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-11 13:47 - 2014-10-03 03:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-11 13:47 - 2014-10-03 03:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-11 13:47 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-12-11 13:47 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-11 13:47 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2014-12-11 13:47 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2014-12-11 13:47 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-06 22:29 - 2014-01-06 21:50 - 00000000 ____D () C:\AdwCleaner
2015-01-06 22:21 - 2012-05-07 17:32 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-06 22:01 - 2012-08-27 20:13 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-06 21:45 - 2013-11-05 16:20 - 00000000 ____D () C:\Users\Verena\Documents\Outlook-Dateien
2015-01-06 21:24 - 2011-12-02 10:47 - 01459879 _____ () C:\Windows\WindowsUpdate.log
2015-01-06 19:21 - 2012-05-07 17:32 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-06 18:51 - 2014-12-01 16:14 - 00000370 _____ () C:\Windows\Tasks\ReclaimerUpdateXML_Verena.job
2015-01-06 18:37 - 2011-12-02 19:39 - 00703214 _____ () C:\Windows\system32\perfh007.dat
2015-01-06 18:37 - 2011-12-02 19:39 - 00150822 _____ () C:\Windows\system32\perfc007.dat
2015-01-06 18:37 - 2009-07-14 06:13 - 01629436 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-06 18:32 - 2009-07-14 05:45 - 00024400 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-06 18:32 - 2009-07-14 05:45 - 00024400 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-06 17:41 - 2014-12-01 16:14 - 00000374 _____ () C:\Windows\Tasks\ReclaimerUpdateFiles_Verena.job
2014-12-18 22:23 - 2014-11-02 17:04 - 00000000 ___RD () C:\Users\Verena\Dropbox
2014-12-18 22:23 - 2014-11-02 17:02 - 00000000 ____D () C:\Users\Verena\AppData\Roaming\Dropbox
2014-12-18 22:21 - 2012-04-15 11:24 - 00000585 _____ () C:\Windows\Brownie.ini
2014-12-18 22:20 - 2014-12-01 16:14 - 00000380 _____ () C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Verena.job
2014-12-18 22:20 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-18 22:19 - 2014-01-23 20:28 - 00010395 _____ () C:\Windows\setupact.log
2014-12-18 22:19 - 2010-11-21 04:47 - 00437104 _____ () C:\Windows\PFRO.log
2014-12-18 22:18 - 2012-04-13 15:57 - 00000000 ____D () C:\Users\Verena
2014-12-18 22:00 - 2011-10-14 04:41 - 00000000 ____D () C:\Windows\nl
2014-12-18 21:28 - 2014-01-06 22:12 - 00000000 ____D () C:\Users\Verena\AppData\Roaming\Malwarebytes
2014-12-18 21:28 - 2014-01-06 22:11 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-18 18:50 - 2014-12-01 16:14 - 00002964 _____ () C:\Windows\System32\Tasks\ReclaimerUpdateXML_Verena
2014-12-18 09:51 - 2014-05-08 06:59 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-18 09:51 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-18 09:51 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat
2014-12-18 09:36 - 2012-04-15 11:54 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-18 09:27 - 2013-08-01 13:25 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-18 09:27 - 2012-08-03 08:45 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-17 23:18 - 2012-04-14 20:19 - 01649782 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-12-17 22:09 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2014-12-17 22:03 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2014-12-17 22:01 - 2014-01-26 16:00 - 00003366 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1577607291-3742472165-1464039351-1001
2014-12-17 22:01 - 2014-01-26 16:00 - 00003234 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1577607291-3742472165-1464039351-1001
2014-12-17 21:05 - 2012-04-14 21:41 - 00000000 ____D () C:\Users\Verena\AppData\Roaming\Skype
2014-12-17 20:05 - 2011-10-14 04:30 - 00000000 ____D () C:\ProgramData\Skype
2014-12-17 20:04 - 2013-01-24 19:43 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-12-17 09:44 - 2014-12-01 16:14 - 00002968 _____ () C:\Windows\System32\Tasks\ReclaimerUpdateFiles_Verena
2014-12-16 22:10 - 2011-10-14 04:47 - 00000000 ____D () C:\ProgramData\Symantec
2014-12-16 22:06 - 2012-11-18 17:47 - 00000000 ____D () C:\ProgramData\Thomson.ResearchSoft.Installers
2014-12-16 22:03 - 2012-12-18 20:01 - 00000000 ____D () C:\Users\Verena\AppData\Local\Unity
2014-12-16 21:58 - 2011-10-14 04:20 - 00000000 ____D () C:\Program Files\Broadcom
2014-12-16 21:16 - 2014-11-02 17:03 - 00000000 ____D () C:\Users\Verena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-12-16 12:23 - 2012-12-24 08:56 - 00000454 ____H () C:\Windows\Tasks\Norton Security Scan for Verena.job
2014-12-11 16:21 - 2013-07-21 21:09 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-10 09:50 - 2012-08-27 20:13 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-10 09:50 - 2012-08-27 20:13 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-10 09:50 - 2011-10-14 04:49 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
Some content of TEMP:
====================
C:\Users\Verena\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpjcnnfs.dll
C:\Users\Verena\AppData\Local\Temp\Quarantine.exe
C:\Users\Verena\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-03-02 11:29
==================== End Of Log ============================
Plus Addition: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-01-2015
Ran by Verena at 2015-01-06 22:33:45
Running from C:\Users\Verena\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Acer Backup Manager (HKLM-x32\...\InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}) (Version: 3.0.0.99 - NTI Corporation)
Acer Crystal Eye Webcam (HKLM-x32\...\InstallShield_{A0382E3C-7384-429A-9BFA-AF5888E5A193}) (Version: 1.5.2904.00 - CyberLink Corp.)
Acer Crystal Eye Webcam (x32 Version: 1.5.2904.00 - CyberLink Corp.) Hidden
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 6.00.3008 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3504 - Acer Incorporated)
Acer Games (HKLM-x32\...\WildTangent acer Master Uninstall) (Version: 1.0.2.5 - WildTangent)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.04.3504 - Acer Incorporated)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3502 - Acer Incorporated)
Adblock IE 2.3 (HKLM\...\{58161756-037B-42CD-B575-AF804A2F0F47}) (Version: 2.3.1756 - MGTEK)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.249 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.9 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98 - WildTangent) Hidden
Ahnenblatt 2.74 (HKLM-x32\...\Ahnenblatt_is1) (Version: 2.74.0.1 - Dirk Boettcher)
ALDI Bestellsoftware 4.12.1 (HKLM-x32\...\ALDI Bestellsoftware) (Version: 4.12.1 - ORWO Net)
AnyMP4 PDF Converter Ultimate 3.1.8 (HKLM-x32\...\{9C783402-EB68-4dd3-A185-F8DF3FB91CFE}_is1) (Version: 3.1.8 - AnyMP4 Studio)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
AVM FRITZ!Box Dokumentation (HKLM-x32\...\AVMFBox) (Version: - AVM Berlin)
Backup Manager V3 (x32 Version: 3.0.0.99 - NTI Corporation) Hidden
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Broadcom NetLink Controller (HKLM\...\{C91DCB72-F5BB-410D-A91A-314F5D1B4284}) (Version: 14.8.4.1 - Broadcom Corporation)
Brother HL-3040CN (HKLM-x32\...\{B3D02AE6-DA7C-4A0F-B14F-3EE30992E5B7}) (Version: 1.00 - Brother)
capella 7 (HKLM-x32\...\{7CEB4C23-E07B-4183-9511-2FD4DC5C09B9}) (Version: 7.1.25 - capella software AG)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.05160 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.05160 - Cisco Systems, Inc.) Hidden
Citavi (HKLM-x32\...\{E12C6653-1FF0-4686-ADB8-589C13AE761F}) (Version: 3.3.0.0 - Swiss Academic Software)
Crazy Chicken Kart 2 (x32 Version: 2.2.0.97 - WildTangent) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Defraggler (HKLM\...\Defraggler) (Version: 2.16 - Piriform)
Die Sims 2 (HKLM-x32\...\{6E7DD182-9FC6-4651-0095-2E666CC6AF35}) (Version: - )
Die Sims™ 2 Apartment-Leben (HKLM-x32\...\{B6F5B704-06D3-4687-90F3-6195304AD755}) (Version: - Electronic Arts)
Die Sims™ 2 Freizeit-Spaß (HKLM-x32\...\{87F6C83D-F949-4d14-B5CB-DC8C75F8932D}) (Version: - Electronic Arts)
Die Sims™ 2 Gute Reise (HKLM-x32\...\{F248ADFA-64E0-4b03-8A83-059078BED6A0}) (Version: - Electronic Arts)
Die Sims™ 2 H&M®-Fashion-Accessoires (HKLM-x32\...\{84DDE556-43EF-43ed-B2DF-37AF9E5DDD75}) (Version: - )
Die Sims™ 2 IKEA® Home-Accessoires (HKLM-x32\...\{6E17F9751-F056-4335-B718-8AF1B1092AFB}) (Version: - Electronic Arts)
Die Sims™ 2 Küchen- und Bad-Einrichtungs-Accessoires (HKLM-x32\...\{6522C636-B04C-4333-9BEB-9E0C0B6350D6}) (Version: - Electronic Arts)
Die Sims™ 2 Party-Accessoires (HKLM-x32\...\{EAA38532-7AD0-4f78-918A-4F4F02096ECE}) (Version: - )
Die Sims™ 2 Vier Jahreszeiten (HKLM-x32\...\{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}) (Version: - )
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.7000.7 - Dolby Laboratories Inc)
Dropbox (HKU\S-1-5-21-1577607291-3742472165-1464039351-1001\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
ETDWare PS/2-X64 8.0.6.3_WHQL (HKLM\...\Elantech) (Version: 8.0.6.3 - ELAN Microelectronic Corp.)
Evernote v. 4.5.1 (HKLM-x32\...\{28921580-E4BB-11E0-9FD7-1CC1DEF07CBE}) (Version: 4.5.1.5451 - Evernote Corp.)
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
Final Drive: Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Free YouTube Download version 3.2.12.827 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.12.827 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.12.827 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.12.827 - DVDVideoSoft Ltd.)
Freemake Audio Converter Version 1.1.0 (HKLM-x32\...\Freemake Audio Converter_is1) (Version: 1.1.0 - Ellora Assets Corporation)
FreePDFReader (HKLM-x32\...\FreePDFReader) (Version: - FreePDFConverter)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotogràfica del Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.65 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3501 - Acer Incorporated)
Insaniquarium Deluxe (x32 Version: 2.2.0.97 - WildTangent) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2418 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.5.0.1026 - Intel Corporation)
Jewel Match 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Jewel Quest Solitaire (x32 Version: 2.2.0.95 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 5.1.7 - Acer Inc.)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Mathematics-Add-In (32 Bit) (HKLM-x32\...\{E2C98732-F973-4985-A9C5-DC06178E16EE}) (Version: 2.0.041222.01 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 33.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.0.3 (x86 en-US)) (Version: 33.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MuseScore 1.3 (HKLM-x32\...\MuseScore) (Version: 1.3.0 - Werner Schweer and Others)
Mystery of Mortlake Mansion (x32 Version: 2.2.0.98 - WildTangent) Hidden
MyWinLocker (Version: 4.0.14.27 - Egis Technology Inc.) Hidden
MyWinLocker 4 (x32 Version: 4.0.14.27 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.19 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 4.0.14.19 - Egis Technology Inc.) Hidden
Norton Security Scan (HKLM-x32\...\NSS) (Version: 4.0.3.27 - Symantec Corporation)
NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.9002 - NTI Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.9002 - NTI Corporation) Hidden
NVIDIA Grafiktreiber 285.64 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 285.64 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}) (Version: 9.10.0514 - NVIDIA Corporation)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
PriMus Free 1.1 (Build 10806) (HKLM-x32\...\PriMus Free_is1) (Version: 1.1.0.10806 - Columbus Soft)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Readiris Pro 10 (HKLM-x32\...\{14D08502-FEE4-40E5-90D3-8A967A1D8BA2}) (Version: - )
RealDownloader (x32 Version: 1.3.0 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.0 - RealNetworks)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6438 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
ResearchSoft Direct Export Helper (HKLM-x32\...\ResearchSoft Direct Export Helper) (Version: - )
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
RollerCoaster Tycoon 2 (HKLM-x32\...\{72DF62BD-FF36-424E-AA5F-D89BAFF2C249}) (Version: - )
RollerCoaster Tycoon 2: Time Twister (HKLM-x32\...\{BA1E1AFD-D1F2-4C52-88C3-186FC5E61604}) (Version: 1.00.000 - )
RollerCoaster Tycoon 2: Wacky Worlds (HKLM-x32\...\{B1AD83A0-DC92-41E3-B111-E9472349768C}) (Version: - )
Samsung Network PC Fax (HKLM-x32\...\Samsung Network PC Fax) (Version: 1.05.22.00 - Samsung Electronics Co., Ltd.)
Samsung Scan Assistant (HKLM-x32\...\Samsung Scan Assistant) (Version: 1.04.20.00 - Samsung Electronics Co., Ltd.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Skype™ 6.22 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.22.107 - Skype Technologies S.A.)
Slingo Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
SmarThru 4 (HKLM-x32\...\{90F1943D-EA4A-4460-B59F-30023F3BA69A}) (Version: - Samsung Electronics Co., Ltd.)
The KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: 3.4.0.59 - KMP Media co., Ltd)
Torchlight (x32 Version: 2.2.0.97 - WildTangent) Hidden
Überwachungstool für die Intel® Turbo-Boost-Technik 2.0 (HKLM\...\{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}) (Version: 2.1.23.0 - Intel)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.97 - WildTangent) Hidden
Wartung Samsung CLX-3180 Series (HKLM-x32\...\Samsung CLX-3180 Series) (Version: - Samsung Electronics Co., Ltd.)
Wedding Dash (x32 Version: 2.2.0.95 - WildTangent) Hidden
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3504 - Acer Incorporated)
WildTangent Games App (x32 Version: 4.0.10.5 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-1577607291-3742472165-1464039351-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Verena\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1577607291-3742472165-1464039351-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Verena\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1577607291-3742472165-1464039351-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Verena\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1577607291-3742472165-1464039351-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Verena\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1577607291-3742472165-1464039351-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Verena\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1577607291-3742472165-1464039351-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Verena\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1577607291-3742472165-1464039351-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Verena\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1577607291-3742472165-1464039351-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Verena\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1577607291-3742472165-1464039351-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Verena\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
==================== Restore Points =========================
30-11-2014 13:36:38 capella 7 wird installiert
02-12-2014 09:39:46 Windows Update
05-12-2014 21:11:06 Windows Update
11-12-2014 13:47:21 Windows Update
16-12-2014 12:21:42 Windows Update
16-12-2014 21:56:17 Removed Broadcom Card Reader Driver Installer.
16-12-2014 22:03:59 Removed EndNote X5
16-12-2014 22:08:45 Removed Norton Online Backup
17-12-2014 21:03:24 Revo Uninstaller's restore point - DMUninstaller
17-12-2014 21:05:48 Revo Uninstaller's restore point - Free Games 111
17-12-2014 21:07:17 Revo Uninstaller's restore point - Interenet Optimizer
17-12-2014 21:08:38 Revo Uninstaller's restore point - LizardSales
17-12-2014 21:09:56 Revo Uninstaller's restore point - Lollipop
17-12-2014 21:11:42 Revo Uninstaller's restore point - Mobogenie
17-12-2014 21:13:58 Revo Uninstaller's restore point - Pandora Service
17-12-2014 21:15:48 Revo Uninstaller's restore point - PC Performer
17-12-2014 21:16:58 Revo Uninstaller's restore point - Speed Test 127
17-12-2014 21:17:50 Revo Uninstaller's restore point - Zip Opener Packages
17-12-2014 21:29:14 Revo Uninstaller's restore point - Zip Opener Packages
18-12-2014 09:21:24 Windows Update
19-12-2014 07:47:33 Windows Update
06-01-2015 18:30:29 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2014-12-17 22:02 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {161EB941-8BBA-48DD-870A-9B6D2AA188B1} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1577607291-3742472165-1464039351-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2012-11-29] (RealNetworks, Inc.)
Task: {1FE0E0A4-4CF8-4E17-97B7-57791F7914EC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-10] (Adobe Systems Incorporated)
Task: {208FB049-E7AE-4CDA-AE45-B984248CBD94} - System32\Tasks\{CADFF3D7-DB59-4FA7-804F-68027FE700EA} => pcalua.exe -a C:\Users\Verena\AppData\Local\Temp\Temp1_rct187ge.zip\RCT-GE.exe
Task: {210C3455-F008-47B7-BCB1-B3A018FD8785} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1577607291-3742472165-1464039351-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.)
Task: {344F258C-1AC4-4A64-8DBF-3E58B265CA0B} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1577607291-3742472165-1464039351-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.)
Task: {51835281-D590-4C15-AF49-EE6BFBF621AB} - System32\Tasks\ReclaimerUpdateXML_Verena => C:\Users\Verena\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.03\agent\rnupgagent.exe [2014-12-01] (RealNetworks, Inc.)
Task: {53AD5418-3187-42DB-A06F-CCF620E65ABA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-01] (Google Inc.)
Task: {65AF588D-C2D7-4D76-BDE5-873319993184} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {67632EAA-44A4-45D0-B425-A8BE344CF7DC} - System32\Tasks\Go for FilesUpdate => C:\Program Files (x86)\GoforFiles\GFFUpdater.exe <==== ATTENTION
Task: {6D0F2D2D-0A1F-4879-BD69-37CC7369EDCC} - System32\Tasks\{65C1EE69-71E9-4DD4-927C-D14FC54A6C7D} => pcalua.exe -a "C:\Program Files (x86)\Uninstall Information\97\4450\uninstall.exe" -c /PUninstall="HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\PC Performer_is1" /reg=32 /cid=97
Task: {8C5214E5-AD61-413E-8A77-F11883972A74} - System32\Tasks\RNUpgradeHelperLogonPrompt_Verena => C:\Users\Verena\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.03\agent\rnupgagent.exe [2014-12-01] (RealNetworks, Inc.)
Task: {9C65D4C5-0CC5-4EA3-B2FF-78DA6BA41AD1} - System32\Tasks\RNUpgradeHelperResumePrompt_Verena => C:\Users\Verena\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.03\agent\rnupgagent.exe [2014-12-01] (RealNetworks, Inc.)
Task: {AC221520-C8D2-41AD-9F61-469B48B82B52} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1577607291-3742472165-1464039351-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2012-11-29] (RealNetworks, Inc.)
Task: {C6AF9F15-C0AF-48C1-A9C6-541EA44F55D8} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1577607291-3742472165-1464039351-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.)
Task: {CF370D8A-BD60-473E-82B0-591DE48C37DA} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1577607291-3742472165-1464039351-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2012-11-29] (RealNetworks, Inc.)
Task: {D328BEC2-3BF2-494D-9EAB-0B75B61DB1AD} - System32\Tasks\ReclaimerUpdateFiles_Verena => C:\Users\Verena\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.03\agent\rnupgagent.exe [2014-12-01] (RealNetworks, Inc.)
Task: {DDA3F5E2-A250-4830-9725-21E97CD2E795} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1577607291-3742472165-1464039351-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.)
Task: {FC7EEAFB-A9FE-4758-840C-E0D0CE0EBA6D} - System32\Tasks\Norton Security Scan for Verena => C:\Program Files (x86)\Norton Security Scan\Engine\4.0.3.27\Nss.exe [2013-10-11] (Symantec Corporation)
Task: {FC99122A-3C3C-4CFA-9073-13A897D83B54} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-01] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Norton Security Scan for Verena.job => C:\PROGRA~2\NORTON~2\Engine\403~1.27\Nss.exe
Task: C:\Windows\Tasks\ReclaimerUpdateFiles_Verena.job => C:\Users\Verena\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.03\agent\rnupgagent.exe
Task: C:\Windows\Tasks\ReclaimerUpdateXML_Verena.job => C:\Users\Verena\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.03\agent\rnupgagent.exe
Task: C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Verena.job => C:\Users\Verena\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.03\agent\rnupgagent.exe
==================== Loaded Modules (whitelisted) =============
2012-04-15 11:31 - 2011-06-22 08:14 - 00034304 _____ () C:\Windows\System32\sst2cl6.dll
2011-10-14 04:57 - 2011-06-10 18:36 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-04-15 11:30 - 2011-07-06 13:17 - 00688128 _____ () C:\Windows\Samsung\PanelMgr\SSMMgr.exe
2012-04-15 11:32 - 2011-04-29 08:58 - 01990144 _____ () C:\Windows\twain_32\Samsung\CLX3180\Scan2Pc.exe
2012-04-15 11:30 - 2009-09-29 10:47 - 00306688 _____ () C:\Windows\Samsung\PanelMgr\caller64.exe
2012-11-29 20:31 - 2012-11-29 20:31 - 00038608 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2009-01-21 16:45 - 2009-01-21 16:45 - 01401856 _____ () C:\Program Files (x86)\EgisTec MyWinLocker\x64\LIBEAY32.dll
2014-03-12 21:53 - 2014-03-12 21:53 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00750080 _____ () C:\Users\Verena\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2014-12-18 22:22 - 2014-12-18 22:22 - 00043008 _____ () c:\users\verena\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpjcnnfs.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00047616 _____ () C:\Users\Verena\AppData\Roaming\Dropbox\bin\libEGL.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00863744 _____ () C:\Users\Verena\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00200704 _____ () C:\Users\Verena\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2011-04-24 02:29 - 2011-04-24 02:29 - 00465640 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
2012-04-15 11:32 - 2009-10-31 14:42 - 01384520 _____ () C:\Windows\twain_32\Samsung\CLX3180\ssole.dll
2011-04-24 02:29 - 2011-04-24 02:29 - 01081664 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\ACE.dll
2011-04-24 02:29 - 2011-04-24 02:29 - 00125760 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\MailConverter32.dll
2014-10-17 07:54 - 2014-10-17 07:54 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\c152a64e30c5b94894d75ac86aa7aad2\IsdiInterop.ni.dll
2011-10-14 04:15 - 2011-04-30 08:28 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: TkBellExe => "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
========================= Accounts: ==========================
Administrator (S-1-5-21-1577607291-3742472165-1464039351-500 - Administrator - Disabled)
Gast (S-1-5-21-1577607291-3742472165-1464039351-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1577607291-3742472165-1464039351-1005 - Limited - Enabled)
UpdatusUser (S-1-5-21-1577607291-3742472165-1464039351-1000 - Limited - Enabled) => C:\Users\UpdatusUser
Verena (S-1-5-21-1577607291-3742472165-1464039351-1001 - Administrator - Enabled) => C:\Users\Verena
==================== Faulty Device Manager Devices =============
Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (01/06/2015 10:19:12 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (01/06/2015 10:15:25 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (01/06/2015 07:42:47 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (01/06/2015 07:26:22 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (01/06/2015 07:26:21 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
System errors:
=============
Error: (01/06/2015 06:17:21 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "MBAMService" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (01/06/2015 06:16:50 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst MBAMScheduler erreicht.
Error: (01/06/2015 05:45:36 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst MBAMScheduler erreicht.
Error: (01/06/2015 05:42:10 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst MBAMScheduler erreicht.
Error: (01/06/2015 05:41:38 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
Error: (12/19/2014 07:47:21 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
Microsoft Office Sessions:
=========================
Error: (01/06/2015 10:19:12 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe
Error: (01/06/2015 10:15:25 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Verena\Desktop\esetsmartinstaller_deu.exe
Error: (01/06/2015 07:42:47 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Verena\Desktop\esetsmartinstaller_deu.exe
Error: (01/06/2015 07:26:22 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Verena\Desktop\esetsmartinstaller_deu.exe
Error: (01/06/2015 07:26:21 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Verena\Desktop\esetsmartinstaller_deu.exe
CodeIntegrity Errors:
===================================
Date: 2014-12-17 21:51:40.974
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-12-17 21:51:40.787
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz
Percentage of memory in use: 37%
Total physical RAM: 8043.86 MB
Available physical RAM: 5061.59 MB
Total Pagefile: 16085.9 MB
Available Pagefile: 13013.8 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB
==================== Drives ================================
Drive c: (Acer) (Fixed) (Total:578.07 GB) (Free:426.21 GB) NTFS
Drive e: () (Removable) (Total:3.73 GB) (Free:3.73 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: 17332B7C)
Partition 1: (Not Active) - (Size=18 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=578.1 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 3.7 GB) (Disk ID: 60845BED)
Partition 1: (Not Active) - (Size=3.7 GB) - (Type=0B)
==================== End Of Log ============================
1. Ich kann keine E-Mail-Anhänge mehr öffnen (weder einzelne PDF-Dateien noch zip-Ordner) 2. Als ich die Programme von filepony.de heruntergeladen habe, musste ich die Namen immer manuell ändern, da sie mit _exe anstelle von .exe gespeichert wurden. Vielen Dank und viele Grüße Verena |
|
06.01.2015, 23:01
| #12 |
| | Deinstallation von PC Performer Kurzer Nachtrag: Andere PDF-Dateien, die sich auf meinem PC befinden, kann ich öffnen, nur nicht, wenn ich sie als Anhang herunterladen möchte. Geändert von .Verena. (06.01.2015 um 23:09 Uhr) |
|
07.01.2015, 09:16
| #13 |
| /// the machine /// TB-Ausbilder | Deinstallation von PC Performer Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter C:\ProgramData\meiloodpcmaeadffghmjokemifmbeaba
HKU\S-1-5-21-1577607291-3742472165-1464039351-1000\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-1577607291-3742472165-1464039351-1001\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_15_0_0_246_ActiveX.exe [855216 2014-12-10] (Adobe Systems Incorporated)
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1577607291-3742472165-1464039351-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
S3 b57xdbd; system32\DRIVERS\b57xdbd.sys [X]
S3 b57xdmp; system32\DRIVERS\b57xdmp.sys [X]
S3 bScsiMSa; system32\DRIVERS\bScsiMSa.sys [X]
S3 bScsiSDa; system32\DRIVERS\bScsiSDa.sys [X]
S1 rhqeqdug; \??\C:\Windows\system32\drivers\rhqeqdug.sys [X]
Task: {67632EAA-44A4-45D0-B425-A8BE344CF7DC} - System32\Tasks\Go for FilesUpdate => C:\Program Files (x86)\GoforFiles\GFFUpdater.exe <==== ATTENTION
C:\Program Files (x86)\GoforFiles
Emptytemp:
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Email Anhänge im Email Client und Webclient?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
07.01.2015, 17:50
| #14 |
| | Deinstallation von PC Performer Hallo, hier das Fixlog: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-01-2015
Ran by Verena at 2015-01-07 17:33:43 Run:1
Running from C:\Users\Verena\Desktop
Loaded Profiles: UpdatusUser & Verena (Available profiles: UpdatusUser & Verena)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
C:\ProgramData\meiloodpcmaeadffghmjokemifmbeaba
HKU\S-1-5-21-1577607291-3742472165-1464039351-1000\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-1577607291-3742472165-1464039351-1001\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_15_0_0_246_ActiveX.exe [855216 2014-12-10] (Adobe Systems Incorporated)
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1577607291-3742472165-1464039351-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
S3 b57xdbd; system32\DRIVERS\b57xdbd.sys [X]
S3 b57xdmp; system32\DRIVERS\b57xdmp.sys [X]
S3 bScsiMSa; system32\DRIVERS\bScsiMSa.sys [X]
S3 bScsiSDa; system32\DRIVERS\bScsiSDa.sys [X]
S1 rhqeqdug; \??\C:\Windows\system32\drivers\rhqeqdug.sys [X]
Task: {67632EAA-44A4-45D0-B425-A8BE344CF7DC} - System32\Tasks\Go for FilesUpdate => C:\Program Files (x86)\GoforFiles\GFFUpdater.exe <==== ATTENTION
C:\Program Files (x86)\GoforFiles
Emptytemp:
*****************
C:\ProgramData\meiloodpcmaeadffghmjokemifmbeaba => Moved successfully.
HKU\S-1-5-21-1577607291-3742472165-1464039351-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\IsMyWinLockerReboot => value deleted successfully.
HKU\S-1-5-21-1577607291-3742472165-1464039351-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\FlashPlayerUpdate => Value not found.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\IsMyWinLockerReboot => value deleted successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKU\S-1-5-21-1577607291-3742472165-1464039351-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
b57xdbd => Service deleted successfully.
b57xdmp => Service deleted successfully.
bScsiMSa => Service deleted successfully.
bScsiSDa => Service deleted successfully.
rhqeqdug => Service deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{67632EAA-44A4-45D0-B425-A8BE344CF7DC}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{67632EAA-44A4-45D0-B425-A8BE344CF7DC}" => Key deleted successfully.
C:\Windows\System32\Tasks\Go for FilesUpdate => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Go for FilesUpdate" => Key deleted successfully.
"C:\Program Files (x86)\GoforFiles" => File/Directory not found.
EmptyTemp: => Removed 189.5 MB temporary data.
The system needed a reboot.
==== End of Fixlog 17:33:56 ====
Viele Grüße und besten Dank Verena |
|
07.01.2015, 18:23
| #15 |
| /// the machine /// TB-Ausbilder | Deinstallation von PC Performer Also liegt es an der Uni Sonst noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
dann auf 
und dann auf 
. 
WARNUNG an die MITLESER: 
Linear-Darstellung
