Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: USB Dateien als Verknüpfung angezeigt

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 31.12.2014, 11:41   #1
mewmew
 
USB Dateien als Verknüpfung angezeigt - Standard

USB Dateien als Verknüpfung angezeigt



Hallo,

ich bin neu in diesem Forum und kenne mich nicht gut mit Computern aus.
Als zu meinem Problem: ich habe seit einiger Zeit auf meine USB Dateien keinen Zugriff.
Zunächst sind die Dateien Verknüpfungen und lnk gewesen.

Ich habe versucht eigenständig gegen dieses Problem vorzugehen, also habe ich Microsoft Security Essentials heruntergeladen und installiert, weil ich gelesen habe es hat jemand bei demselben Problem geholfen.

Jetzt sehe ich wenn ich meinen Stick mit dem Computer verbinde, die Automatische Wiedergabe
des Wechseldatenträgers, dann wenn ich auf "Dateien öffnen" klicke wird mir im Wechsedatenträger DATA (D) - Verknüpfung angezeigt und eine meiner PDF Dateien.
Wenn ich auf DATA (D) Verknüpfung klicke, kommt die Meldung dass ich einen Wechseldatenträger einlegen soll.

Ich hoffe jemand kann mir weiterhelfen.

Alt 31.12.2014, 12:32   #2
schrauber
/// the machine
/// TB-Ausbilder
 

USB Dateien als Verknüpfung angezeigt - Standard

USB Dateien als Verknüpfung angezeigt



hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 31.12.2014, 16:25   #3
mewmew
 
USB Dateien als Verknüpfung angezeigt - Standard

USB Dateien als Verknüpfung angezeigt



Hier die Logs im Anhang.
FRST.txt

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-12-2014
Ran by azita21 (administrator) on MMM-PC on 31-12-2014 11:27:34
Running from C:\Users\azita21.mmm-PC\Downloads
Loaded Profile: azita21 (Available profiles: azita & azita21 & mmm)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 7 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(McAfee, Inc.) C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
(McAfee, Inc.) C:\Program Files\McAfee\VirusScan\Mcshield.exe
(McAfee, Inc.) C:\Program Files\McAfee\MPF\MpfSrv.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSK\msksrver.exe
(Sony Corporation) C:\Program Files\sony\Network Utility\NSUService.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(ArcSoft, Inc.) C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
(Sony Corporation) C:\Program Files\sony\VAIO Event Service\VESMgr.exe
(Sony Corporation) C:\Program Files\sony\VAIO Power Management\SPMService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Sony Corporation) C:\Program Files\sony\VAIO Event Service\VESMgrSub.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\mcmscsvc.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
(McAfee, Inc.) C:\Program Files\McAfee\VirusScan\mcsysmon.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
(McAfee, Inc.) C:\Program Files\McAfee.com\Agent\mcagent.exe
(Sony Corporation) C:\Program Files\sony\VAIO Power Management\SPMgr.exe
(Sony Corporation) C:\Program Files\sony\VAIO Update 5\VAIOUpdt.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apoint.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jusched.exe
(Sony Corporation) C:\Program Files\sony\ISB Utility\ISBMgr.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApMsgFwd.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Sony Corporation) C:\Program Files\sony\Marketing Tools\MarketingTools.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Sony Corporation) C:\Program Files\sony\Network Utility\LANUtil.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApntEx.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(ALPS) C:\Program Files\Apoint\Apvfb.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(McAfee, Inc.) C:\Program Files\McAfee\SiteAdvisor\McChHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(McAfee, Inc.) C:\Program Files\McAfee\SiteAdvisor\saUI.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [6703648 2009-01-06] (Realtek Semiconductor)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint\Apoint.exe [155648 2009-04-13] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [35184 2008-12-03] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Java\jre6\bin\jusched.exe [136600 2009-05-15] (Sun Microsystems, Inc.)
HKLM\...\Run: [ISBMgr.exe] => C:\Program Files\Sony\ISB Utility\ISBMgr.exe [317288 2008-12-18] (Sony Corporation)
HKLM\...\Run: [StartCCC] => c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2009-02-10] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [McENUI] => C:\Program Files\McAfee\MHN\McENUI.exe [1176808 2008-09-12] (McAfee, Inc.)
HKLM\...\Run: [MarketingTools] => C:\Program Files\Sony\Marketing Tools\MarketingTools.exe [26624 2014-06-19] (Sony Corporation)
HKLM\...\Run: [mcagent_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [645328 2008-12-16] (McAfee, Inc.)
HKLM\...\Run: [fst_de_88] => [X]
HKLM\...\Run: [fst_de_147] => "C:\Program Files\fst_de_147\fst_de_147.exe"
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-04] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [124208 2014-10-22] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [974432 2014-08-22] (Microsoft Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
Winlogon\Notify\VESWinlogon: C:\Windows\system32\VESWinlogon.dll (Sony Corporation)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-3996859763-3761385545-3165565353-1001\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-3996859763-3761385545-3165565353-1001\...\Run: [NSUFloatingUI] => C:\Program Files\Sony\Network Utility\LANUtil.exe [274432 2008-12-21] (Sony Corporation)
HKU\S-1-5-21-3996859763-3761385545-3165565353-1001\...\Run: [GoogleChromeAutoLaunch_058E7E9EBC9AFAD151F8EE0ED50FBC3A] => C:\Program Files\Google\Chrome\Application\chrome.exe [860488 2014-06-05] (Google Inc.)
HKU\S-1-5-21-3996859763-3761385545-3165565353-1001\...\Run: [genesis_08201850] => /r
HKU\S-1-5-21-3996859763-3761385545-3165565353-1001\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-3996859763-3761385545-3165565353-1001\...\MountPoints2: {c91dfc59-fab0-11e3-8b73-002433e7a6f5} - H:\HTC_Sync_Manager_PC.exe
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\azita\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vggopxip.lnk
ShortcutTarget: vggopxip.lnk -> C:\Users\azita21.mmm-PC\AppData\Local\vggopxip.exe (No File)
Startup: C:\Users\azita21.mmm-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files\MyPC Backup\MyPC Backup.exe (No File)
Startup: C:\Users\azita21.mmm-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\azita21.mmm-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files\MyPC Backup\MyPC Backup.exe (No File)
Startup: C:\Users\azita21.mmm-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SNYT
SearchScopes: HKLM -> {EA6E82DD-9489-4B32-8E7B-5A97F7EF3395} URL = hxxp://www.google.de/search?hl=de&q={searchTerms}&meta=
SearchScopes: HKU\S-1-5-21-3996859763-3761385545-3165565353-1001 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SNYT
SearchScopes: HKU\S-1-5-21-3996859763-3761385545-3165565353-1001 -> {EA6E82DD-9489-4B32-8E7B-5A97F7EF3395} URL = hxxp://www.google.de/search?hl=de&q={searchTerms}&meta=
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> C:\Program Files\McAfee\MSK\MskAPBho.dll ()
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
BHO: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-06-20]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files\McAfee\SiteAdvisor [2014-06-19]

Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\azita21.mmm-PC\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\azita21.mmm-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-21]
CHR Extension: (Google Drive) - C:\Users\azita21.mmm-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-21]
CHR Extension: (YouTube) - C:\Users\azita21.mmm-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-21]
CHR Extension: (Google-Suche) - C:\Users\azita21.mmm-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-21]
CHR Extension: (SiteAdvisor) - C:\Users\azita21.mmm-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2014-07-21]
CHR Extension: (Avira Browserschutz) - C:\Users\azita21.mmm-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-08-28]
CHR Extension: (Google Mail) - C:\Users\azita21.mmm-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-21]
CHR Extension: (Extutil) - C:\Users\AZITA2~1.MMM\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B [2014-08-20]
CHR Extension: (Managera) - C:\Users\AZITA2~1.MMM\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42 [2014-08-20]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - No Path
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [109056 2008-08-01] (ArcSoft Inc.)
S3 Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2014-07-01] (Adobe Systems) [File not signed]
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [431920 2014-12-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-04] (Avira Operations GmbH & Co. KG)
S2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [164656 2014-10-22] (Avira Operations GmbH & Co. KG)
R2 EvtEng; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [860160 2008-08-20] (Intel(R) Corporation) [File not signed]
R2 McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [131136 2014-12-03] (McAfee, Inc.)
R2 mcmscsvc; C:\Program Files\McAfee\MSC\mcmscsvc.exe [797864 2008-12-16] (McAfee, Inc.)
R2 McNASvc; c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe [2482848 2008-10-24] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [365072 2008-12-13] (McAfee, Inc.)
R2 McProxy; c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe [359952 2008-10-23] (McAfee, Inc.)
R2 McShield; C:\Program Files\McAfee\VirusScan\Mcshield.exe [144704 2008-12-19] (McAfee, Inc.)
R3 McSysmon; C:\Program Files\McAfee\VirusScan\mcsysmon.exe [606736 2008-12-16] (McAfee, Inc.)
R2 MpfService; C:\Program Files\McAfee\MPF\MPFSrv.exe [884360 2008-12-05] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\McAfee\MSK\MskSrver.exe [26640 2008-11-25] (McAfee, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation)
R2 NSUService; C:\Program Files\sony\Network Utility\NSUService.exe [303104 2008-12-21] (Sony Corporation) [File not signed]
S3 PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [114688 2009-01-07] (Sony Corporation) [File not signed]
R2 RegSrvc; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [466944 2008-08-20] (Intel(R) Corporation) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService.exe [109088 2009-01-06] (Realtek Semiconductor)
S3 SOHDBSvr; C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [70952 2009-02-05] (Sony Corporation)
S3 SOHPlMgr; C:\Program Files\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [91432 2009-02-05] (Sony Corporation)
R2 uCamMonitor; C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.)
S3 VAIO Entertainment TV Device Arbitration Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe [69632 2009-01-21] (Sony Corporation) [File not signed]
R2 VAIO Event Service; C:\Program Files\sony\VAIO Event Service\VESMgr.exe [203624 2009-01-19] (Sony Corporation)
R2 VAIO Power Management; C:\Program Files\Sony\VAIO Power Management\SPMService.exe [415592 2008-12-19] (Sony Corporation)
S3 VcmIAlzMgr; C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [394536 2009-01-19] (Sony Corporation)
R3 Vcsw; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe [313264 2009-01-21] (Sony Corporation)
S3 VUAgent; C:\Program Files\sony\VAIO Update 5\VUAgent.exe [722288 2010-04-09] (Sony Corporation)
R2 VzCdbSvc; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe [192512 2009-01-21] (Sony Corporation) [File not signed]
R2 yksvc; C:\Windows\System32\ykx32mpcoinst.dll [282624 2009-02-10] (Marvell)
S2 3f17c95f; "C:\Windows\system32\rundll32.exe" "c:\progra~1\so_boo~1\AssistantSvc.dll",service
S2 gupdate; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [17920 2008-04-24] (ArcSoft, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98160 2014-10-07] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-10-07] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2014-08-15] (Avira Operations GmbH & Co. KG)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [79304 2008-12-19] (McAfee, Inc.)
R3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [35272 2008-12-19] (McAfee, Inc.)
R1 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [213640 2008-12-19] (McAfee, Inc.)
S3 mferkdk; C:\Windows\System32\drivers\mferkdk.sys [34216 2008-12-19] (McAfee, Inc.)
R3 mfesmfk; C:\Windows\System32\drivers\mfesmfk.sys [40552 2008-12-19] (McAfee, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation)
R1 MPFP; C:\Windows\System32\Drivers\Mpfp.sys [130424 2008-10-23] (McAfee, Inc.)
R1 MpKslb3ecba18; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{51D1D6C5-3ECC-4D51-BCC8-2AA5AA080117}\MpKslb3ecba18.sys [39464 2014-12-31] (Microsoft Corporation)
R3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtHDMIV.sys [155808 2009-02-23] (Realtek Semiconductor Corp.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2014-08-15] (Avira GmbH)
S3 igfx; system32\DRIVERS\igdkmd32.sys [X]
S3 IntcHdmiAddService; system32\drivers\IntcHdmi.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S4 UIUSys; system32\DRIVERS\UIUSYS.SYS [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-31 11:27 - 2014-12-31 11:28 - 00024174 _____ () C:\Users\azita21.mmm-PC\Downloads\FRST.txt
2014-12-31 11:26 - 2014-12-31 11:27 - 00000000 ____D () C:\FRST
2014-12-31 11:25 - 2014-12-31 11:26 - 01114624 _____ (Farbar) C:\Users\azita21.mmm-PC\Downloads\FRST.exe
2014-12-31 11:02 - 2014-10-30 12:24 - 00229000 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-12-30 23:50 - 2014-12-30 23:50 - 00002154 _____ () C:\Windows\epplauncher.mif
2014-12-30 23:49 - 2014-12-30 23:49 - 00001826 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-12-30 23:47 - 2014-12-30 23:49 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-12-30 23:38 - 2014-12-30 23:39 - 11473216 _____ (Microsoft Corporation) C:\Users\azita21.mmm-PC\Downloads\MSEInstall (1).exe
2014-12-30 23:38 - 2014-12-30 23:38 - 14107296 _____ (Microsoft Corporation) C:\Users\azita21.mmm-PC\Downloads\MSEInstall.exe
2014-12-30 21:17 - 2014-12-30 21:20 - 13947406 _____ () C:\Users\azita21.mmm-PC\Downloads\Install_FD10DXZ_Trial.zip
2014-12-23 00:50 - 2014-12-23 00:51 - 00088641 _____ () C:\Users\azita21.mmm-PC\Downloads\hamburg_alstertanne_weihnacht_tanne_alster_jungfernstieg_michel_3666386309_600x450xcr.jpeg
2014-12-16 01:36 - 2014-12-16 01:36 - 05948992 _____ () C:\Users\azita21.mmm-PC\Downloads\Fragile lyrics - Tech N9ne (Kendall Morgan, Kendrick Lamar & ¡Mayday!).mp4
2014-12-15 21:55 - 2014-12-15 22:03 - 167650716 _____ () C:\Users\azita21.mmm-PC\Downloads\In Fashion- Sir Paul Smith interview.mp4
2014-12-12 02:26 - 2014-12-12 02:28 - 152333158 _____ () C:\Users\azita21.mmm-PC\Downloads\Sensational S'more Cones!! - Camp Food Pt.2.mp4
2014-12-12 02:25 - 2014-12-12 02:28 - 190470924 _____ () C:\Users\azita21.mmm-PC\Downloads\Boys Gone Wild - Camp Food Pt.1.mp4

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-31 11:21 - 2014-06-20 00:16 - 00001112 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-31 11:13 - 2014-07-07 00:54 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-31 11:07 - 2014-06-19 23:16 - 01694728 _____ () C:\Windows\WindowsUpdate.log
2014-12-31 00:23 - 2014-08-21 23:00 - 00000000 ____D () C:\Users\azita21.mmm-PC\Desktop\tomo
2014-12-31 00:12 - 2014-07-02 22:28 - 00000480 ____H () C:\Windows\Tasks\SO_Booster-S-126785670.job
2014-12-31 00:12 - 2014-06-26 00:30 - 00000464 ____H () C:\Windows\Tasks\SO_Booster-S-4675958519.job
2014-12-31 00:12 - 2014-06-20 00:16 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-31 00:09 - 2014-06-19 23:35 - 00031985 _____ () C:\Windows\system32\Config.MPF
2014-12-31 00:05 - 2014-06-19 23:30 - 00000000 ____D () C:\Program Files\McAfee
2014-12-31 00:05 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-31 00:05 - 2006-11-02 13:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-31 00:05 - 2006-11-02 13:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-31 00:04 - 2008-01-21 03:47 - 00588150 _____ () C:\Windows\PFRO.log
2014-12-31 00:02 - 2009-05-15 09:57 - 00000012 _____ () C:\Windows\bthservsdp.dat
2014-12-31 00:02 - 2006-11-02 14:01 - 00025016 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-12-30 20:57 - 2008-01-21 08:16 - 01565124 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-23 00:51 - 2014-09-03 00:58 - 155762616 _____ () C:\Users\azita21.mmm-PC\Downloads\How to Talk to Your Crush.mp4
2014-12-16 02:22 - 2006-11-02 13:52 - 00107520 _____ () C:\Windows\setupact.log
2014-12-15 01:00 - 2014-06-19 23:31 - 00000372 _____ () C:\Windows\Tasks\McDefragTask.job
2014-12-12 11:33 - 2014-06-19 23:37 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-11 01:13 - 2014-07-07 00:54 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-12-11 01:13 - 2014-07-07 00:54 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-12-06 18:36 - 2014-09-16 00:39 - 180013387 _____ () C:\Users\azita21.mmm-PC\Downloads\The What If- Game Ft. Daniel Radcliffe (1).mp4
2014-12-06 18:35 - 2014-09-16 00:43 - 46816571 _____ () C:\Users\azita21.mmm-PC\Downloads\Epic Rap Battle- Nerd vs. Geek (1).mp4
2014-12-06 18:35 - 2014-09-16 00:42 - 103218786 _____ () C:\Users\azita21.mmm-PC\Downloads\Daniel Radcliffe Talks About The Friend Zone.mp4

Some content of TEMP:
====================
C:\Users\azita\AppData\Local\Temp\avgnt.exe
C:\Users\azita\AppData\Local\Temp\BackupSetup.exe
C:\Users\azita\AppData\Local\Temp\Quarantine.exe
C:\Users\azita\AppData\Local\Temp\vcredist_x86.exe
C:\Users\azita21.mmm-PC\AppData\Local\Temp\avgnt.exe
C:\Users\azita21.mmm-PC\AppData\Local\Temp\BackupSetup.exe
C:\Users\azita21.mmm-PC\AppData\Local\Temp\cloud_backup_setup.exe
C:\Users\azita21.mmm-PC\AppData\Local\Temp\dlLogic.exe
C:\Users\azita21.mmm-PC\AppData\Local\Temp\dltr.exe
C:\Users\azita21.mmm-PC\AppData\Local\Temp\GCVerifier.dll
C:\Users\azita21.mmm-PC\AppData\Local\Temp\lly_istart123.exe
C:\Users\azita21.mmm-PC\AppData\Local\Temp\newvideoplayersetup.exe
C:\Users\azita21.mmm-PC\AppData\Local\Temp\nsj547E.exe
C:\Users\azita21.mmm-PC\AppData\Local\Temp\nsoB4A3.exe
C:\Users\azita21.mmm-PC\AppData\Local\Temp\nsu461C.exe
C:\Users\azita21.mmm-PC\AppData\Local\Temp\nszABBD.exe
C:\Users\azita21.mmm-PC\AppData\Local\Temp\post2.dll
C:\Users\azita21.mmm-PC\AppData\Local\Temp\post2.exe
C:\Users\azita21.mmm-PC\AppData\Local\Temp\Quarantine.exe
C:\Users\azita21.mmm-PC\AppData\Local\Temp\speedupmypc.exe
C:\Users\azita21.mmm-PC\AppData\Local\Temp\verifier.exe
C:\Users\azita21.mmm-PC\AppData\Local\Temp\vopackage.exe
C:\Users\mmm.mmm-PC\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-31 00:20

==================== End Of Log ============================
         
--- --- ---


Addition.txt
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 28-12-2014
Ran by azita21 at 2014-12-31 11:29:07
Running from C:\Users\azita21.mmm-PC\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: McAfee VirusScan (Disabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AV: McAfee VirusScan (Enabled - Out of date) {86355677-4064-3EA7-ABB3-1B136EB04637}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: McAfee VirusScan (Disabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee VirusScan (Enabled - Up to date) {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Personal Firewall (Enabled) {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
FW: McAfee Personal Firewall (Disabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Illustrator CS2 (HKLM\...\Adobe Illustrator CS2) (Version: 12.000.000 - Adobe Systems Inc.)
Adobe Reader 9.0.1 - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-A90100000001}) (Version: 9.0.1 - Adobe Systems Incorporated)
Adobe SVG Viewer 3.0 (HKLM\...\Adobe SVG Viewer) (Version:  3.0 - Adobe Systems, Inc.)
Alps Pointing-device for VAIO (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version:  - ALPS ELECTRIC CO., LTD.)
Apple Application Support (HKLM\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{235EBB33-3DA1-46DF-AADE-9955123409CB}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft Magic-i Visual Effects 2 (HKLM\...\{7BB90344-0647-468E-925A-7F69F7983421}) (Version: 2.0.1.39 - ArcSoft)
ArcSoft WebCam Companion 2 (HKLM\...\{9973498D-EA29-4A68-BE0B-C88D6E03E928}) (Version:  - ArcSoft)
ATI Catalyst Install Manager (HKLM\...\{C144CB60-EE5D-B625-C672-176AC5B488D2}) (Version: 3.0.710.0 - ATI Technologies, Inc.)
Avira (HKLM\...\{9480d4af-12b9-4e56-8034-4031ef6ab39d}) (Version: 1.1.25.25607 - Avira Operations GmbH & Co. KG)
Avira (Version: 1.1.25.25607 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
ccc-core-static (Version: 2009.0210.2216.39965 - Ihr Firmenname) Hidden
Choice Guard (Version: 1.2.87.0 - Microsoft Corporation) Hidden
Click to Disc (HKLM\...\{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}) (Version: 1.2.60.13210 - Sony Corporation)
Click to Disc (Version: 1.2.60.13210 - Sony Corporation) Hidden
Click to Disc Editor (HKLM\...\InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}) (Version: 2.0.00 - Sony Corporation)
Click to Disc Editor (Version: 2.0.00 - Sony Corporation) Hidden
Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Genesis (HKU\S-1-5-21-3996859763-3761385545-3165565353-1001\...\genesis_08201850) (Version:  - ) <==== ATTENTION
Google Chrome (HKLM\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
HDAUDIO SoftV92 Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200) (Version:  - )
Intel(R) PROSet/Wireless WiFi-Software (HKLM\...\{52A7C6A6-6B88-47D1-922E-9F8A7E089E6A}) (Version: 12.01.1000 - Intel(R) Corporation)
istart123 uninstall (HKLM\...\istart123 uninstall) (Version:  - istart123) <==== ATTENTION
iTunes (HKLM\...\{5D928931-D1D2-4A93-A82D-BF60D0E7CFA5}) (Version: 12.0.1.26 - Apple Inc.)
Java(TM) 6 Update 11 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216011FF}) (Version: 6.0.110 - Sun Microsystems, Inc.)
McAfee SecurityCenter (HKLM\...\MSC) (Version:  - McAfee, Inc.)
McAfee SiteAdvisor (HKLM\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.156 - McAfee, Inc.)
Me&My VAIO (HKLM\...\{76D7CCD6-8369-405C-B494-5F34FAE67249}) (Version: 1.2.0.14020 - Sony Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (German) (HKLM\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM\...\{62F7DA7E-CCCB-439C-A760-00C3926E761F}) (Version: 9.7.0621 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Music Transfer (HKLM\...\{CE2121C6-C94D-4A73-8EA4-6943F33EE335}) (Version: 1.3.01.13160 - Sony Corporation)
Norton Online Backup aktivieren (HKLM\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 1.0.2046 - Symantec)
OpenMG Secure Module 5.3.00 (HKLM\...\InstallShield_{DEF97A70-C67D-41E1-837C-6462C97A6F65}) (Version: 5.3.00.13080 - Sony Corporation)
OpenMG Secure Module 5.3.00 (Version: 5.3.00.13080 - Sony Corporation) Hidden
Primo (Version: 1.00.0000 - Your Company Name) Hidden
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5759 - Realtek Semiconductor Corp.)
Roxio Easy Media Creator 10 LJ (HKLM\...\{537BF16E-7412-448C-95D8-846E85A1D817}) (Version: 10.1 - Roxio)
Runtime (Version: 1.00.0000 - Your Company Name) Hidden
Setting Utility Series (HKLM\...\{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}) (Version: 4.3.0.14120 - Sony Corporation)
Skins (Version: 2009.0210.2216.39965 - ATI) Hidden
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Software Info for Me&My VAIO (HKLM\...\{69C8B1E3-2665-4A0F-B049-67746E5C4CE3}) (Version: 1.0.0.14020 - Sony Corporation)
Sony Home Network Library (HKLM\...\{D03D02D8-AB64-4785-A48E-5AA8B0FB8C14}) (Version: 1.4.0.14050 - Sony Corporation)
Sony Home Network Library (Version: 1.4.0.14050 - Sony Corporation) Hidden
Sony Picture Utility (HKLM\...\{D5068583-D569-468B-9755-5FBF5848F46F}) (Version: 4.2.12.14260 - Sony Corporation)
Sony Video Shared Library (HKLM\...\{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}) (Version: 3.5.00 - Sony Corporation)
Splashtop (HKLM\...\splashtop) (Version: 1.0.7.2 - DeviceVM, Inc.)
Splashtop (Version: 1.0.7.2 - DeviceVM, Inc.) Hidden
Unterstützung für VAIO-Präsentation (HKLM\...\{2018C019-30D9-4240-8C01-0865C10DCF5A}) (Version: 1.2.0.12240 - Sony Corporation)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
VAIO Content Folder Setting (HKLM\...\{23825B69-36DF-4DAD-9CFD-118D11D80F16}) (Version: 2.3.0.12220 - Sony Corporation)
VAIO Content Folder Watcher (HKLM\...\{327B75F0-92AF-420A-988F-FA596A218E0B}) (Version: 1.1.0.13140 - Sony Corporation)
VAIO Content Folder Watcher (Version: 1.1.0.13140 - Sony Corporation) Hidden
VAIO Content Metadata Intelligent Analyzing Manager (HKLM\...\{BFD85D24-D4F3-4CCC-B518-D7C4FC29C76D}) (Version: 3.4.0.13192 - Sony Corporation)
VAIO Content Metadata Intelligent Analyzing Manager (Version: 3.4.0.13192 - Sony Corporation) Hidden
VAIO Content Metadata Manager Setting (HKLM\...\{EADE97A7-E7AA-43FD-A042-92A68E0187A6}) (Version: 3.4.0.13160 - Sony Corporation)
VAIO Content Metadata Manager Setting (Version: 3.4.0.13160 - Sony Corporation) Hidden
VAIO Content Metadata XML Interface Library (HKLM\...\{E3453B1B-C91B-4C48-B046-8DF635DD46F2}) (Version: 3.4.0.13160 - Sony Corporation)
VAIO Content Metadata XML Interface Library (Version: 3.4.0.13160 - Sony Corporation) Hidden
VAIO Control Center (HKLM\...\{72042FA6-5609-489F-A8EA-3C2DD650F667}) (Version: 3.3.0.12240 - Sony Corporation)
VAIO Data Restore Tool (HKLM\...\{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}) (Version: 1.1.00.13080 - Sony Corporation)
VAIO DVD Menu Data Basic (HKLM\...\{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}) (Version: 1.0.00.08130 - Sony Corporation)
VAIO Energie Verwaltung (HKLM\...\{5F5867F0-2D23-4338-A206-01A76C823924}) (Version: 3.3.0.12190 - Sony Corporation)
VAIO Entertainment Platform (HKLM\...\{6B1F20F2-6321-4669-A58C-33DF8E7517FF}) (Version: 3.4.0.13210 - Sony Corporation)
VAIO Entertainment Platform (Version: 3.4.0.13210 - Sony Corporation) Hidden
VAIO Event Service (HKLM\...\{C7477742-DDB4-43E5-AC8D-0259E1E661B1}) (Version: 4.3.0.13190 - Sony Corporation)
VAIO Marketing Tools (HKLM\...\MarketingTools) (Version:  - Sony Corporation)
VAIO Media plus (HKLM\...\{8DE50158-80AA-4FF2-9E9F-0A7C46F71FCD}) (Version: 1.4.0.14050 - Sony Corporation)
VAIO Media plus Opening Movie (HKLM\...\{9238E8A4-BEBA-43A3-B926-769BDBF194C5}) (Version: 1.2.0.09100 - Sony Corporation)
VAIO Movie Story (HKLM\...\{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}) (Version: 1.4.00.13080 - Sony Corporation)
VAIO Movie Story (Version: 1.4.00.13080 - Sony Corporation) Hidden
VAIO Movie Story Template Data (HKLM\...\{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}) (Version: 1.4.00.13080 - Sony Corporation)
VAIO MusicBox (HKLM\...\{D613E659-6503-42A8-9617-4F599061EAD5}) (Version: 2.2.0.13091 - Sony Corporation)
VAIO MusicBox Sample Music (HKLM\...\{98FC7A64-774B-49B5-B046-4B4EBC053FA9}) (Version: 1.1.00.14140 - Sony Corporation)
VAIO Original Function Setting (HKLM\...\{A63E7492-A0BC-4BB9-89A7-352965222380}) (Version: 1.5.01.10310 - Sony Corporation)
VAIO Smart Network (HKLM\...\{3B659FAD-E772-44A3-B7E7-560FF084669F}) (Version: 2.3.0.12210 - Sony Corporation)
VAIO Update (HKLM\...\{5BEE8F1F-BD32-4553-8107-500439E43BD7}) (Version: 5.1.1.04090 - Sony Corporation)
VAIO Wallpaper Contents (HKLM\...\{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}) (Version: 1.3.0.10310 - Sony Corporation)
WIDCOMM Bluetooth Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.0.8000 - Broadcom Corporation)
Windows Live Anmelde-Assistent (HKLM\...\{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}) (Version: 5.000.818.6 - Microsoft Corporation)
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live-Uploadtool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WinDVD BD for VAIO (HKLM\...\InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}) (Version: 8.0-B9.727 - InterVideo Inc.)
WinDVD BD for VAIO (Version: 8.0-B9.727 - InterVideo Inc.) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

19-11-2014 21:47:44 Geplanter Prüfpunkt
21-11-2014 12:46:01 Geplanter Prüfpunkt
22-11-2014 11:59:10 Geplanter Prüfpunkt
28-11-2014 21:44:46 Gerätetreiber-Paketinstallation: Apple, Inc. USB-Controller
28-11-2014 21:46:53 Gerätetreiber-Paketinstallation: Apple Netzwerkadapter
28-11-2014 21:48:53 Installed iTunes
30-11-2014 13:23:44 Geplanter Prüfpunkt
07-12-2014 03:48:14 Geplanter Prüfpunkt
11-12-2014 20:35:33 Geplanter Prüfpunkt
12-12-2014 08:05:42 Windows Update
13-12-2014 12:05:33 Geplanter Prüfpunkt
14-12-2014 11:48:33 Geplanter Prüfpunkt
16-12-2014 17:53:16 Geplanter Prüfpunkt
19-12-2014 19:53:17 Geplanter Prüfpunkt
20-12-2014 11:12:32 Geplanter Prüfpunkt
21-12-2014 04:50:31 Geplanter Prüfpunkt
22-12-2014 11:22:08 Geplanter Prüfpunkt
23-12-2014 18:56:22 Geplanter Prüfpunkt
24-12-2014 17:40:52 Geplanter Prüfpunkt
27-12-2014 17:36:44 Geplanter Prüfpunkt
30-12-2014 19:08:14 Geplanter Prüfpunkt
30-12-2014 23:42:19 Windows Update
31-12-2014 11:01:42 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 11:23 - 2006-09-18 22:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {12F05A7F-2EBF-4F48-96B4-DA3AEE2FF7E6} - System32\Tasks\ucjpde => C:\Users\azita\AppData\Local\ucjpde.bat [2014-07-07] ()
Task: {147984B0-FFBA-4562-9D7C-490F65FE566F} - System32\Tasks\nfflmtc => C:\Users\azita\AppData\Local\nfflmtc.bat [2014-07-07] ()
Task: {1D4E3C4B-4264-4945-9B02-4FC30406628C} - System32\Tasks\SO_Booster-S-126785670 => c:\programdata\wideblue installer\so_booster\SO_Booster.exe <==== ATTENTION
Task: {2115A1BF-D089-4AEB-A512-781A1A3439CB} - System32\Tasks\SO_Booster-S-4675958519 => c:\programdata\blueocean\so_booster\SO_Booster.exe <==== ATTENTION
Task: {29D10A04-931C-404B-8FB3-AE15D53D8AFD} - System32\Tasks\qbcenx => C:\Users\azita\AppData\Local\qbcenx.bat [2014-07-07] ()
Task: {3B7FE4AB-F10A-446E-AAE5-A86AFC9DD6B4} - System32\Tasks\livspur => C:\Users\azita\AppData\Local\livspur.bat [2014-07-07] ()
Task: {3C2C9D82-2FB6-42C1-9340-F717842931AB} - System32\Tasks\McDefragTask => c:\Program Files\McAfee\MQC\QcConsol.exe [2008-10-24] (McAfee, Inc.)
Task: {4C779743-5077-45CF-A921-FC44CCFF6E7C} - System32\Tasks\euskca => C:\Users\azita\AppData\Local\euskca.bat [2014-07-07] ()
Task: {59217BDA-4C4A-4474-B8C7-2899EEE6DC53} - System32\Tasks\djgmc => C:\Users\azita\AppData\Local\djgmc.bat [2014-07-07] ()
Task: {5B0DC9ED-4B8E-45BB-AAD7-9C8CD1ACE50C} - System32\Tasks\SONY\VAIO Update\VAIO Update 5 => C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe [2010-04-09] (Sony Corporation)
Task: {69FA8425-2DB8-47EC-B5EB-0E437FECAA06} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: {7C18E654-317D-4FF7-903D-48B15DA7005E} - System32\Tasks\auauhtgs => C:\Users\azita\AppData\Local\auauhtgs.bat [2014-07-07] ()
Task: {7DD4B2A1-8D3B-4A3F-82EE-750BE23D7D45} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: {802095F4-3235-4E46-BF84-BCB4ADDC50F9} - System32\Tasks\SONY\Me&My VAIO\Me&My VAIO => C:\Program Files\Sony\Me&amp;My VAIO\QLGuide.exe
Task: {81285A85-63DB-4F55-B758-4ED748527F58} - System32\Tasks\rwbnb => C:\Users\azita\AppData\Local\rwbnb.bat [2014-07-07] ()
Task: {97E964BB-8B17-4E99-8BC9-BA587610A375} - System32\Tasks\SONY\VAIO Recovery Center\VAIO Reminder => C:\Program Files\Sony\VAIO Reminder\VAIOReminder.exe [2009-01-13] (Sony Corporation)
Task: {A55A7238-B6FB-45FA-83F3-9E7F83551449} - System32\Tasks\McQcTask => c:\Program Files\McAfee\MQC\QcConsol.exe [2008-10-24] (McAfee, Inc.)
Task: {A69ED224-55FE-4C0C-81C6-11FC1E2C4F4E} - System32\Tasks\ekrahvdk => C:\Users\azita\AppData\Local\ekrahvdk.bat [2014-07-07] ()
Task: {A9A2954A-C8BD-4847-917F-B63A0F59AFF4} - System32\Tasks\kbxnshe => C:\Users\azita\AppData\Local\kbxnshe.bat [2014-07-07] ()
Task: {B619E332-90CE-4D6A-B025-060FB00D101D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {B68DDC0D-20C1-42C1-8180-3E2899023CA4} - System32\Tasks\wfvenfmc => C:\Users\azita\AppData\Local\wfvenfmc.bat [2014-07-07] ()
Task: {CC1F027C-ADE4-4C0F-8B67-38BCD40E700C} - System32\Tasks\uucbb => C:\Users\azita\AppData\Local\uucbb.bat [2014-07-07] ()
Task: {D0597CDA-23E3-49C1-A1F1-7F638C3455A8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-11] (Adobe Systems Incorporated)
Task: {D7171AE0-EC66-4DDE-9FA2-2E53CE4ED248} - System32\Tasks\qmhdgc => C:\Users\azita\AppData\Local\qmhdgc.bat [2014-07-07] ()
Task: {F70C03A3-BA86-4BF7-AE77-FA9214C5CEBF} - System32\Tasks\ibdya => C:\Users\azita\AppData\Local\ibdya.bat [2014-07-07] ()

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\McDefragTask.job => C:\Windows\system32\defrag.exe
Task: C:\Windows\Tasks\McQcTask.job => c:\PROGRA~1\mcafee\mqc\QcConsol.exe
Task: C:\Windows\Tasks\SO_Booster-S-126785670.job => c:\programdata\wideblue installer\so_booster\SO_Booster.exe <==== ATTENTION
Task: C:\Windows\Tasks\SO_Booster-S-4675958519.job => c:\programdata\blueocean\so_booster\SO_Booster.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2008-08-20 15:10 - 2008-08-20 15:10 - 00200704 _____ () C:\Program Files\Intel\WiFi\bin\IWMSPROV.DLL
2014-10-11 13:06 - 2014-10-11 13:06 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-06-19 23:33 - 2008-09-04 10:43 - 00116000 _____ () c:\Program Files\McAfee\SiteAdvisor\apengine.dll
2014-06-19 23:33 - 2008-09-04 10:43 - 00070432 _____ () c:\Program Files\McAfee\SiteAdvisor\mcfrmwk.dll
2014-06-19 23:33 - 2008-09-04 10:43 - 00206112 _____ () c:\Program Files\McAfee\SiteAdvisor\cntscan.dll
2014-06-19 23:53 - 2009-01-19 11:49 - 00010752 _____ () C:\Program Files\Sony\VAIO Event Service\VESBasePS.dll
2014-06-19 23:53 - 2009-01-19 11:49 - 00009728 _____ () C:\Program Files\Sony\VAIO Event Service\VESMgrSubPS.dll
2009-05-15 18:21 - 2009-03-02 21:16 - 00159744 _____ () C:\Windows\system32\atitmmxx.dll
2014-06-19 23:21 - 2014-06-19 23:21 - 00014848 _____ () C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
2008-08-26 10:41 - 2008-08-26 10:41 - 00016384 ____R () c:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
2014-06-20 00:16 - 2014-06-05 14:58 - 04217672 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.153\pdf.dll
2014-06-20 00:16 - 2014-06-05 14:58 - 00414536 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll
2014-06-20 00:16 - 2014-06-05 14:58 - 01732424 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.153\ffmpegsumo.dll
2014-07-21 12:52 - 2014-02-10 12:44 - 04592128 _____ () C:\Users\azita21.mmm-PC\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll
2014-07-21 12:52 - 2014-02-10 12:44 - 00112128 _____ () C:\Users\azita21.mmm-PC\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll
2014-07-21 12:36 - 2014-07-08 07:18 - 14663856 _____ () C:\Users\azita21.mmm-PC\AppData\Local\Google\Chrome\User Data\PepperFlash\14.0.0.145\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:373E1720
AlternateDataStreams: C:\Users\azita21.mmm-PC\Downloads\Artists vs TMNT. Epic Rap Battles of History Season 3 Finale..mp4:TOC.WMV
AlternateDataStreams: C:\Users\azita21.mmm-PC\Downloads\Atoms For Peace  - Shinkiba Studio Coast, Tokyo, Japan (2013) HD.mp4:TOC.WMV
AlternateDataStreams: C:\Users\azita21.mmm-PC\Downloads\Daniel Radcliffe Talks About The Friend Zone.mp4:TOC.WMV
AlternateDataStreams: C:\Users\azita21.mmm-PC\Downloads\Epic Rap Battle- Nerd vs. Geek (1).mp4:TOC.WMV
AlternateDataStreams: C:\Users\azita21.mmm-PC\Downloads\How to Talk to Your Crush.mp4:TOC.WMV
AlternateDataStreams: C:\Users\azita21.mmm-PC\Downloads\Rhett & Link Get Waxed.mp4:TOC.WMV
AlternateDataStreams: C:\Users\azita21.mmm-PC\Downloads\The Ghost Pepper Challenge.mp4:TOC.WMV
AlternateDataStreams: C:\Users\azita21.mmm-PC\Downloads\The What If- Game Ft. Daniel Radcliffe (1).mp4:TOC.WMV
AlternateDataStreams: C:\Users\azita21.mmm-PC\Downloads\Yo Daddy Battle (1).mp4:TOC.WMV

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-3996859763-3761385545-3165565353-500 - Administrator - Disabled)
azita (S-1-5-21-3996859763-3761385545-3165565353-1000 - Administrator - Enabled) => C:\Users\azita
azita21 (S-1-5-21-3996859763-3761385545-3165565353-1001 - Administrator - Enabled) => C:\Users\azita21.mmm-PC
Gast (S-1-5-21-3996859763-3761385545-3165565353-501 - Limited - Enabled)
mmm (S-1-5-21-3996859763-3761385545-3165565353-1002 - Administrator - Enabled) => C:\Users\mmm.mmm-PC

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/31/2014 11:33:18 AM) (Source: McLogEvent) (EventID: 5051) (User: NT-AUTORITÄT)
Description: Ein Thread in Vorgang C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe brauchte länger als 90000 ms, um eine Anfrage auszuführen.

Der Vorgang wird beendet.
Thread-ID: 3600 (0xe10)

Thread-Adresse: 0x770996F4

Thread-Nachricht: 

 Build VSCORE.14.0.0.405 / 5300.2777
 Object being scanned = \Device\HarddiskVolume2\Users\azita21.mmm-PC\Downloads\Setup.exe
 by c:\Program Files\Microsoft Security Client\MsMpEng.exe
 4(0)(0)
 4(0)(0)
 7200(0)(0)
 7595(0)(0)
 7005(0)(0)
 7004(0)(0)
 5006(0)(0)
 5004(0)(0)

Error: (12/31/2014 10:41:59 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 37092452

Error: (12/31/2014 10:41:59 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 37092452

Error: (12/31/2014 10:41:59 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/31/2014 10:41:57 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 37090486

Error: (12/31/2014 10:41:57 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 37090486

Error: (12/31/2014 10:41:57 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/31/2014 10:41:56 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 37089425

Error: (12/31/2014 10:41:56 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 37089425

Error: (12/31/2014 10:41:56 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (12/31/2014 11:33:25 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: McAfee Real-time Scanner1600001Neustart des Diensts

Error: (12/31/2014 00:10:49 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Google Update-Dienst (gupdate)%%2

Error: (12/31/2014 00:07:36 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Avira Service Host

Error: (12/31/2014 00:07:36 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000SO_Sustainer

Error: (12/31/2014 00:07:36 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058

Error: (12/31/2014 00:05:31 AM) (Source: HTTP) (EventID: 15016) (User: )
Description: \Device\Http\ReqQueueKerberos

Error: (12/31/2014 00:01:24 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.

	Neue Signaturversion: 

	Vorherige Signaturversion: 1.191.1200.0

	Aktualisierungsquelle: %NT-AUTORITÄT59

	Aktualisierungsphase: 4.6.0305.00

	Quellpfad: 4.6.0305.01

	Signaturtyp: %NT-AUTORITÄT602

	Aktualisierungstyp: %NT-AUTORITÄT604

	Benutzer: NT-AUTORITÄT\SYSTEM

	Aktuelle Modulversion: %NT-AUTORITÄT605

	Vorherige Modulversion: %NT-AUTORITÄT606

	Fehlercode: %NT-AUTORITÄT607

	Fehlerbeschreibung: %NT-AUTORITÄT608

Error: (12/30/2014 11:59:10 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {6295DF2D-35EE-11D1-8707-00C04FD93327}

Error: (12/30/2014 11:56:05 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %mmm-PC60 ein Fehler festgestellt.

	Neue Signaturversion: 

	Vorherige Signaturversion: 0.0.0.0

	Aktualisierungsquelle: %mmm-PC51

	Aktualisierungsphase: 4.6.0305.00

	Quellpfad: 4.6.0305.01

	Signaturtyp: %mmm-PC602

	Aktualisierungstyp: %mmm-PC604

	Benutzer: mmm-PC\azita21

	Aktuelle Modulversion: %mmm-PC605

	Vorherige Modulversion: %mmm-PC606

	Fehlercode: %mmm-PC607

	Fehlerbeschreibung: %mmm-PC608

Error: (12/30/2014 11:55:46 PM) (Source: Microsoft Antimalware) (EventID: 2003) (User: )
Description: Beim Aktualisieren des Moduls wurde von %mmm-PC60 ein Fehler festgestellt.

	Neue Modulversion: 

	Vorherige Modulversion: 

	Modultyp: %mmm-PC604

	Benutzer: mmm-PC\azita21

	Fehlercode: %mmm-PC601

	Fehlerbeschreibung: %mmm-PC602


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-12-31 11:28:11.482
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-12-31 11:28:11.385
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-12-31 11:28:11.293
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-12-31 11:28:11.208
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-12-31 11:28:11.044
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-12-31 11:28:10.965
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-12-31 11:28:10.880
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-12-31 11:28:10.760
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-19 09:58:01.612
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-19 09:58:01.487
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
         
__________________

Geändert von mewmew (31.12.2014 um 16:30 Uhr)

Alt 31.12.2014, 18:39   #4
schrauber
/// the machine
/// TB-Ausbilder
 

USB Dateien als Verknüpfung angezeigt - Standard

USB Dateien als Verknüpfung angezeigt



Lade Dir bitte von hier Revo Uninstaller Download Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
  • Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
  • Klicke auf Optionen und wähle als Sprache Deutsch.
  • Suche im Uninstallerfeld nach den Programmen:

    Genesis

    istart123 uninstall


  • Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
  • Wähle anschließend den Modus "Moderat" aus.
  • Reste löschen:
    Klicke auf dann auf und dann auf .

 





Panda USB Vaccine

Bitte lade Dir von hier Panda USB Vaccine herunter.
  • Starte und installiere es.
  • Impfe Deinen PC




Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 01.01.2015, 00:24   #5
mewmew
 
USB Dateien als Verknüpfung angezeigt - Standard

USB Dateien als Verknüpfung angezeigt



Ich habe aus versehen combofix ausgeführt bevor ich die antivirus programme deaktiviert habe, darauf hat mich dann combofix hingewiesen und ich habe sie dann deaktiviert und dann den scan gestartet. kann ich jetzt alles wieder aktivieren, sollte ich combofix jetzt deinstallieren? mein inaktives mcafee programm sagt mir ständig, dass combofix schädlich sein könnte...

hier die logfile

Code:
ATTFilter
ComboFix 14-12-30.01 - azita21 31.12.2014  23:40:58.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.49.1031.18.3038.1225 [GMT 1:00]
ausgeführt von:: c:\users\azita21.mmm-PC\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
AV: McAfee VirusScan *Disabled/Outdated* {86355677-4064-3EA7-ABB3-1B136EB04637}
AV: McAfee VirusScan *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
FW: McAfee Personal Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
FW: McAfee Personal Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: McAfee VirusScan *Disabled/Outdated* {3D54B793-665E-3129-9103-206115370C8A}
SP: McAfee VirusScan *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.pol
c:\programdata\Roaming
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\background.html
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\content.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\lsdb.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\manifest.json
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\Mmvs4RO4XL.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eaongaogdgldgphnbioefiadjaoljmif
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eaongaogdgldgphnbioefiadjaoljmif\2.14\background.html
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eaongaogdgldgphnbioefiadjaoljmif\2.14\content.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eaongaogdgldgphnbioefiadjaoljmif\2.14\cYbFcqR.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eaongaogdgldgphnbioefiadjaoljmif\2.14\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eaongaogdgldgphnbioefiadjaoljmif\2.14\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\background.html
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\content.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\Mmvs4RO4XL.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oajmcmcpiboagipoflploplebgicaadj
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oajmcmcpiboagipoflploplebgicaadj\244\background.html
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oajmcmcpiboagipoflploplebgicaadj\244\content.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oajmcmcpiboagipoflploplebgicaadj\244\inDr4DS.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oajmcmcpiboagipoflploplebgicaadj\244\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oajmcmcpiboagipoflploplebgicaadj\244\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\oajmcmcpiboagipoflploplebgicaadj
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\oajmcmcpiboagipoflploplebgicaadj\244\background.html
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\oajmcmcpiboagipoflploplebgicaadj\244\content.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\oajmcmcpiboagipoflploplebgicaadj\244\inDr4DS.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\oajmcmcpiboagipoflploplebgicaadj\244\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\oajmcmcpiboagipoflploplebgicaadj\244\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eggkjddfhddopindkfioepjplbgcamgp_0.localstorage-journal
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eggkjddfhddopindkfioepjplbgcamgp_0.localstorage
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_oajmcmcpiboagipoflploplebgicaadj_0.localstorage-journal
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_oajmcmcpiboagipoflploplebgicaadj_0.localstorage
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\preferences
c:\users\azita\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem
c:\users\azita\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\background.html
c:\users\azita\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\content.js
c:\users\azita\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\lsdb.js
c:\users\azita\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\manifest.json
c:\users\azita\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\Mmvs4RO4XL.js
c:\users\azita\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem
c:\users\azita\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\background.html
c:\users\azita\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\content.js
c:\users\azita\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\lsdb.js
c:\users\azita\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\manifest.json
c:\users\azita\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\Mmvs4RO4XL.js
c:\users\azita\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcdpjakjgmgklajndnlekpojkelnibfp
c:\users\azita\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcdpjakjgmgklajndnlekpojkelnibfp\232\background.html
c:\users\azita\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcdpjakjgmgklajndnlekpojkelnibfp\232\content.js
c:\users\azita\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcdpjakjgmgklajndnlekpojkelnibfp\232\lsdb.js
c:\users\azita\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcdpjakjgmgklajndnlekpojkelnibfp\232\manifest.json
c:\users\azita\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcdpjakjgmgklajndnlekpojkelnibfp\232\vTjIssd2E.js
c:\users\azita\AppData\Local\Google\Chrome\User Data\Default\Extensions\eimhdmlhdgmboegnmecdnfbmdmhdoool
c:\users\azita\AppData\Local\Google\Chrome\User Data\Default\Extensions\eimhdmlhdgmboegnmecdnfbmdmhdoool\233\background.html
c:\users\azita\AppData\Local\Google\Chrome\User Data\Default\Extensions\eimhdmlhdgmboegnmecdnfbmdmhdoool\233\content.js
c:\users\azita\AppData\Local\Google\Chrome\User Data\Default\Extensions\eimhdmlhdgmboegnmecdnfbmdmhdoool\233\lsdb.js
c:\users\azita\AppData\Local\Google\Chrome\User Data\Default\Extensions\eimhdmlhdgmboegnmecdnfbmdmhdoool\233\manifest.json
c:\users\azita\AppData\Local\Google\Chrome\User Data\Default\Extensions\eimhdmlhdgmboegnmecdnfbmdmhdoool\233\uqoNLV.js
c:\users\azita\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oajmcmcpiboagipoflploplebgicaadj
c:\users\azita\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oajmcmcpiboagipoflploplebgicaadj\000029.log
c:\users\azita\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oajmcmcpiboagipoflploplebgicaadj\CURRENT
c:\users\azita\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oajmcmcpiboagipoflploplebgicaadj\LOCK
c:\users\azita\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oajmcmcpiboagipoflploplebgicaadj\LOG
c:\users\azita\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oajmcmcpiboagipoflploplebgicaadj\LOG.old
c:\users\azita\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oajmcmcpiboagipoflploplebgicaadj\MANIFEST-000028
c:\users\azita\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojikelkknjgenapclhclakdlllgpnmbh
c:\users\azita\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojikelkknjgenapclhclakdlllgpnmbh\000005.ldb
c:\users\azita\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojikelkknjgenapclhclakdlllgpnmbh\000008.ldb
c:\users\azita\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojikelkknjgenapclhclakdlllgpnmbh\000013.ldb
c:\users\azita\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojikelkknjgenapclhclakdlllgpnmbh\000014.log
c:\users\azita\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojikelkknjgenapclhclakdlllgpnmbh\CURRENT
c:\users\azita\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojikelkknjgenapclhclakdlllgpnmbh\LOCK
c:\users\azita\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojikelkknjgenapclhclakdlllgpnmbh\LOG
c:\users\azita\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojikelkknjgenapclhclakdlllgpnmbh\LOG.old
c:\users\azita\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojikelkknjgenapclhclakdlllgpnmbh\MANIFEST-000012
c:\users\azita\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_dcdpjakjgmgklajndnlekpojkelnibfp_0.localstorage-journal
c:\users\azita\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_dcdpjakjgmgklajndnlekpojkelnibfp_0.localstorage
c:\users\azita\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eimhdmlhdgmboegnmecdnfbmdmhdoool_0.localstorage-journal
c:\users\azita\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eimhdmlhdgmboegnmecdnfbmdmhdoool_0.localstorage
c:\users\azita\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_kmbhlefgdonlhbobodmjccfbmcbejfhj_0.localstorage-journal
c:\users\azita\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_kmbhlefgdonlhbobodmjccfbmcbejfhj_0.localstorage
c:\users\azita\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ojikelkknjgenapclhclakdlllgpnmbh_0.localstorage-journal
c:\users\azita\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ojikelkknjgenapclhclakdlllgpnmbh_0.localstorage
c:\users\azita\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\AZITA2~1.MMM\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
c:\users\azita21.mmm-PC\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\azita21.mmm-PC\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
c:\users\azita21\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem
c:\users\azita21\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\background.html
c:\users\azita21\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\content.js
c:\users\azita21\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\lsdb.js
c:\users\azita21\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\manifest.json
c:\users\azita21\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\Mmvs4RO4XL.js
c:\users\azita21\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem
c:\users\azita21\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\background.html
c:\users\azita21\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\content.js
c:\users\azita21\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\lsdb.js
c:\users\azita21\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\manifest.json
c:\users\azita21\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\Mmvs4RO4XL.js
c:\users\azita21\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem
c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem
c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\background.html
c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\content.js
c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\lsdb.js
c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\manifest.json
c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\Mmvs4RO4XL.js
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\background.html
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\content.js
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\lsdb.js
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\manifest.json
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\Mmvs4RO4XL.js
c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eaongaogdgldgphnbioefiadjaoljmif
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eaongaogdgldgphnbioefiadjaoljmif\2.14\background.html
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eaongaogdgldgphnbioefiadjaoljmif\2.14\content.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eaongaogdgldgphnbioefiadjaoljmif\2.14\cYbFcqR.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eaongaogdgldgphnbioefiadjaoljmif\2.14\lsdb.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eaongaogdgldgphnbioefiadjaoljmif\2.14\manifest.json
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oajmcmcpiboagipoflploplebgicaadj
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oajmcmcpiboagipoflploplebgicaadj\244\background.html
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oajmcmcpiboagipoflploplebgicaadj\244\content.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oajmcmcpiboagipoflploplebgicaadj\244\inDr4DS.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oajmcmcpiboagipoflploplebgicaadj\244\lsdb.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oajmcmcpiboagipoflploplebgicaadj\244\manifest.json
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eaongaogdgldgphnbioefiadjaoljmif
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eaongaogdgldgphnbioefiadjaoljmif\2.14\background.html
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eaongaogdgldgphnbioefiadjaoljmif\2.14\content.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eaongaogdgldgphnbioefiadjaoljmif\2.14\cYbFcqR.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eaongaogdgldgphnbioefiadjaoljmif\2.14\lsdb.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eaongaogdgldgphnbioefiadjaoljmif\2.14\manifest.json
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oajmcmcpiboagipoflploplebgicaadj
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oajmcmcpiboagipoflploplebgicaadj\244\background.html
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oajmcmcpiboagipoflploplebgicaadj\244\content.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oajmcmcpiboagipoflploplebgicaadj\244\inDr4DS.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oajmcmcpiboagipoflploplebgicaadj\244\lsdb.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oajmcmcpiboagipoflploplebgicaadj\244\manifest.json
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\eaongaogdgldgphnbioefiadjaoljmif
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\oajmcmcpiboagipoflploplebgicaadj
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\oajmcmcpiboagipoflploplebgicaadj\244\background.html
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\oajmcmcpiboagipoflploplebgicaadj\244\content.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\oajmcmcpiboagipoflploplebgicaadj\244\inDr4DS.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\oajmcmcpiboagipoflploplebgicaadj\244\lsdb.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\oajmcmcpiboagipoflploplebgicaadj\244\manifest.json
c:\users\mmm.mmm-PC\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\mmm\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem
c:\users\mmm\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\background.html
c:\users\mmm\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\content.js
c:\users\mmm\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\lsdb.js
c:\users\mmm\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\manifest.json
c:\users\mmm\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\Mmvs4RO4XL.js
c:\users\mmm\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem
c:\users\mmm\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\background.html
c:\users\mmm\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\content.js
c:\users\mmm\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\lsdb.js
c:\users\mmm\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\manifest.json
c:\users\mmm\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\Mmvs4RO4XL.js
c:\users\mmm\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem
c:\windows\security\logs\scecomp.log
c:\windows\system32\Thumbs.db
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-11-28 bis 2014-12-31  ))))))))))))))))))))))))))))))
.
.
2014-12-31 22:51 . 2014-12-31 22:51	--------	d-----w-	c:\users\mmm.mmm-PC\AppData\Local\temp
2014-12-31 22:51 . 2014-12-31 22:51	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-12-31 22:51 . 2014-12-31 22:51	--------	d-----w-	c:\users\azita\AppData\Local\temp
2014-12-31 22:13 . 2014-12-31 22:13	--------	d-----w-	c:\programdata\Panda Security
2014-12-31 22:13 . 2014-12-31 22:13	--------	d-----w-	c:\program files\Panda USB Vaccine
2014-12-31 22:03 . 2014-12-31 22:03	--------	d-----w-	c:\program files\VS Revo Group
2014-12-31 10:26 . 2014-12-31 10:36	--------	d-----w-	C:\FRST
2014-12-31 10:02 . 2014-10-30 11:24	229000	------w-	c:\windows\system32\MpSigStub.exe
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-12-11 00:13 . 2014-07-06 23:54	71344	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2014-12-11 00:13 . 2014-07-06 23:54	701104	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2014-11-18 13:56 . 2014-11-18 13:56	1202848	----a-w-	c:\windows\system32\FM20.DLL
2014-10-27 21:30 . 2014-10-27 21:30	1207568	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2014-10-07 11:29 . 2014-08-28 15:36	136216	----a-w-	c:\windows\system32\drivers\avipbb.sys
2014-10-07 11:29 . 2014-08-28 15:36	98160	----a-w-	c:\windows\system32\drivers\avgntflt.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"genesis_08201850"="/r" [X]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-21 2153472]
"NSUFloatingUI"="c:\program files\Sony\Network Utility\LANUtil.exe" [2008-12-21 274432]
"GoogleChromeAutoLaunch_058E7E9EBC9AFAD151F8EE0ED50FBC3A"="c:\program files\Google\Chrome\Application\chrome.exe" [2014-06-05 860488]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-01-06 6703648]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2009-04-13 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-12-03 35184]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-15 136600]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2008-12-18 317288]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-10 61440]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2008-09-12 1176808]
"MarketingTools"="c:\program files\Sony\Marketing Tools\MarketingTools.exe" [2014-06-19 26624]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2008-12-16 645328]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2014-12-04 702768]
"Avira Systray"="c:\program files\Avira\My Avira\Avira.OE.Systray.exe" [2014-10-22 124208]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2014-10-15 157480]
.
c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
.
c:\users\azita21.mmm-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-3-1 789032]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2009-01-19 10:49	98304	----a-w-	c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 3f17c95f;SO_Sustainer;c:\windows\system32\rundll32.exe [2006-11-02 44544]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs	REG_MULTI_SZ   	BthServ
yksvcs	REG_MULTI_SZ   	yksvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-06-19 23:16	1091912	----a-w-	c:\program files\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-12-31 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-06 00:13]
.
2014-12-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2014-06-19 07:38]
.
2014-09-30 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2014-06-19 07:38]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com
mStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.2.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-fst_de_88 - (no file)
HKLM-Run-fst_de_147 - c:\program files\fst_de_147\fst_de_147.exe
c:\users\azita\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vggopxip.lnk - c:\users\azita21.mmm-PC\AppData\Local\vggopxip.exe /r
c:\users\azita21.mmm-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk - c:\program files\MyPC Backup\MyPC Backup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2015-01-01 00:00
Windows 6.0.6001 Service Pack 1 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:00000042
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(5940)
c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll
c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Realtek\Audio\HDA\RtkAudioService.exe
c:\windows\system32\WLANExt.exe
c:\program files\Avira\AntiVir Desktop\sched.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\McAfee\SiteAdvisor\McSACore.exe
c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\progra~1\McAfee\VIRUSS~1\mcshield.exe
c:\program files\McAfee\MPF\MPFSrv.exe
c:\program files\McAfee\MSK\MskSrver.exe
c:\program files\sony\Network Utility\NSUService.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
c:\program files\sony\VAIO Event Service\VESMgr.exe
c:\program files\Sony\VAIO Power Management\SPMService.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\windows\system32\DllHost.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\windows\system32\WUDFHost.exe
c:\program files\sony\VAIO Event Service\VESMgrSub.exe
c:\windows\system32\DllHost.exe
c:\program files\Sony\VAIO Power Management\SPMgr.exe
c:\program files\Sony\VAIO Update 5\VAIOUpdt.exe
c:\program files\Sony\VAIO Reminder\VAIOReminder.exe
c:\program files\Panda USB Vaccine\USBVaccine.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\progra~1\McAfee.com\Agent\mcagent.exe
c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\windows\system32\conime.exe
c:\progra~1\mcafee\VIRUSS~1\mcvsshld.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Apoint\ApMsgFwd.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Apoint\Apntex.exe
c:\program files\Apoint\Apvfb.exe
c:\program files\Microsoft Office\Office12\ONENOTEM.EXE
c:\progra~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2015-01-01  00:08:24 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2014-12-31 23:08
.
Vor Suchlauf: 13 Verzeichnis(se), 372.782.649.344 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 374.361.063.424 Bytes frei
.
- - End Of File - - 28E777B69FCBCE7033E5F4D7C9BB2E82
5C616939100B85E558DA92B899A0FC36
         


Alt 01.01.2015, 08:40   #6
schrauber
/// the machine
/// TB-Ausbilder
 

USB Dateien als Verknüpfung angezeigt - Standard

USB Dateien als Verknüpfung angezeigt



USB anklemmen und dran lassen.

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
--> USB Dateien als Verknüpfung angezeigt

Alt 01.01.2015, 14:07   #7
mewmew
 
USB Dateien als Verknüpfung angezeigt - Standard

USB Dateien als Verknüpfung angezeigt



mbam
Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org


Protection, 01.01.2015 12:19:43, SYSTEM, MMM-PC, Protection, Malware Protection, Starting, 
Protection, 01.01.2015 12:19:46, SYSTEM, MMM-PC, Protection, Malware Protection, Started, 
Protection, 01.01.2015 12:19:46, SYSTEM, MMM-PC, Protection, Malicious Website Protection, Starting, 
Protection, 01.01.2015 12:19:54, SYSTEM, MMM-PC, Protection, Malicious Website Protection, Started, 
Update, 01.01.2015 12:20:03, SYSTEM, MMM-PC, Manual, Remediation Database, 2013.10.16.1, 2014.12.6.1, 
Update, 01.01.2015 12:20:03, SYSTEM, MMM-PC, Manual, Rootkit Database, 2014.11.18.1, 2014.12.30.1, 
Update, 01.01.2015 12:20:12, SYSTEM, MMM-PC, Manual, Malware Database, 2014.11.20.6, 2015.1.1.2, 
Protection, 01.01.2015 12:20:12, SYSTEM, MMM-PC, Protection, Refresh, Starting, 
Protection, 01.01.2015 12:20:12, SYSTEM, MMM-PC, Protection, Malicious Website Protection, Stopping, 
Protection, 01.01.2015 12:20:13, SYSTEM, MMM-PC, Protection, Malicious Website Protection, Stopped, 
Protection, 01.01.2015 12:20:21, SYSTEM, MMM-PC, Protection, Refresh, Success, 
Protection, 01.01.2015 12:20:21, SYSTEM, MMM-PC, Protection, Malicious Website Protection, Starting, 
Protection, 01.01.2015 12:20:22, SYSTEM, MMM-PC, Protection, Malicious Website Protection, Started, 
Protection, 01.01.2015 13:19:43, SYSTEM, MMM-PC, Protection, Malware Protection, Starting, 
Protection, 01.01.2015 13:19:43, SYSTEM, MMM-PC, Protection, Malware Protection, Started, 
Protection, 01.01.2015 13:19:43, SYSTEM, MMM-PC, Protection, Malicious Website Protection, Starting, 
Protection, 01.01.2015 13:22:31, SYSTEM, MMM-PC, Protection, Malicious Website Protection, Started, 

(end)
         
adwcleaner [R2]
Code:
ATTFilter
# AdwCleaner v4.106 - Bericht erstellt am 01/01/2015 um 13:32:26
# Aktualisiert 21/12/2014 von Xplode
# Database : 2014-12-21.4 [Local]
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 1 (32 bits)
# Benutzername : azita21 - MMM-PC
# Gestartet von : C:\Users\azita21.mmm-PC\Desktop\AdwCleaner_4.106.exe
# Option : Suchen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gefunden : C:\ProgramData\48f81aa1bb9c31ec
Ordner Gefunden : C:\ProgramData\Wideblue installer

***** [ Tasks ] *****

Task Gefunden : APSnotifierPP1
Task Gefunden : APSnotifierPP2
Task Gefunden : APSnotifierPP3
Task Gefunden : globalUpdateUpdateTaskMachineCore
Task Gefunden : globalUpdateUpdateTaskMachineUA

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}

***** [ Browser ] *****

-\\ Internet Explorer v7.0.6001.18527


-\\ Google Chrome v35.0.1916.153


*************************

AdwCleaner[R0].txt - [23136 octets] - [12/07/2014 15:55:31]
AdwCleaner[R1].txt - [13846 octets] - [04/09/2014 11:11:09]
AdwCleaner[R2].txt - [1166 octets] - [01/01/2015 13:32:26]
AdwCleaner[S0].txt - [21120 octets] - [12/07/2014 16:21:06]
AdwCleaner[S1].txt - [12167 octets] - [04/09/2014 11:14:15]

########## EOF - C:\AdwCleaner\AdwCleaner[R2].txt - [1348 octets] ##########
         
adwcleaner [S2]
Code:
ATTFilter
# AdwCleaner v4.106 - Bericht erstellt am 01/01/2015 um 13:38:37
# Aktualisiert 21/12/2014 von Xplode
# Database : 2014-12-21.4 [Local]
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 1 (32 bits)
# Benutzername : azita21 - MMM-PC
# Gestartet von : C:\Users\azita21.mmm-PC\Desktop\AdwCleaner_4.106.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Wideblue installer
Ordner Gelöscht : C:\ProgramData\48f81aa1bb9c31ec

***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}

***** [ Browser ] *****

-\\ Internet Explorer v7.0.6001.18527


-\\ Google Chrome v35.0.1916.153


*************************

AdwCleaner[R0].txt - [23136 octets] - [12/07/2014 15:55:31]
AdwCleaner[R1].txt - [13846 octets] - [04/09/2014 11:11:09]
AdwCleaner[R2].txt - [1428 octets] - [01/01/2015 13:32:26]
AdwCleaner[S0].txt - [21120 octets] - [12/07/2014 16:21:06]
AdwCleaner[S1].txt - [12167 octets] - [04/09/2014 11:14:15]
AdwCleaner[S2].txt - [1153 octets] - [01/01/2015 13:38:37]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1213 octets] ##########
         
JRT
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows Vista (TM) Home Premium x86
Ran by azita21 on 01.01.2015 at 13:51:42,85
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\azita21.mmm-PC\AppData\Roaming\systweak"
Successfully deleted: [Folder] "C:\Users\azita21.mmm-PC\AppData\Roaming\vopackage"
Successfully deleted: [Folder] "C:\Users\azita21.mmm-PC\AppData\Roaming\microsoft\windows\start menu\programs\mypc backup"
Successfully deleted: [Folder] "C:\Users\azita21.mmm-PC\AppData\Roaming\microsoft\windows\start menu\programs\vopackage"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 01.01.2015 at 13:57:47,22
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
FRST

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-12-2014
Ran by azita21 (administrator) on MMM-PC on 01-01-2015 14:02:46
Running from c:\Users\azita21.mmm-PC\Downloads
Loaded Profile: azita21 (Available profiles: azita & azita21 & mmm)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 7 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Sony Corporation) C:\Program Files\sony\VAIO Update 5\VAIOUpdt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apoint.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jusched.exe
(Sony Corporation) C:\Program Files\sony\ISB Utility\ISBMgr.exe
(Sony Corporation) C:\Program Files\sony\Marketing Tools\MarketingTools.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(McAfee, Inc.) C:\Program Files\McAfee.com\Agent\mcagent.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Sony Corporation) C:\Program Files\sony\Network Utility\LANUtil.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe
(McAfee, Inc.) C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
(McAfee, Inc.) C:\Program Files\McAfee\VirusScan\Mcshield.exe
(McAfee, Inc.) C:\Program Files\McAfee\MPF\MpfSrv.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSK\msksrver.exe
(Sony Corporation) C:\Program Files\sony\Network Utility\NSUService.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ArcSoft, Inc.) C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
(Sony Corporation) C:\Program Files\sony\VAIO Event Service\VESMgr.exe
(Panda Security) C:\Program Files\Panda USB Vaccine\USBVaccine.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Sony Corporation) C:\Program Files\sony\VAIO Event Service\VESMgrSub.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\mcmscsvc.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApntEx.exe
(ALPS) C:\Program Files\Apoint\Apvfb.exe
(McAfee, Inc.) C:\Program Files\McAfee\VirusScan\mcsysmon.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [6703648 2009-01-06] (Realtek Semiconductor)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint\Apoint.exe [155648 2009-04-13] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [35184 2008-12-03] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Java\jre6\bin\jusched.exe [136600 2009-05-15] (Sun Microsystems, Inc.)
HKLM\...\Run: [ISBMgr.exe] => C:\Program Files\Sony\ISB Utility\ISBMgr.exe [317288 2008-12-18] (Sony Corporation)
HKLM\...\Run: [StartCCC] => c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2009-02-10] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [McENUI] => C:\Program Files\McAfee\MHN\McENUI.exe [1176808 2008-09-12] (McAfee, Inc.)
HKLM\...\Run: [MarketingTools] => C:\Program Files\Sony\Marketing Tools\MarketingTools.exe [26624 2014-06-19] (Sony Corporation)
HKLM\...\Run: [mcagent_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [645328 2008-12-16] (McAfee, Inc.)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-04] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [126200 2014-11-20] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
Winlogon\Notify\VESWinlogon: C:\Windows\system32\VESWinlogon.dll (Sony Corporation)
HKU\S-1-5-21-3996859763-3761385545-3165565353-1001\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-3996859763-3761385545-3165565353-1001\...\Run: [NSUFloatingUI] => C:\Program Files\Sony\Network Utility\LANUtil.exe [274432 2008-12-21] (Sony Corporation)
HKU\S-1-5-21-3996859763-3761385545-3165565353-1001\...\Run: [GoogleChromeAutoLaunch_058E7E9EBC9AFAD151F8EE0ED50FBC3A] => C:\Program Files\Google\Chrome\Application\chrome.exe [860488 2014-06-05] (Google Inc.)
HKU\S-1-5-21-3996859763-3761385545-3165565353-1001\...\Run: [genesis_08201850] => /r
HKU\S-1-5-21-3996859763-3761385545-3165565353-1001\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\azita21.mmm-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\azita21.mmm-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3996859763-3761385545-3165565353-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3996859763-3761385545-3165565353-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SNYT
SearchScopes: HKLM -> {EA6E82DD-9489-4B32-8E7B-5A97F7EF3395} URL = hxxp://www.google.de/search?hl=de&q={searchTerms}&meta=
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3996859763-3761385545-3165565353-1001 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SNYT
SearchScopes: HKU\S-1-5-21-3996859763-3761385545-3165565353-1001 -> {EA6E82DD-9489-4B32-8E7B-5A97F7EF3395} URL = hxxp://www.google.de/search?hl=de&q={searchTerms}&meta=
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> C:\Program Files\McAfee\MSK\MskAPBho.dll ()
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
BHO: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-06-20]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files\McAfee\SiteAdvisor [2014-06-19]

Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\azita21.mmm-PC\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Docs) - C:\Users\azita21.mmm-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-21]
CHR Extension: (Google Drive) - C:\Users\azita21.mmm-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-21]
CHR Extension: (YouTube) - C:\Users\azita21.mmm-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-21]
CHR Extension: (Google Search) - C:\Users\azita21.mmm-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-21]
CHR Extension: (SiteAdvisor) - C:\Users\azita21.mmm-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2014-07-21]
CHR Extension: (Avira Browserschutz) - C:\Users\azita21.mmm-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-08-28]
CHR Extension: (Gmail) - C:\Users\azita21.mmm-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-21]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - No Path
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [109056 2008-08-01] (ArcSoft Inc.)
S3 Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2014-07-01] (Adobe Systems) [File not signed]
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [431920 2014-12-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-04] (Avira Operations GmbH & Co. KG)
S2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-11-20] (Avira Operations GmbH & Co. KG)
R2 EvtEng; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [860160 2008-08-20] (Intel(R) Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [131136 2014-12-03] (McAfee, Inc.)
R2 mcmscsvc; C:\Program Files\McAfee\MSC\mcmscsvc.exe [797864 2008-12-16] (McAfee, Inc.)
R2 McNASvc; c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe [2482848 2008-10-24] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [365072 2008-12-13] (McAfee, Inc.)
R2 McProxy; c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe [359952 2008-10-23] (McAfee, Inc.)
R2 McShield; C:\Program Files\McAfee\VirusScan\Mcshield.exe [144704 2008-12-19] (McAfee, Inc.)
R3 McSysmon; C:\Program Files\McAfee\VirusScan\mcsysmon.exe [606736 2008-12-16] (McAfee, Inc.)
R2 MpfService; C:\Program Files\McAfee\MPF\MPFSrv.exe [884360 2008-12-05] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\McAfee\MSK\MskSrver.exe [26640 2008-11-25] (McAfee, Inc.)
R2 NSUService; C:\Program Files\sony\Network Utility\NSUService.exe [303104 2008-12-21] (Sony Corporation) [File not signed]
S3 PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [114688 2009-01-07] (Sony Corporation) [File not signed]
S2 RegSrvc; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [466944 2008-08-20] (Intel(R) Corporation) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService.exe [109088 2009-01-06] (Realtek Semiconductor)
S3 SOHDBSvr; C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [70952 2009-02-05] (Sony Corporation)
S3 SOHPlMgr; C:\Program Files\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [91432 2009-02-05] (Sony Corporation)
R2 uCamMonitor; C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.)
S3 VAIO Entertainment TV Device Arbitration Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe [69632 2009-01-21] (Sony Corporation) [File not signed]
R2 VAIO Event Service; C:\Program Files\sony\VAIO Event Service\VESMgr.exe [203624 2009-01-19] (Sony Corporation)
S2 VAIO Power Management; C:\Program Files\Sony\VAIO Power Management\SPMService.exe [415592 2008-12-19] (Sony Corporation)
S3 VcmIAlzMgr; C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [394536 2009-01-19] (Sony Corporation)
R3 Vcsw; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe [313264 2009-01-21] (Sony Corporation)
S3 VUAgent; C:\Program Files\sony\VAIO Update 5\VUAgent.exe [722288 2010-04-09] (Sony Corporation)
R2 VzCdbSvc; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe [192512 2009-01-21] (Sony Corporation) [File not signed]
R2 yksvc; C:\Windows\System32\ykx32mpcoinst.dll [282624 2009-02-10] (Marvell)
S2 3f17c95f; "C:\Windows\system32\rundll32.exe" "c:\progra~1\so_boo~1\AssistantSvc.dll",service
S2 gupdate; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [17920 2008-04-24] (ArcSoft, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98160 2014-10-07] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-10-07] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2014-08-15] (Avira Operations GmbH & Co. KG)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-01-01] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [79304 2008-12-19] (McAfee, Inc.)
R3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [35272 2008-12-19] (McAfee, Inc.)
R1 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [213640 2008-12-19] (McAfee, Inc.)
S3 mferkdk; C:\Windows\System32\drivers\mferkdk.sys [34216 2008-12-19] (McAfee, Inc.)
R3 mfesmfk; C:\Windows\System32\drivers\mfesmfk.sys [40552 2008-12-19] (McAfee, Inc.)
R1 MPFP; C:\Windows\System32\Drivers\Mpfp.sys [130424 2008-10-23] (McAfee, Inc.)
R3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtHDMIV.sys [155808 2009-02-23] (Realtek Semiconductor Corp.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2014-08-15] (Avira GmbH)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 igfx; system32\DRIVERS\igdkmd32.sys [X]
S3 IntcHdmiAddService; system32\drivers\IntcHdmi.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S4 UIUSys; system32\DRIVERS\UIUSYS.SYS [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-01 13:57 - 2015-01-01 13:57 - 00001342 _____ () C:\Users\azita21.mmm-PC\Desktop\JRT.txt
2015-01-01 13:50 - 2015-01-01 13:50 - 00001295 _____ () C:\Users\azita21.mmm-PC\Desktop\AdwCleaner[S2].txt
2015-01-01 13:49 - 2015-01-01 13:49 - 00000000 ____D () C:\Windows\ERUNT
2015-01-01 13:48 - 2015-01-01 13:48 - 01707939 _____ (Thisisu) C:\Users\azita21.mmm-PC\Downloads\JRT.exe
2015-01-01 13:30 - 2015-01-01 13:30 - 02173952 _____ () C:\Users\azita21.mmm-PC\Desktop\AdwCleaner_4.106.exe
2015-01-01 13:30 - 2015-01-01 13:30 - 00001717 _____ () C:\Users\azita21.mmm-PC\Desktop\mbam.txt
2015-01-01 13:28 - 2015-01-01 13:28 - 00001002 _____ () C:\Users\Public\Desktop\Avira.lnk
2015-01-01 12:19 - 2015-01-01 13:47 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-01 12:19 - 2015-01-01 12:19 - 00000899 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-01-01 12:19 - 2015-01-01 12:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-01-01 12:18 - 2015-01-01 12:19 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2015-01-01 12:18 - 2015-01-01 12:18 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-01 12:18 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-01 12:18 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-01 12:18 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-01 12:12 - 2015-01-01 12:12 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\azita21.mmm-PC\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-01 00:08 - 2015-01-01 00:08 - 00031317 _____ () C:\ComboFix.txt
2014-12-31 23:38 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-12-31 23:38 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-12-31 23:38 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-12-31 23:38 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-12-31 23:38 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-12-31 23:38 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-12-31 23:38 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-12-31 23:38 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-12-31 23:18 - 2015-01-01 00:08 - 00000000 ____D () C:\Qoobox
2014-12-31 23:17 - 2015-01-01 00:06 - 00000000 ____D () C:\Windows\erdnt
2014-12-31 23:16 - 2014-12-31 23:17 - 00848856 _____ (Panda Security ) C:\Users\azita21.mmm-PC\Downloads\USBVaccineSetup (1).exe
2014-12-31 23:14 - 2014-12-31 23:14 - 05604036 ____R (Swearware) C:\Users\azita21.mmm-PC\Downloads\ComboFix.exe
2014-12-31 23:13 - 2014-12-31 23:13 - 00000000 ____D () C:\ProgramData\Panda Security
2014-12-31 23:13 - 2014-12-31 23:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
2014-12-31 23:13 - 2014-12-31 23:13 - 00000000 ____D () C:\Program Files\Panda USB Vaccine
2014-12-31 23:12 - 2014-12-31 23:12 - 00848856 _____ (Panda Security ) C:\Users\azita21.mmm-PC\Downloads\USBVaccineSetup.exe
2014-12-31 23:03 - 2014-12-31 23:03 - 00001057 _____ () C:\Users\azita21.mmm-PC\Desktop\Revo Uninstaller.lnk
2014-12-31 23:03 - 2014-12-31 23:03 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-12-31 23:02 - 2014-12-31 23:02 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\azita21.mmm-PC\Downloads\revosetup95.exe
2014-12-31 23:02 - 2014-12-31 23:02 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\azita21.mmm-PC\Downloads\revosetup95 (1).exe
2014-12-31 11:29 - 2014-12-31 11:36 - 00033090 _____ () C:\Users\azita21.mmm-PC\Downloads\Addition.txt
2014-12-31 11:27 - 2015-01-01 14:02 - 00022474 _____ () C:\Users\azita21.mmm-PC\Downloads\FRST.txt
2014-12-31 11:26 - 2015-01-01 14:02 - 00000000 ____D () C:\FRST
2014-12-31 11:25 - 2014-12-31 11:26 - 01114624 _____ (Farbar) C:\Users\azita21.mmm-PC\Downloads\FRST.exe
2014-12-31 11:02 - 2014-11-24 14:04 - 00229000 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-12-30 23:50 - 2014-12-31 23:38 - 00001912 _____ () C:\Windows\epplauncher.mif
2014-12-30 23:38 - 2014-12-30 23:39 - 11473216 _____ (Microsoft Corporation) C:\Users\azita21.mmm-PC\Downloads\MSEInstall (1).exe
2014-12-30 23:38 - 2014-12-30 23:38 - 14107296 _____ (Microsoft Corporation) C:\Users\azita21.mmm-PC\Downloads\MSEInstall.exe
2014-12-30 21:17 - 2014-12-30 21:20 - 13947406 _____ () C:\Users\azita21.mmm-PC\Downloads\Install_FD10DXZ_Trial.zip
2014-12-23 00:50 - 2014-12-23 00:51 - 00088641 _____ () C:\Users\azita21.mmm-PC\Downloads\hamburg_alstertanne_weihnacht_tanne_alster_jungfernstieg_michel_3666386309_600x450xcr.jpeg
2014-12-16 01:36 - 2014-12-16 01:36 - 05948992 _____ () C:\Users\azita21.mmm-PC\Downloads\Fragile lyrics - Tech N9ne (Kendall Morgan, Kendrick Lamar & ¡Mayday!).mp4
2014-12-15 21:55 - 2014-12-15 22:03 - 167650716 _____ () C:\Users\azita21.mmm-PC\Downloads\In Fashion- Sir Paul Smith interview.mp4
2014-12-12 02:26 - 2014-12-12 02:28 - 152333158 _____ () C:\Users\azita21.mmm-PC\Downloads\Sensational S'more Cones!! - Camp Food Pt.2.mp4
2014-12-12 02:25 - 2014-12-12 02:28 - 190470924 _____ () C:\Users\azita21.mmm-PC\Downloads\Boys Gone Wild - Camp Food Pt.1.mp4

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-01 13:46 - 2014-06-19 23:35 - 00034391 _____ () C:\Windows\system32\Config.MPF
2015-01-01 13:40 - 2008-01-21 03:47 - 00591582 _____ () C:\Windows\PFRO.log
2015-01-01 13:40 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-01 13:40 - 2006-11-02 13:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-01 13:40 - 2006-11-02 13:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-01 13:39 - 2014-06-19 23:16 - 01759123 _____ () C:\Windows\WindowsUpdate.log
2015-01-01 13:39 - 2009-05-15 09:57 - 00000012 _____ () C:\Windows\bthservsdp.dat
2015-01-01 13:39 - 2006-11-02 14:01 - 00026150 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-01 13:38 - 2014-07-12 15:55 - 00000000 ____D () C:\AdwCleaner
2015-01-01 13:28 - 2014-08-28 17:32 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-01 13:28 - 2014-08-28 16:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-01-01 13:28 - 2014-08-28 16:36 - 00000000 ____D () C:\Program Files\Avira
2015-01-01 13:13 - 2014-07-07 00:54 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-01 00:59 - 2014-06-19 23:31 - 00000348 _____ () C:\Windows\Tasks\McQcTask.job
2015-01-01 00:08 - 2006-11-02 12:18 - 00000000 __RHD () C:\Users\Default
2015-01-01 00:08 - 2006-11-02 12:18 - 00000000 ___RD () C:\Users\Public
2014-12-31 23:59 - 2006-11-02 11:23 - 00000215 _____ () C:\Windows\system.ini
2014-12-31 00:23 - 2014-08-21 23:00 - 00000000 ____D () C:\Users\azita21.mmm-PC\Desktop\tomo
2014-12-31 00:05 - 2014-06-19 23:30 - 00000000 ____D () C:\Program Files\McAfee
2014-12-30 20:57 - 2008-01-21 08:16 - 01565124 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-23 00:51 - 2014-09-03 00:58 - 155762616 _____ () C:\Users\azita21.mmm-PC\Downloads\How to Talk to Your Crush.mp4
2014-12-16 02:22 - 2006-11-02 13:52 - 00107520 _____ () C:\Windows\setupact.log
2014-12-15 01:00 - 2014-06-19 23:31 - 00000372 _____ () C:\Windows\Tasks\McDefragTask.job
2014-12-12 11:33 - 2014-06-19 23:37 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-11 01:13 - 2014-07-07 00:54 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-12-11 01:13 - 2014-07-07 00:54 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-12-06 18:36 - 2014-09-16 00:39 - 180013387 _____ () C:\Users\azita21.mmm-PC\Downloads\The What If- Game Ft. Daniel Radcliffe (1).mp4
2014-12-06 18:35 - 2014-09-16 00:43 - 46816571 _____ () C:\Users\azita21.mmm-PC\Downloads\Epic Rap Battle- Nerd vs. Geek (1).mp4
2014-12-06 18:35 - 2014-09-16 00:42 - 103218786 _____ () C:\Users\azita21.mmm-PC\Downloads\Daniel Radcliffe Talks About The Friend Zone.mp4

Some content of TEMP:
====================
C:\Users\azita21.mmm-PC\AppData\Local\Temp\avgnt.exe
C:\Users\azita21.mmm-PC\AppData\Local\Temp\Quarantine.exe
C:\Users\azita21.mmm-PC\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-01 13:51

==================== End Of Log ============================
         
--- --- ---

--- --- ---

Alt 01.01.2015, 16:26   #8
schrauber
/// the machine
/// TB-Ausbilder
 

USB Dateien als Verknüpfung angezeigt - Standard

USB Dateien als Verknüpfung angezeigt



Revo Uninstaller - Download - Filepony
damit Chrome deinstallieren, keine Daten behalten, Reste entfernen lassen, neu installieren.

Dann:
https://support.google.com/chrome/answer/3296214?hl=de




Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
HKU\S-1-5-21-3996859763-3761385545-3165565353-1001\...\Run: [genesis_08201850] => /r
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3996859763-3761385545-3165565353-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - No Path
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
Emptytemp:
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.







ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 02.01.2015, 14:12   #9
mewmew
 
USB Dateien als Verknüpfung angezeigt - Standard

USB Dateien als Verknüpfung angezeigt



Fixlog
Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 28-12-2014
Ran by azita21 at 2015-01-02 00:20:59 Run:1
Running from C:\Users\azita21.mmm-PC\Downloads
Loaded Profile: azita21 (Available profiles: azita & azita21 & mmm)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKU\S-1-5-21-3996859763-3761385545-3165565353-1001\...\Run: [genesis_08201850] => /r
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3996859763-3761385545-3165565353-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - No Path
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
Emptytemp:
*****************

HKU\S-1-5-21-3996859763-3761385545-3165565353-1001\Software\Microsoft\Windows\CurrentVersion\Run\\genesis_08201850 => value deleted successfully.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKU\S-1-5-21-3996859763-3761385545-3165565353-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\fheoggkfdfchfphceeifdbepaooicaho" => Key deleted successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk" => Key deleted successfully.
EmptyTemp: => Removed 88.8 MB temporary data.


The system needed a reboot. 

==== End of Fixlog 00:22:03 ====
         
eset
Code:
ATTFilter
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=9140a9e8566d914d819eb3693b6afac6
# engine=21785
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-01-02 01:33:00
# local_time=2015-01-02 02:33:00 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.0.6001 NT Service Pack 1
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 99 30422 12070977 0 0
# compatibility_mode_1='McAfee VirusScan'
# compatibility_mode=5121 16776573 100 96 15872126 191014634 0 0
# compatibility_mode_1=''
# compatibility_mode=5892 16776574 100 100 51123 257695108 0 0
# scanned=61667
# found=160
# cleaned=0
# scan_time=6946
sh=169902243AEBE2CD2F1B856E6EF1403514BEC67D ft=1 fh=fc6a22eefa41c9ca vn="Variante von MSIL/MyPCBackup.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\MyPC Backup\MyPC Backup.exe.vir"
sh=69965658CBE50E2BDADB72755BB94332A4D5F971 ft=1 fh=b5c5c236bb0c961e vn="Variante von MSIL/NewPlayer.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\NewPlayer\AddonNP.exe.vir"
sh=43A123C825F2DB7104D75DA73B6B71C0A2B320DA ft=1 fh=36bf59f3c65f5b85 vn="Variante von MSIL/NewPlayer.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\NewPlayer\NewVideoPlayer.exe.vir"
sh=8F6E476776CD4FA44D506E22250FA6E5CC3082E3 ft=1 fh=079aa239846523ec vn="Variante von MSIL/NewPlayer.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\NewPlayer\NewVideoPlayerUpdater.exe.vir"
sh=E519ED8E680E82B608957A593691208AF95AFC36 ft=0 fh=0000000000000000 vn="JS/Superfish.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\NewPlayer\AddOn\ChromeAddon\manifest.json.vir"
sh=13D795C2E726FEC7BE8B15EADDEA20B893C45464 ft=0 fh=0000000000000000 vn="JS/Superfish.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\NewPlayer\AddOn\ChromeAddon\script.js.vir"
sh=DBAE067FA9F72487D9331D77AFE14E3C6D77AE6F ft=0 fh=0000000000000000 vn="JS/Superfish.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\NewPlayer\flaelojgnhjgiilnmignlkamlcncclph\1.0_0\manifest.json.vir"
sh=13D795C2E726FEC7BE8B15EADDEA20B893C45464 ft=0 fh=0000000000000000 vn="JS/Superfish.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\NewPlayer\flaelojgnhjgiilnmignlkamlcncclph\1.0_0\script.js.vir"
sh=08120C49FFCC10FFF09C4965E1CCC99F08EC06E3 ft=1 fh=c4065e695ff8e78d vn="Variante von MSIL/NewPlayer.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\NewPlayer\references\NewPlayerChecker.exe.vir"
sh=10AB6F5BF2AE7B357A7E1BEE97AA30A6512DE7DE ft=1 fh=fc4a296bcfd5af48 vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SearchProtect\Main\bin\CltMngSvc.exe.vir"
sh=BB6E4EFDCDDC5C876EF941A8E8FC8C37A558C6D3 ft=1 fh=5a3b188cd9c263c2 vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SearchProtect\Main\bin\SPTool.dll.vir"
sh=6E92E96780D7A012AEC66D81A04C1C1644989A7D ft=1 fh=42eab3640c7f75db vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SearchProtect\Main\bin\uninstall.exe.vir"
sh=7F851F7F3AB08BB489A9E9553635ACFF24BD2F4F ft=1 fh=480bb73806aecf9e vn="Variante von Win32/Conduit.SearchProtect.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SearchProtect\SearchProtect\bin\cltmng.exe.vir"
sh=ED0BB5C058DD66D8CF7FC430901119E5FA9460E8 ft=1 fh=493186a480a7c1be vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SearchProtect\SearchProtect\bin\SPTool64.exe.vir"
sh=3ECB52E629A307F1154A11FFC420FEABA8805651 ft=1 fh=7eaccb99bfbac335 vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SearchProtect\SearchProtect\bin\SPVC32.dll.vir"
sh=3009704625F497D74601071243D3260D3C026D48 ft=1 fh=29c0ddfe71de86ad vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SearchProtect\SearchProtect\bin\SPVC32Loader.dll.vir"
sh=3F252E848CE5BA3571A8FA3B9CE9FD8D7EE86634 ft=1 fh=af780bdc59dfdab5 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SearchProtect\SearchProtect\bin\SPVC64.dll.vir"
sh=68E215FD9A959DD28595B0DA25EC5100EFB98253 ft=1 fh=50730cf0e69141f8 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SearchProtect\SearchProtect\bin\SPVC64Loader.dll.vir"
sh=EBB8454D4017FE184FD4B1A4D390C8CE099213C1 ft=1 fh=438201fe522fde58 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SearchProtect\UI\bin\cltmngui.exe.vir"
sh=047D99E909F761A7DEA06B779AFE19B554A50C8E ft=1 fh=2380586d2a5d399e vn="Win32/Thinknice.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SupTab\DpInterface32.dll.vir"
sh=7CE87614C256EF192C11FE5BAE8F5370D323C954 ft=1 fh=fada82384f0fa257 vn="Win64/Thinknice.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SupTab\DpInterface64.dll.vir"
sh=A5C29D6E3E18E7337B054F2ED1716420C855E89D ft=1 fh=9eebf1fc4a4ec7f6 vn="Variante von Win32/Thinknice.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SupTab\DpInterfacef32.dll.vir"
sh=75D8960BE3E4E8D69D5120AF145CD71BD2911E8A ft=1 fh=871c7df5222a359d vn="Win32/Thinknice.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SupTab\SearchProtect32.dll.vir"
sh=CB0FACA0EFAC61A0E2C06A7AA2FB1226B4D259F6 ft=1 fh=748dcd1285b267f0 vn="Win64/Thinknice.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SupTab\SearchProtect64.dll.vir"
sh=E9186EE9441DC1FFCEDC1B85C7E8F9610F74C545 ft=1 fh=217025d488d26a6f vn="Win32/Thinknice.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SupTab\SpAPPSv32.dll.vir"
sh=7A5DEE7799ADCABA410C536555D47BBC2FCF53DE ft=1 fh=04f7507cc1643fbe vn="Win64/Thinknice.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SupTab\SpAPPSv64.dll.vir"
sh=D900E7A2C4BEC4703960CFAC1B7F534858C113C4 ft=1 fh=61d87035b3a8bda7 vn="Win32/Thinknice.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SupTab\SupTab.dll.vir"
sh=610AA9E7DAE8ED5181299795E8D728DF9F001918 ft=1 fh=c71c0011631e338a vn="Variante von Win32/AdWare.MultiPlug.Y Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Adblocker\uQ.exe.vir"
sh=8EB72E101395FEBB37131078A884E25D05BB51C9 ft=1 fh=c71c00113a7cc125 vn="Variante von Win32/AdWare.MultiPlug.T Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\ReguularDeaLs\F2YAwPdR.dll.vir"
sh=610AA9E7DAE8ED5181299795E8D728DF9F001918 ft=1 fh=c71c0011631e338a vn="Variante von Win32/AdWare.MultiPlug.Y Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\SavE On\1w4CqR2Ab.exe.vir"
sh=0EDEFA987AD96277656D30D6BBE9E36FF8096603 ft=1 fh=c71c001158d95df3 vn="Variante von Win32/AdWare.MultiPlug.AG Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\SavE On\lNWc6OR2d.exe.vir"
sh=0D6AEAF9DBBDED91342CE464798143DDDBA41306 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\content.js.vir"
sh=2932A4B3E32623CF30952C97AB7C1DA8F73CF140 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\lsdb.js.vir"
sh=0742B3A1E0610AC0F7D6F516D1C5EAF80C3C3155 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\Mmvs4RO4XL.js.vir"
sh=0A5DE936298503354D4FB872FC4C7D0BC43A47AB ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\eaongaogdgldgphnbioefiadjaoljmif\2.14\cYbFcqR.js.vir"
sh=0D6AEAF9DBBDED91342CE464798143DDDBA41306 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\content.js.vir"
sh=2932A4B3E32623CF30952C97AB7C1DA8F73CF140 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\lsdb.js.vir"
sh=0742B3A1E0610AC0F7D6F516D1C5EAF80C3C3155 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\Mmvs4RO4XL.js.vir"
sh=0A5DE936298503354D4FB872FC4C7D0BC43A47AB ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\eaongaogdgldgphnbioefiadjaoljmif\2.14\cYbFcqR.js.vir"
sh=0D6AEAF9DBBDED91342CE464798143DDDBA41306 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\content.js.vir"
sh=2932A4B3E32623CF30952C97AB7C1DA8F73CF140 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\lsdb.js.vir"
sh=0742B3A1E0610AC0F7D6F516D1C5EAF80C3C3155 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\Mmvs4RO4XL.js.vir"
sh=0D7492DD9A350855F27FF2373D82145C3EAEDB5B ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\oajmcmcpiboagipoflploplebgicaadj\244\inDr4DS.js.vir"
sh=1483AFFABA32C36F782F021B0A8FD0FF7C0AF9C3 ft=1 fh=4f0adcc353eb039f vn="Win32/VOPackage.BC evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\azita\AppData\Local\AnyProtectScannerSetup.exe.vir"
sh=0D6AEAF9DBBDED91342CE464798143DDDBA41306 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\azita\AppData\Local\Chromatic Browser\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\content.js.vir"
sh=2932A4B3E32623CF30952C97AB7C1DA8F73CF140 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\azita\AppData\Local\Chromatic Browser\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\lsdb.js.vir"
sh=0742B3A1E0610AC0F7D6F516D1C5EAF80C3C3155 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\azita\AppData\Local\Chromatic Browser\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\Mmvs4RO4XL.js.vir"
sh=0D6AEAF9DBBDED91342CE464798143DDDBA41306 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\azita\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\content.js.vir"
sh=2932A4B3E32623CF30952C97AB7C1DA8F73CF140 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\azita\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\lsdb.js.vir"
sh=0742B3A1E0610AC0F7D6F516D1C5EAF80C3C3155 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\azita\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\Mmvs4RO4XL.js.vir"
sh=9B44A50B0CEC33F635818F1DEE7879E1EE13BBE9 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.EB Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\azita\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmbhlefgdonlhbobodmjccfbmcbejfhj\7.2\ranJB.js.vir"
sh=0D6AEAF9DBBDED91342CE464798143DDDBA41306 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\azita\AppData\Local\torch\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\content.js.vir"
sh=2932A4B3E32623CF30952C97AB7C1DA8F73CF140 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\azita\AppData\Local\torch\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\lsdb.js.vir"
sh=0742B3A1E0610AC0F7D6F516D1C5EAF80C3C3155 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\azita\AppData\Local\torch\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\Mmvs4RO4XL.js.vir"
sh=FEDDD9DAA3D941361E28D9ED92767D4FB2E77AE1 ft=1 fh=b99d9b5e29803b84 vn="Win32/Systweak.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\azita\AppData\Roaming\Systweak\ssd\SSDPTstub.exe.vir"
sh=0D6AEAF9DBBDED91342CE464798143DDDBA41306 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\azita21\AppData\Local\Chromatic Browser\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\content.js.vir"
sh=2932A4B3E32623CF30952C97AB7C1DA8F73CF140 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\azita21\AppData\Local\Chromatic Browser\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\lsdb.js.vir"
sh=0742B3A1E0610AC0F7D6F516D1C5EAF80C3C3155 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\azita21\AppData\Local\Chromatic Browser\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\Mmvs4RO4XL.js.vir"
sh=0D6AEAF9DBBDED91342CE464798143DDDBA41306 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\azita21\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\content.js.vir"
sh=2932A4B3E32623CF30952C97AB7C1DA8F73CF140 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\azita21\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\lsdb.js.vir"
sh=0742B3A1E0610AC0F7D6F516D1C5EAF80C3C3155 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\azita21\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\Mmvs4RO4XL.js.vir"
sh=0D6AEAF9DBBDED91342CE464798143DDDBA41306 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\azita21\AppData\Local\torch\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\content.js.vir"
sh=2932A4B3E32623CF30952C97AB7C1DA8F73CF140 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\azita21\AppData\Local\torch\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\lsdb.js.vir"
sh=0742B3A1E0610AC0F7D6F516D1C5EAF80C3C3155 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\azita21\AppData\Local\torch\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\Mmvs4RO4XL.js.vir"
sh=0D6AEAF9DBBDED91342CE464798143DDDBA41306 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gast\AppData\Local\Chromatic Browser\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\content.js.vir"
sh=2932A4B3E32623CF30952C97AB7C1DA8F73CF140 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gast\AppData\Local\Chromatic Browser\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\lsdb.js.vir"
sh=0742B3A1E0610AC0F7D6F516D1C5EAF80C3C3155 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gast\AppData\Local\Chromatic Browser\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\Mmvs4RO4XL.js.vir"
sh=0D6AEAF9DBBDED91342CE464798143DDDBA41306 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\content.js.vir"
sh=2932A4B3E32623CF30952C97AB7C1DA8F73CF140 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\lsdb.js.vir"
sh=0742B3A1E0610AC0F7D6F516D1C5EAF80C3C3155 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\Mmvs4RO4XL.js.vir"
sh=0D6AEAF9DBBDED91342CE464798143DDDBA41306 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gast\AppData\Local\torch\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\content.js.vir"
sh=2932A4B3E32623CF30952C97AB7C1DA8F73CF140 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gast\AppData\Local\torch\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\lsdb.js.vir"
sh=0742B3A1E0610AC0F7D6F516D1C5EAF80C3C3155 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gast\AppData\Local\torch\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\Mmvs4RO4XL.js.vir"
sh=0A5DE936298503354D4FB872FC4C7D0BC43A47AB ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\eaongaogdgldgphnbioefiadjaoljmif\2.14\cYbFcqR.js.vir"
sh=0D7492DD9A350855F27FF2373D82145C3EAEDB5B ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\oajmcmcpiboagipoflploplebgicaadj\244\inDr4DS.js.vir"
sh=0A5DE936298503354D4FB872FC4C7D0BC43A47AB ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\eaongaogdgldgphnbioefiadjaoljmif\2.14\cYbFcqR.js.vir"
sh=0A5DE936298503354D4FB872FC4C7D0BC43A47AB ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\torch\User Data\Default\Extensions\eaongaogdgldgphnbioefiadjaoljmif\2.14\cYbFcqR.js.vir"
sh=0D7492DD9A350855F27FF2373D82145C3EAEDB5B ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\torch\User Data\Default\Extensions\oajmcmcpiboagipoflploplebgicaadj\244\inDr4DS.js.vir"
sh=0D6AEAF9DBBDED91342CE464798143DDDBA41306 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\mmm\AppData\Local\Chromatic Browser\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\content.js.vir"
sh=2932A4B3E32623CF30952C97AB7C1DA8F73CF140 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\mmm\AppData\Local\Chromatic Browser\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\lsdb.js.vir"
sh=0742B3A1E0610AC0F7D6F516D1C5EAF80C3C3155 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\mmm\AppData\Local\Chromatic Browser\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\Mmvs4RO4XL.js.vir"
sh=0D6AEAF9DBBDED91342CE464798143DDDBA41306 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\mmm\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\content.js.vir"
sh=2932A4B3E32623CF30952C97AB7C1DA8F73CF140 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\mmm\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\lsdb.js.vir"
sh=0742B3A1E0610AC0F7D6F516D1C5EAF80C3C3155 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\mmm\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\Mmvs4RO4XL.js.vir"
sh=0D6AEAF9DBBDED91342CE464798143DDDBA41306 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\mmm\AppData\Local\torch\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\content.js.vir"
sh=2932A4B3E32623CF30952C97AB7C1DA8F73CF140 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\mmm\AppData\Local\torch\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\lsdb.js.vir"
sh=0742B3A1E0610AC0F7D6F516D1C5EAF80C3C3155 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\mmm\AppData\Local\torch\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\Mmvs4RO4XL.js.vir"
sh=05A2E943969BE29318675E105EE1605CC2B7FE50 ft=1 fh=28e73ed5b32e7ff9 vn="Variante von Win32/Systweak.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\system32\roboot.exe.vir"
sh=6F339DF7EF61590C7CA38AC684CBA0F287A1D23F ft=1 fh=c71c001198f425ea vn="Win32/InstalleRex.M evtl. unerwünschte Anwendung" ac=I fn="C:\ProgramData\InstallMate\{849EE2CA-BC4F-451B-A7F0-F46D5F7DC03C}\Custom.dll"
sh=87ACA7965ACCB43236DED22E5D8ED1299188BDA0 ft=1 fh=c71c001198f425ea vn="Win32/InstalleRex.M evtl. unerwünschte Anwendung" ac=I fn="C:\ProgramData\InstallMate\{AF741F22-AC2A-4678-A493-E40874973DD4}\Custom.dll"
sh=0D6AEAF9DBBDED91342CE464798143DDDBA41306 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\content.js.vir"
sh=2932A4B3E32623CF30952C97AB7C1DA8F73CF140 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\lsdb.js.vir"
sh=0742B3A1E0610AC0F7D6F516D1C5EAF80C3C3155 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\Mmvs4RO4XL.js.vir"
sh=0D7492DD9A350855F27FF2373D82145C3EAEDB5B ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\oajmcmcpiboagipoflploplebgicaadj\244\inDr4DS.js.vir"
sh=0A5DE936298503354D4FB872FC4C7D0BC43A47AB ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eaongaogdgldgphnbioefiadjaoljmif\2.14\cYbFcqR.js.vir"
sh=0D6AEAF9DBBDED91342CE464798143DDDBA41306 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\content.js.vir"
sh=2932A4B3E32623CF30952C97AB7C1DA8F73CF140 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\lsdb.js.vir"
sh=0742B3A1E0610AC0F7D6F516D1C5EAF80C3C3155 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\Mmvs4RO4XL.js.vir"
sh=0D7492DD9A350855F27FF2373D82145C3EAEDB5B ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oajmcmcpiboagipoflploplebgicaadj\244\inDr4DS.js.vir"
sh=0D6AEAF9DBBDED91342CE464798143DDDBA41306 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\azita\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\content.js.vir"
sh=2932A4B3E32623CF30952C97AB7C1DA8F73CF140 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\azita\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\lsdb.js.vir"
sh=0742B3A1E0610AC0F7D6F516D1C5EAF80C3C3155 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\azita\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\Mmvs4RO4XL.js.vir"
sh=16B847609909F6465847192D4739BD78C6316E77 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.EB Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\azita\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcdpjakjgmgklajndnlekpojkelnibfp\232\vTjIssd2E.js.vir"
sh=6B210DA61DF46D3AB5DC77D6B6553C2951124A8F ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.EB Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\azita\AppData\Local\Google\Chrome\User Data\Default\Extensions\eimhdmlhdgmboegnmecdnfbmdmhdoool\233\uqoNLV.js.vir"
sh=0D6AEAF9DBBDED91342CE464798143DDDBA41306 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\azita\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\content.js.vir"
sh=2932A4B3E32623CF30952C97AB7C1DA8F73CF140 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\azita\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\lsdb.js.vir"
sh=0742B3A1E0610AC0F7D6F516D1C5EAF80C3C3155 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\azita\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\Mmvs4RO4XL.js.vir"
sh=0D6AEAF9DBBDED91342CE464798143DDDBA41306 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\azita21\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\content.js.vir"
sh=2932A4B3E32623CF30952C97AB7C1DA8F73CF140 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\azita21\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\lsdb.js.vir"
sh=0742B3A1E0610AC0F7D6F516D1C5EAF80C3C3155 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\azita21\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\Mmvs4RO4XL.js.vir"
sh=0D6AEAF9DBBDED91342CE464798143DDDBA41306 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\azita21\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\content.js.vir"
sh=2932A4B3E32623CF30952C97AB7C1DA8F73CF140 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\azita21\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\lsdb.js.vir"
sh=0742B3A1E0610AC0F7D6F516D1C5EAF80C3C3155 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\azita21\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\Mmvs4RO4XL.js.vir"
sh=0D6AEAF9DBBDED91342CE464798143DDDBA41306 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\content.js.vir"
sh=2932A4B3E32623CF30952C97AB7C1DA8F73CF140 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\lsdb.js.vir"
sh=0742B3A1E0610AC0F7D6F516D1C5EAF80C3C3155 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\Mmvs4RO4XL.js.vir"
sh=0D6AEAF9DBBDED91342CE464798143DDDBA41306 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\content.js.vir"
sh=2932A4B3E32623CF30952C97AB7C1DA8F73CF140 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\lsdb.js.vir"
sh=0742B3A1E0610AC0F7D6F516D1C5EAF80C3C3155 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\Mmvs4RO4XL.js.vir"
sh=0A5DE936298503354D4FB872FC4C7D0BC43A47AB ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eaongaogdgldgphnbioefiadjaoljmif\2.14\cYbFcqR.js.vir"
sh=0D7492DD9A350855F27FF2373D82145C3EAEDB5B ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oajmcmcpiboagipoflploplebgicaadj\244\inDr4DS.js.vir"
sh=0D7492DD9A350855F27FF2373D82145C3EAEDB5B ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\oajmcmcpiboagipoflploplebgicaadj\244\inDr4DS.js.vir"
sh=0A5DE936298503354D4FB872FC4C7D0BC43A47AB ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eaongaogdgldgphnbioefiadjaoljmif\2.14\cYbFcqR.js.vir"
sh=0D7492DD9A350855F27FF2373D82145C3EAEDB5B ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oajmcmcpiboagipoflploplebgicaadj\244\inDr4DS.js.vir"
sh=0D6AEAF9DBBDED91342CE464798143DDDBA41306 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\mmm\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\content.js.vir"
sh=2932A4B3E32623CF30952C97AB7C1DA8F73CF140 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\mmm\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\lsdb.js.vir"
sh=0742B3A1E0610AC0F7D6F516D1C5EAF80C3C3155 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\mmm\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\Mmvs4RO4XL.js.vir"
sh=0D6AEAF9DBBDED91342CE464798143DDDBA41306 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\mmm\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\content.js.vir"
sh=2932A4B3E32623CF30952C97AB7C1DA8F73CF140 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\mmm\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\lsdb.js.vir"
sh=0742B3A1E0610AC0F7D6F516D1C5EAF80C3C3155 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\mmm\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\Mmvs4RO4XL.js.vir"
sh=6F339DF7EF61590C7CA38AC684CBA0F287A1D23F ft=1 fh=c71c001198f425ea vn="Win32/InstalleRex.M evtl. unerwünschte Anwendung" ac=I fn="C:\Users\All Users\InstallMate\{849EE2CA-BC4F-451B-A7F0-F46D5F7DC03C}\Custom.dll"
sh=87ACA7965ACCB43236DED22E5D8ED1299188BDA0 ft=1 fh=c71c001198f425ea vn="Win32/InstalleRex.M evtl. unerwünschte Anwendung" ac=I fn="C:\Users\All Users\InstallMate\{AF741F22-AC2A-4678-A493-E40874973DD4}\Custom.dll"
sh=DF1D3DB3B839BBEFA71C3CC67836EE4FD2683909 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\azita\AppData\Local\Google\Chrome\User Data\Default\Extensions\okadibdjfemgnhjiembecghcbfknbfhg\11818.8373.4127_0\extensionData\plugins\91.js"
sh=4DBA30229FFB8587FF9D0A01C3C84738318F99A2 ft=1 fh=96887c64059f99eb vn="Variante von Win32/SoftPulse.F evtl. unerwünschte Anwendung" ac=I fn="C:\Users\azita\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\00\00000001"
sh=063C8DF5A00EBFB1774E35C1B8EFCD712E5BF3D0 ft=1 fh=a5c1ffc2059f99eb vn="Variante von Win32/SoftPulse.F evtl. unerwünschte Anwendung" ac=I fn="C:\Users\azita\AppData\Local\Google\Chrome\User Data\Default\File System\001\t\00\00000003"
sh=C805FD8704F50E2CB2A471A034E5A44642FDA20F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\azita\AppData\Roaming\Opera Software\Opera Stable\Extensions\kgdaeidiojbdgmnjnpmklilaodjlkbjp\1.26.27_0\extensionData\plugins\91.js"
sh=A0178FCDBB41F8C9614D6C62ABE76086FF8DF3EC ft=1 fh=5f1e9858059f99eb vn="Variante von Win32/SoftPulse.F evtl. unerwünschte Anwendung" ac=I fn="C:\Users\azita\Downloads\Java.exe"
sh=2C6E8BAEE63357547FCCDA9A0D9EAC9B89B381C0 ft=1 fh=26d53975f5b1b150 vn="Variante von Win32/InstallCore.PK evtl. unerwünschte Anwendung" ac=I fn="C:\Users\azita\Downloads\PerfectFrame_CB-DL-Manager.exe"
sh=05E915843AB6FB13703313AEE492CC78274B2AB6 ft=1 fh=8d406387059f99eb vn="Variante von Win32/SoftPulse.F evtl. unerwünschte Anwendung" ac=I fn="C:\Users\azita\Downloads\Player_Setup (1).exe"
sh=E4932FB436B28AB81FCA993ED344C07E8F72CFD5 ft=1 fh=eb7435e1059f99eb vn="Variante von Win32/SoftPulse.F evtl. unerwünschte Anwendung" ac=I fn="C:\Users\azita\Downloads\Player_Setup (2).exe"
sh=063C8DF5A00EBFB1774E35C1B8EFCD712E5BF3D0 ft=1 fh=a5c1ffc2059f99eb vn="Variante von Win32/SoftPulse.F evtl. unerwünschte Anwendung" ac=I fn="C:\Users\azita\Downloads\Player_Setup (3).exe"
sh=04990BD2E174FAD75E053C1B1C41D926272477B2 ft=1 fh=85be3987059f99eb vn="Variante von Win32/SoftPulse.F evtl. unerwünschte Anwendung" ac=I fn="C:\Users\azita\Downloads\Player_Setup.exe"
sh=C8E3B3C0717965413EB561FCC866176D0112B6E2 ft=1 fh=4f2415caf0d6aeaf vn="Win32/OutBrowse.Y evtl. unerwünschte Anwendung" ac=I fn="C:\Users\azita\Downloads\setup (1).exe"
sh=8E627D4F39933BAD969A15324F496DFC92114FC0 ft=1 fh=03c55b8beecb0eb4 vn="Win32/OutBrowse.Y evtl. unerwünschte Anwendung" ac=I fn="C:\Users\azita\Downloads\setup (10).exe"
sh=5038FC490584AE3F5B0B805E89BBC2D77C725AD4 ft=1 fh=6d6fe3ed8cd5c531 vn="Win32/OutBrowse.Y evtl. unerwünschte Anwendung" ac=I fn="C:\Users\azita\Downloads\setup (11).exe"
sh=A0F5C1416D31862CB79064E4A71F1D2930D4CA0F ft=1 fh=7718711dc903ea0d vn="Win32/OutBrowse.AA evtl. unerwünschte Anwendung" ac=I fn="C:\Users\azita\Downloads\setup (12).exe"
sh=57D3B4D9007F8F3AD2EEADBE719D3A96D48452B0 ft=1 fh=05821bd46e16176b vn="Win32/OutBrowse.AA evtl. unerwünschte Anwendung" ac=I fn="C:\Users\azita\Downloads\setup (13).exe"
sh=06A87F9333E67DA404C8C1ECE8787DCD3F371280 ft=1 fh=4eef9b076e039cfc vn="Win32/OutBrowse.AA evtl. unerwünschte Anwendung" ac=I fn="C:\Users\azita\Downloads\setup (14).exe"
sh=3E8B3DBF0B5EB1C370D0DA11123CF94EF198FE71 ft=1 fh=1802abf7c4220c4e vn="Win32/OutBrowse.Y evtl. unerwünschte Anwendung" ac=I fn="C:\Users\azita\Downloads\setup (2).exe"
sh=B429770BD27726DE9524FB47F64165F893608C8F ft=1 fh=853dabbc8166a0d4 vn="Win32/OutBrowse.Y evtl. unerwünschte Anwendung" ac=I fn="C:\Users\azita\Downloads\setup (3).exe"
sh=536DDE5AD040F05F13B7B8A57040AA6D5450A59D ft=1 fh=4ff590269a641eb7 vn="Win32/OutBrowse.Y evtl. unerwünschte Anwendung" ac=I fn="C:\Users\azita\Downloads\setup (4).exe"
sh=AD4047E6513E7AB74F38429EA2840DBBD74C9759 ft=1 fh=365588e0d1aebb54 vn="Win32/OutBrowse.Y evtl. unerwünschte Anwendung" ac=I fn="C:\Users\azita\Downloads\setup (5).exe"
sh=BD426A2FAEB5B299C15C696D2C930BDE3CF18342 ft=1 fh=c7301b67b40e178b vn="Win32/OutBrowse.Y evtl. unerwünschte Anwendung" ac=I fn="C:\Users\azita\Downloads\setup (6).exe"
sh=89F437857F180B8B80DA2F4EB3C1B4A9597ABF95 ft=1 fh=8074bc1c993a32b3 vn="Win32/OutBrowse.Y evtl. unerwünschte Anwendung" ac=I fn="C:\Users\azita\Downloads\setup (7).exe"
sh=D126ABF5D007DF958EB01FEA338E196BEF0EAC3A ft=1 fh=ae18a634e49e5df3 vn="Win32/OutBrowse.Y evtl. unerwünschte Anwendung" ac=I fn="C:\Users\azita\Downloads\setup (8).exe"
sh=A3F9AAFC27E82E8B8A584936FA4B5D087E650BD8 ft=1 fh=553f4248d3f5df29 vn="Win32/OutBrowse.Y evtl. unerwünschte Anwendung" ac=I fn="C:\Users\azita\Downloads\setup (9).exe"
sh=BBD3E43520222552D6C685290029536A341193D8 ft=1 fh=d8aed24a918eed9a vn="Win32/OutBrowse.Y evtl. unerwünschte Anwendung" ac=I fn="C:\Users\azita\Downloads\setup.exe"
sh=322BC4CE08C289F7D423878AC2B15FF65460BC14 ft=1 fh=dc9b09d274abd61d vn="Variante von Win32/SoftonicDownloader.G evtl. unerwünschte Anwendung" ac=I fn="C:\Users\azita\Downloads\SoftonicDownloader_for_jpeg-to-pdf.exe"
sh=F165BFB58CCCEBA76EFA9E4B2F1CB2A774BB3445 ft=1 fh=a8bb9f0a0afd3e36 vn="Win32/AdWare.EoRezo.AW Anwendung" ac=I fn="C:\Users\azita21.mmm-PC\AppData\Local\fst_de_147\Download\majfst_gentlede.exe"
sh=C0E3CC6145D892B8479C11F80E2FB0F334427090 ft=1 fh=369f3d976ac26e30 vn="Variante von Win32/SoftPulse.O evtl. unerwünschte Anwendung" ac=I fn="C:\Users\azita21.mmm-PC\Downloads\Setup.exe"
ESETSmartInstaller@High as downloader log:
all ok
DLL:pipe not connected. attempts=120
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=9140a9e8566d914d819eb3693b6afac6
# engine=21785
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-01-02 12:43:53
# local_time=2015-01-02 01:43:53 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.0.6001 NT Service Pack 1
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 99 15012 12111230 0 0
# compatibility_mode_1='McAfee VirusScan'
# compatibility_mode=5121 16776573 100 96 15912379 191054887 0 0
# compatibility_mode_1=''
# compatibility_mode=5892 16776574 100 100 94976 257735361 0 0
# scanned=135448
# found=160
# cleaned=0
# scan_time=10735
sh=169902243AEBE2CD2F1B856E6EF1403514BEC67D ft=1 fh=fc6a22eefa41c9ca vn="Variante von MSIL/MyPCBackup.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\MyPC Backup\MyPC Backup.exe.vir"
sh=69965658CBE50E2BDADB72755BB94332A4D5F971 ft=1 fh=b5c5c236bb0c961e vn="Variante von MSIL/NewPlayer.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\NewPlayer\AddonNP.exe.vir"
sh=43A123C825F2DB7104D75DA73B6B71C0A2B320DA ft=1 fh=36bf59f3c65f5b85 vn="Variante von MSIL/NewPlayer.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\NewPlayer\NewVideoPlayer.exe.vir"
sh=8F6E476776CD4FA44D506E22250FA6E5CC3082E3 ft=1 fh=079aa239846523ec vn="Variante von MSIL/NewPlayer.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\NewPlayer\NewVideoPlayerUpdater.exe.vir"
sh=E519ED8E680E82B608957A593691208AF95AFC36 ft=0 fh=0000000000000000 vn="JS/Superfish.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\NewPlayer\AddOn\ChromeAddon\manifest.json.vir"
sh=13D795C2E726FEC7BE8B15EADDEA20B893C45464 ft=0 fh=0000000000000000 vn="JS/Superfish.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\NewPlayer\AddOn\ChromeAddon\script.js.vir"
sh=DBAE067FA9F72487D9331D77AFE14E3C6D77AE6F ft=0 fh=0000000000000000 vn="JS/Superfish.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\NewPlayer\flaelojgnhjgiilnmignlkamlcncclph\1.0_0\manifest.json.vir"
sh=13D795C2E726FEC7BE8B15EADDEA20B893C45464 ft=0 fh=0000000000000000 vn="JS/Superfish.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\NewPlayer\flaelojgnhjgiilnmignlkamlcncclph\1.0_0\script.js.vir"
sh=08120C49FFCC10FFF09C4965E1CCC99F08EC06E3 ft=1 fh=c4065e695ff8e78d vn="Variante von MSIL/NewPlayer.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\NewPlayer\references\NewPlayerChecker.exe.vir"
sh=10AB6F5BF2AE7B357A7E1BEE97AA30A6512DE7DE ft=1 fh=fc4a296bcfd5af48 vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SearchProtect\Main\bin\CltMngSvc.exe.vir"
sh=BB6E4EFDCDDC5C876EF941A8E8FC8C37A558C6D3 ft=1 fh=5a3b188cd9c263c2 vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SearchProtect\Main\bin\SPTool.dll.vir"
sh=6E92E96780D7A012AEC66D81A04C1C1644989A7D ft=1 fh=42eab3640c7f75db vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SearchProtect\Main\bin\uninstall.exe.vir"
sh=7F851F7F3AB08BB489A9E9553635ACFF24BD2F4F ft=1 fh=480bb73806aecf9e vn="Variante von Win32/Conduit.SearchProtect.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SearchProtect\SearchProtect\bin\cltmng.exe.vir"
sh=ED0BB5C058DD66D8CF7FC430901119E5FA9460E8 ft=1 fh=493186a480a7c1be vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SearchProtect\SearchProtect\bin\SPTool64.exe.vir"
sh=3ECB52E629A307F1154A11FFC420FEABA8805651 ft=1 fh=7eaccb99bfbac335 vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SearchProtect\SearchProtect\bin\SPVC32.dll.vir"
sh=3009704625F497D74601071243D3260D3C026D48 ft=1 fh=29c0ddfe71de86ad vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SearchProtect\SearchProtect\bin\SPVC32Loader.dll.vir"
sh=3F252E848CE5BA3571A8FA3B9CE9FD8D7EE86634 ft=1 fh=af780bdc59dfdab5 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SearchProtect\SearchProtect\bin\SPVC64.dll.vir"
sh=68E215FD9A959DD28595B0DA25EC5100EFB98253 ft=1 fh=50730cf0e69141f8 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SearchProtect\SearchProtect\bin\SPVC64Loader.dll.vir"
sh=EBB8454D4017FE184FD4B1A4D390C8CE099213C1 ft=1 fh=438201fe522fde58 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SearchProtect\UI\bin\cltmngui.exe.vir"
sh=047D99E909F761A7DEA06B779AFE19B554A50C8E ft=1 fh=2380586d2a5d399e vn="Win32/Thinknice.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SupTab\DpInterface32.dll.vir"
sh=7CE87614C256EF192C11FE5BAE8F5370D323C954 ft=1 fh=fada82384f0fa257 vn="Win64/Thinknice.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SupTab\DpInterface64.dll.vir"
sh=A5C29D6E3E18E7337B054F2ED1716420C855E89D ft=1 fh=9eebf1fc4a4ec7f6 vn="Variante von Win32/Thinknice.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SupTab\DpInterfacef32.dll.vir"
sh=75D8960BE3E4E8D69D5120AF145CD71BD2911E8A ft=1 fh=871c7df5222a359d vn="Win32/Thinknice.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SupTab\SearchProtect32.dll.vir"
sh=CB0FACA0EFAC61A0E2C06A7AA2FB1226B4D259F6 ft=1 fh=748dcd1285b267f0 vn="Win64/Thinknice.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SupTab\SearchProtect64.dll.vir"
sh=E9186EE9441DC1FFCEDC1B85C7E8F9610F74C545 ft=1 fh=217025d488d26a6f vn="Win32/Thinknice.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SupTab\SpAPPSv32.dll.vir"
sh=7A5DEE7799ADCABA410C536555D47BBC2FCF53DE ft=1 fh=04f7507cc1643fbe vn="Win64/Thinknice.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SupTab\SpAPPSv64.dll.vir"
sh=D900E7A2C4BEC4703960CFAC1B7F534858C113C4 ft=1 fh=61d87035b3a8bda7 vn="Win32/Thinknice.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SupTab\SupTab.dll.vir"
sh=610AA9E7DAE8ED5181299795E8D728DF9F001918 ft=1 fh=c71c0011631e338a vn="Variante von Win32/AdWare.MultiPlug.Y Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Adblocker\uQ.exe.vir"
sh=8EB72E101395FEBB37131078A884E25D05BB51C9 ft=1 fh=c71c00113a7cc125 vn="Variante von Win32/AdWare.MultiPlug.T Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\ReguularDeaLs\F2YAwPdR.dll.vir"
sh=610AA9E7DAE8ED5181299795E8D728DF9F001918 ft=1 fh=c71c0011631e338a vn="Variante von Win32/AdWare.MultiPlug.Y Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\SavE On\1w4CqR2Ab.exe.vir"
sh=0EDEFA987AD96277656D30D6BBE9E36FF8096603 ft=1 fh=c71c001158d95df3 vn="Variante von Win32/AdWare.MultiPlug.AG Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\SavE On\lNWc6OR2d.exe.vir"
sh=0D6AEAF9DBBDED91342CE464798143DDDBA41306 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\content.js.vir"
sh=2932A4B3E32623CF30952C97AB7C1DA8F73CF140 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\lsdb.js.vir"
sh=0742B3A1E0610AC0F7D6F516D1C5EAF80C3C3155 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\Mmvs4RO4XL.js.vir"
sh=0A5DE936298503354D4FB872FC4C7D0BC43A47AB ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\eaongaogdgldgphnbioefiadjaoljmif\2.14\cYbFcqR.js.vir"
sh=0D6AEAF9DBBDED91342CE464798143DDDBA41306 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\content.js.vir"
sh=2932A4B3E32623CF30952C97AB7C1DA8F73CF140 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\lsdb.js.vir"
sh=0742B3A1E0610AC0F7D6F516D1C5EAF80C3C3155 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\Mmvs4RO4XL.js.vir"
sh=0A5DE936298503354D4FB872FC4C7D0BC43A47AB ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\eaongaogdgldgphnbioefiadjaoljmif\2.14\cYbFcqR.js.vir"
sh=0D6AEAF9DBBDED91342CE464798143DDDBA41306 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\content.js.vir"
sh=2932A4B3E32623CF30952C97AB7C1DA8F73CF140 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\lsdb.js.vir"
sh=0742B3A1E0610AC0F7D6F516D1C5EAF80C3C3155 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\Mmvs4RO4XL.js.vir"
sh=0D7492DD9A350855F27FF2373D82145C3EAEDB5B ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\oajmcmcpiboagipoflploplebgicaadj\244\inDr4DS.js.vir"
sh=1483AFFABA32C36F782F021B0A8FD0FF7C0AF9C3 ft=1 fh=4f0adcc353eb039f vn="Win32/VOPackage.BC evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\azita\AppData\Local\AnyProtectScannerSetup.exe.vir"
sh=0D6AEAF9DBBDED91342CE464798143DDDBA41306 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\azita\AppData\Local\Chromatic Browser\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\content.js.vir"
sh=2932A4B3E32623CF30952C97AB7C1DA8F73CF140 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\azita\AppData\Local\Chromatic Browser\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\lsdb.js.vir"
sh=0742B3A1E0610AC0F7D6F516D1C5EAF80C3C3155 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\azita\AppData\Local\Chromatic Browser\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\Mmvs4RO4XL.js.vir"
sh=0D6AEAF9DBBDED91342CE464798143DDDBA41306 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\azita\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\content.js.vir"
sh=2932A4B3E32623CF30952C97AB7C1DA8F73CF140 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\azita\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\lsdb.js.vir"
sh=0742B3A1E0610AC0F7D6F516D1C5EAF80C3C3155 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\azita\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\Mmvs4RO4XL.js.vir"
sh=9B44A50B0CEC33F635818F1DEE7879E1EE13BBE9 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.EB Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\azita\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmbhlefgdonlhbobodmjccfbmcbejfhj\7.2\ranJB.js.vir"
sh=0D6AEAF9DBBDED91342CE464798143DDDBA41306 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\azita\AppData\Local\torch\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\content.js.vir"
sh=2932A4B3E32623CF30952C97AB7C1DA8F73CF140 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\azita\AppData\Local\torch\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\lsdb.js.vir"
sh=0742B3A1E0610AC0F7D6F516D1C5EAF80C3C3155 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\azita\AppData\Local\torch\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\Mmvs4RO4XL.js.vir"
sh=FEDDD9DAA3D941361E28D9ED92767D4FB2E77AE1 ft=1 fh=b99d9b5e29803b84 vn="Win32/Systweak.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\azita\AppData\Roaming\Systweak\ssd\SSDPTstub.exe.vir"
sh=0D6AEAF9DBBDED91342CE464798143DDDBA41306 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\azita21\AppData\Local\Chromatic Browser\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\content.js.vir"
sh=2932A4B3E32623CF30952C97AB7C1DA8F73CF140 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\azita21\AppData\Local\Chromatic Browser\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\lsdb.js.vir"
sh=0742B3A1E0610AC0F7D6F516D1C5EAF80C3C3155 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\azita21\AppData\Local\Chromatic Browser\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\Mmvs4RO4XL.js.vir"
sh=0D6AEAF9DBBDED91342CE464798143DDDBA41306 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\azita21\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\content.js.vir"
sh=2932A4B3E32623CF30952C97AB7C1DA8F73CF140 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\azita21\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\lsdb.js.vir"
sh=0742B3A1E0610AC0F7D6F516D1C5EAF80C3C3155 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\azita21\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\Mmvs4RO4XL.js.vir"
sh=0D6AEAF9DBBDED91342CE464798143DDDBA41306 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\azita21\AppData\Local\torch\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\content.js.vir"
sh=2932A4B3E32623CF30952C97AB7C1DA8F73CF140 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\azita21\AppData\Local\torch\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\lsdb.js.vir"
sh=0742B3A1E0610AC0F7D6F516D1C5EAF80C3C3155 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\azita21\AppData\Local\torch\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\Mmvs4RO4XL.js.vir"
sh=0D6AEAF9DBBDED91342CE464798143DDDBA41306 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gast\AppData\Local\Chromatic Browser\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\content.js.vir"
sh=2932A4B3E32623CF30952C97AB7C1DA8F73CF140 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gast\AppData\Local\Chromatic Browser\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\lsdb.js.vir"
sh=0742B3A1E0610AC0F7D6F516D1C5EAF80C3C3155 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gast\AppData\Local\Chromatic Browser\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\Mmvs4RO4XL.js.vir"
sh=0D6AEAF9DBBDED91342CE464798143DDDBA41306 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\content.js.vir"
sh=2932A4B3E32623CF30952C97AB7C1DA8F73CF140 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\lsdb.js.vir"
sh=0742B3A1E0610AC0F7D6F516D1C5EAF80C3C3155 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\Mmvs4RO4XL.js.vir"
sh=0D6AEAF9DBBDED91342CE464798143DDDBA41306 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gast\AppData\Local\torch\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\content.js.vir"
sh=2932A4B3E32623CF30952C97AB7C1DA8F73CF140 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gast\AppData\Local\torch\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\lsdb.js.vir"
sh=0742B3A1E0610AC0F7D6F516D1C5EAF80C3C3155 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gast\AppData\Local\torch\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\Mmvs4RO4XL.js.vir"
sh=0A5DE936298503354D4FB872FC4C7D0BC43A47AB ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\eaongaogdgldgphnbioefiadjaoljmif\2.14\cYbFcqR.js.vir"
sh=0D7492DD9A350855F27FF2373D82145C3EAEDB5B ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\oajmcmcpiboagipoflploplebgicaadj\244\inDr4DS.js.vir"
sh=0A5DE936298503354D4FB872FC4C7D0BC43A47AB ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\eaongaogdgldgphnbioefiadjaoljmif\2.14\cYbFcqR.js.vir"
sh=0A5DE936298503354D4FB872FC4C7D0BC43A47AB ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\torch\User Data\Default\Extensions\eaongaogdgldgphnbioefiadjaoljmif\2.14\cYbFcqR.js.vir"
sh=0D7492DD9A350855F27FF2373D82145C3EAEDB5B ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\torch\User Data\Default\Extensions\oajmcmcpiboagipoflploplebgicaadj\244\inDr4DS.js.vir"
sh=0D6AEAF9DBBDED91342CE464798143DDDBA41306 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\mmm\AppData\Local\Chromatic Browser\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\content.js.vir"
sh=2932A4B3E32623CF30952C97AB7C1DA8F73CF140 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\mmm\AppData\Local\Chromatic Browser\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\lsdb.js.vir"
sh=0742B3A1E0610AC0F7D6F516D1C5EAF80C3C3155 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\mmm\AppData\Local\Chromatic Browser\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\Mmvs4RO4XL.js.vir"
sh=0D6AEAF9DBBDED91342CE464798143DDDBA41306 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\mmm\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\content.js.vir"
sh=2932A4B3E32623CF30952C97AB7C1DA8F73CF140 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\mmm\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\lsdb.js.vir"
sh=0742B3A1E0610AC0F7D6F516D1C5EAF80C3C3155 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\mmm\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\Mmvs4RO4XL.js.vir"
sh=0D6AEAF9DBBDED91342CE464798143DDDBA41306 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\mmm\AppData\Local\torch\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\content.js.vir"
sh=2932A4B3E32623CF30952C97AB7C1DA8F73CF140 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\mmm\AppData\Local\torch\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\lsdb.js.vir"
sh=0742B3A1E0610AC0F7D6F516D1C5EAF80C3C3155 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\mmm\AppData\Local\torch\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\Mmvs4RO4XL.js.vir"
sh=05A2E943969BE29318675E105EE1605CC2B7FE50 ft=1 fh=28e73ed5b32e7ff9 vn="Variante von Win32/Systweak.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\system32\roboot.exe.vir"
sh=6F339DF7EF61590C7CA38AC684CBA0F287A1D23F ft=1 fh=c71c001198f425ea vn="Win32/InstalleRex.M evtl. unerwünschte Anwendung" ac=I fn="C:\ProgramData\InstallMate\{849EE2CA-BC4F-451B-A7F0-F46D5F7DC03C}\Custom.dll"
sh=87ACA7965ACCB43236DED22E5D8ED1299188BDA0 ft=1 fh=c71c001198f425ea vn="Win32/InstalleRex.M evtl. unerwünschte Anwendung" ac=I fn="C:\ProgramData\InstallMate\{AF741F22-AC2A-4678-A493-E40874973DD4}\Custom.dll"
sh=0D6AEAF9DBBDED91342CE464798143DDDBA41306 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\content.js.vir"
sh=2932A4B3E32623CF30952C97AB7C1DA8F73CF140 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\lsdb.js.vir"
sh=0742B3A1E0610AC0F7D6F516D1C5EAF80C3C3155 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\Mmvs4RO4XL.js.vir"
sh=0D7492DD9A350855F27FF2373D82145C3EAEDB5B ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\oajmcmcpiboagipoflploplebgicaadj\244\inDr4DS.js.vir"
sh=0A5DE936298503354D4FB872FC4C7D0BC43A47AB ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eaongaogdgldgphnbioefiadjaoljmif\2.14\cYbFcqR.js.vir"
sh=0D6AEAF9DBBDED91342CE464798143DDDBA41306 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\content.js.vir"
sh=2932A4B3E32623CF30952C97AB7C1DA8F73CF140 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\lsdb.js.vir"
sh=0742B3A1E0610AC0F7D6F516D1C5EAF80C3C3155 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\Mmvs4RO4XL.js.vir"
sh=0D7492DD9A350855F27FF2373D82145C3EAEDB5B ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oajmcmcpiboagipoflploplebgicaadj\244\inDr4DS.js.vir"
sh=0D6AEAF9DBBDED91342CE464798143DDDBA41306 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\azita\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\content.js.vir"
sh=2932A4B3E32623CF30952C97AB7C1DA8F73CF140 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\azita\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\lsdb.js.vir"
sh=0742B3A1E0610AC0F7D6F516D1C5EAF80C3C3155 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\azita\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\Mmvs4RO4XL.js.vir"
sh=16B847609909F6465847192D4739BD78C6316E77 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.EB Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\azita\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcdpjakjgmgklajndnlekpojkelnibfp\232\vTjIssd2E.js.vir"
sh=6B210DA61DF46D3AB5DC77D6B6553C2951124A8F ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.EB Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\azita\AppData\Local\Google\Chrome\User Data\Default\Extensions\eimhdmlhdgmboegnmecdnfbmdmhdoool\233\uqoNLV.js.vir"
sh=0D6AEAF9DBBDED91342CE464798143DDDBA41306 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\azita\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\content.js.vir"
sh=2932A4B3E32623CF30952C97AB7C1DA8F73CF140 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\azita\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\lsdb.js.vir"
sh=0742B3A1E0610AC0F7D6F516D1C5EAF80C3C3155 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\azita\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\Mmvs4RO4XL.js.vir"
sh=0D6AEAF9DBBDED91342CE464798143DDDBA41306 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\azita21\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\content.js.vir"
sh=2932A4B3E32623CF30952C97AB7C1DA8F73CF140 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\azita21\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\lsdb.js.vir"
sh=0742B3A1E0610AC0F7D6F516D1C5EAF80C3C3155 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\azita21\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\Mmvs4RO4XL.js.vir"
sh=0D6AEAF9DBBDED91342CE464798143DDDBA41306 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\azita21\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\content.js.vir"
sh=2932A4B3E32623CF30952C97AB7C1DA8F73CF140 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\azita21\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\lsdb.js.vir"
sh=0742B3A1E0610AC0F7D6F516D1C5EAF80C3C3155 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\azita21\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\Mmvs4RO4XL.js.vir"
sh=0D6AEAF9DBBDED91342CE464798143DDDBA41306 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\content.js.vir"
sh=2932A4B3E32623CF30952C97AB7C1DA8F73CF140 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\lsdb.js.vir"
sh=0742B3A1E0610AC0F7D6F516D1C5EAF80C3C3155 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\Mmvs4RO4XL.js.vir"
sh=0D6AEAF9DBBDED91342CE464798143DDDBA41306 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\content.js.vir"
sh=2932A4B3E32623CF30952C97AB7C1DA8F73CF140 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\lsdb.js.vir"
sh=0742B3A1E0610AC0F7D6F516D1C5EAF80C3C3155 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\Mmvs4RO4XL.js.vir"
sh=0A5DE936298503354D4FB872FC4C7D0BC43A47AB ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eaongaogdgldgphnbioefiadjaoljmif\2.14\cYbFcqR.js.vir"
sh=0D7492DD9A350855F27FF2373D82145C3EAEDB5B ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oajmcmcpiboagipoflploplebgicaadj\244\inDr4DS.js.vir"
sh=0D7492DD9A350855F27FF2373D82145C3EAEDB5B ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\oajmcmcpiboagipoflploplebgicaadj\244\inDr4DS.js.vir"
sh=0A5DE936298503354D4FB872FC4C7D0BC43A47AB ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eaongaogdgldgphnbioefiadjaoljmif\2.14\cYbFcqR.js.vir"
sh=0D7492DD9A350855F27FF2373D82145C3EAEDB5B ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oajmcmcpiboagipoflploplebgicaadj\244\inDr4DS.js.vir"
sh=0D6AEAF9DBBDED91342CE464798143DDDBA41306 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\mmm\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\content.js.vir"
sh=2932A4B3E32623CF30952C97AB7C1DA8F73CF140 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\mmm\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\lsdb.js.vir"
sh=0742B3A1E0610AC0F7D6F516D1C5EAF80C3C3155 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\mmm\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\Mmvs4RO4XL.js.vir"
sh=0D6AEAF9DBBDED91342CE464798143DDDBA41306 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\mmm\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\content.js.vir"
sh=2932A4B3E32623CF30952C97AB7C1DA8F73CF140 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\mmm\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\lsdb.js.vir"
sh=0742B3A1E0610AC0F7D6F516D1C5EAF80C3C3155 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\mmm\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\Mmvs4RO4XL.js.vir"
sh=6F339DF7EF61590C7CA38AC684CBA0F287A1D23F ft=1 fh=c71c001198f425ea vn="Win32/InstalleRex.M evtl. unerwünschte Anwendung" ac=I fn="C:\Users\All Users\InstallMate\{849EE2CA-BC4F-451B-A7F0-F46D5F7DC03C}\Custom.dll"
sh=87ACA7965ACCB43236DED22E5D8ED1299188BDA0 ft=1 fh=c71c001198f425ea vn="Win32/InstalleRex.M evtl. unerwünschte Anwendung" ac=I fn="C:\Users\All Users\InstallMate\{AF741F22-AC2A-4678-A493-E40874973DD4}\Custom.dll"
sh=DF1D3DB3B839BBEFA71C3CC67836EE4FD2683909 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\azita\AppData\Local\Google\Chrome\User Data\Default\Extensions\okadibdjfemgnhjiembecghcbfknbfhg\11818.8373.4127_0\extensionData\plugins\91.js"
sh=4DBA30229FFB8587FF9D0A01C3C84738318F99A2 ft=1 fh=96887c64059f99eb vn="Variante von Win32/SoftPulse.F evtl. unerwünschte Anwendung" ac=I fn="C:\Users\azita\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\00\00000001"
sh=063C8DF5A00EBFB1774E35C1B8EFCD712E5BF3D0 ft=1 fh=a5c1ffc2059f99eb vn="Variante von Win32/SoftPulse.F evtl. unerwünschte Anwendung" ac=I fn="C:\Users\azita\AppData\Local\Google\Chrome\User Data\Default\File System\001\t\00\00000003"
sh=C805FD8704F50E2CB2A471A034E5A44642FDA20F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\azita\AppData\Roaming\Opera Software\Opera Stable\Extensions\kgdaeidiojbdgmnjnpmklilaodjlkbjp\1.26.27_0\extensionData\plugins\91.js"
sh=A0178FCDBB41F8C9614D6C62ABE76086FF8DF3EC ft=1 fh=5f1e9858059f99eb vn="Variante von Win32/SoftPulse.F evtl. unerwünschte Anwendung" ac=I fn="C:\Users\azita\Downloads\Java.exe"
sh=2C6E8BAEE63357547FCCDA9A0D9EAC9B89B381C0 ft=1 fh=26d53975f5b1b150 vn="Variante von Win32/InstallCore.PK evtl. unerwünschte Anwendung" ac=I fn="C:\Users\azita\Downloads\PerfectFrame_CB-DL-Manager.exe"
sh=05E915843AB6FB13703313AEE492CC78274B2AB6 ft=1 fh=8d406387059f99eb vn="Variante von Win32/SoftPulse.F evtl. unerwünschte Anwendung" ac=I fn="C:\Users\azita\Downloads\Player_Setup (1).exe"
sh=E4932FB436B28AB81FCA993ED344C07E8F72CFD5 ft=1 fh=eb7435e1059f99eb vn="Variante von Win32/SoftPulse.F evtl. unerwünschte Anwendung" ac=I fn="C:\Users\azita\Downloads\Player_Setup (2).exe"
sh=063C8DF5A00EBFB1774E35C1B8EFCD712E5BF3D0 ft=1 fh=a5c1ffc2059f99eb vn="Variante von Win32/SoftPulse.F evtl. unerwünschte Anwendung" ac=I fn="C:\Users\azita\Downloads\Player_Setup (3).exe"
sh=04990BD2E174FAD75E053C1B1C41D926272477B2 ft=1 fh=85be3987059f99eb vn="Variante von Win32/SoftPulse.F evtl. unerwünschte Anwendung" ac=I fn="C:\Users\azita\Downloads\Player_Setup.exe"
sh=C8E3B3C0717965413EB561FCC866176D0112B6E2 ft=1 fh=4f2415caf0d6aeaf vn="Win32/OutBrowse.Y evtl. unerwünschte Anwendung" ac=I fn="C:\Users\azita\Downloads\setup (1).exe"
sh=8E627D4F39933BAD969A15324F496DFC92114FC0 ft=1 fh=03c55b8beecb0eb4 vn="Win32/OutBrowse.Y evtl. unerwünschte Anwendung" ac=I fn="C:\Users\azita\Downloads\setup (10).exe"
sh=5038FC490584AE3F5B0B805E89BBC2D77C725AD4 ft=1 fh=6d6fe3ed8cd5c531 vn="Win32/OutBrowse.Y evtl. unerwünschte Anwendung" ac=I fn="C:\Users\azita\Downloads\setup (11).exe"
sh=A0F5C1416D31862CB79064E4A71F1D2930D4CA0F ft=1 fh=7718711dc903ea0d vn="Win32/OutBrowse.AA evtl. unerwünschte Anwendung" ac=I fn="C:\Users\azita\Downloads\setup (12).exe"
sh=57D3B4D9007F8F3AD2EEADBE719D3A96D48452B0 ft=1 fh=05821bd46e16176b vn="Win32/OutBrowse.AA evtl. unerwünschte Anwendung" ac=I fn="C:\Users\azita\Downloads\setup (13).exe"
sh=06A87F9333E67DA404C8C1ECE8787DCD3F371280 ft=1 fh=4eef9b076e039cfc vn="Win32/OutBrowse.AA evtl. unerwünschte Anwendung" ac=I fn="C:\Users\azita\Downloads\setup (14).exe"
sh=3E8B3DBF0B5EB1C370D0DA11123CF94EF198FE71 ft=1 fh=1802abf7c4220c4e vn="Win32/OutBrowse.Y evtl. unerwünschte Anwendung" ac=I fn="C:\Users\azita\Downloads\setup (2).exe"
sh=B429770BD27726DE9524FB47F64165F893608C8F ft=1 fh=853dabbc8166a0d4 vn="Win32/OutBrowse.Y evtl. unerwünschte Anwendung" ac=I fn="C:\Users\azita\Downloads\setup (3).exe"
sh=536DDE5AD040F05F13B7B8A57040AA6D5450A59D ft=1 fh=4ff590269a641eb7 vn="Win32/OutBrowse.Y evtl. unerwünschte Anwendung" ac=I fn="C:\Users\azita\Downloads\setup (4).exe"
sh=AD4047E6513E7AB74F38429EA2840DBBD74C9759 ft=1 fh=365588e0d1aebb54 vn="Win32/OutBrowse.Y evtl. unerwünschte Anwendung" ac=I fn="C:\Users\azita\Downloads\setup (5).exe"
sh=BD426A2FAEB5B299C15C696D2C930BDE3CF18342 ft=1 fh=c7301b67b40e178b vn="Win32/OutBrowse.Y evtl. unerwünschte Anwendung" ac=I fn="C:\Users\azita\Downloads\setup (6).exe"
sh=89F437857F180B8B80DA2F4EB3C1B4A9597ABF95 ft=1 fh=8074bc1c993a32b3 vn="Win32/OutBrowse.Y evtl. unerwünschte Anwendung" ac=I fn="C:\Users\azita\Downloads\setup (7).exe"
sh=D126ABF5D007DF958EB01FEA338E196BEF0EAC3A ft=1 fh=ae18a634e49e5df3 vn="Win32/OutBrowse.Y evtl. unerwünschte Anwendung" ac=I fn="C:\Users\azita\Downloads\setup (8).exe"
sh=A3F9AAFC27E82E8B8A584936FA4B5D087E650BD8 ft=1 fh=553f4248d3f5df29 vn="Win32/OutBrowse.Y evtl. unerwünschte Anwendung" ac=I fn="C:\Users\azita\Downloads\setup (9).exe"
sh=BBD3E43520222552D6C685290029536A341193D8 ft=1 fh=d8aed24a918eed9a vn="Win32/OutBrowse.Y evtl. unerwünschte Anwendung" ac=I fn="C:\Users\azita\Downloads\setup.exe"
sh=322BC4CE08C289F7D423878AC2B15FF65460BC14 ft=1 fh=dc9b09d274abd61d vn="Variante von Win32/SoftonicDownloader.G evtl. unerwünschte Anwendung" ac=I fn="C:\Users\azita\Downloads\SoftonicDownloader_for_jpeg-to-pdf.exe"
sh=F165BFB58CCCEBA76EFA9E4B2F1CB2A774BB3445 ft=1 fh=a8bb9f0a0afd3e36 vn="Win32/AdWare.EoRezo.AW Anwendung" ac=I fn="C:\Users\azita21.mmm-PC\AppData\Local\fst_de_147\Download\majfst_gentlede.exe"
sh=C0E3CC6145D892B8479C11F80E2FB0F334427090 ft=1 fh=369f3d976ac26e30 vn="Variante von Win32/SoftPulse.O evtl. unerwünschte Anwendung" ac=I fn="C:\Users\azita21.mmm-PC\Downloads\Setup.exe"
         
security check
Code:
ATTFilter
 Results of screen317's Security Check version 0.99.93  
 Windows Vista Service Pack 1 x86 (UAC is enabled)  
 Out of date service pack!! 
 Internet Explorer 7 Out of date! 
``````````````Antivirus/Firewall Check:`````````````` 
Avira Desktop      
McAfee VirusScan   
 Antivirus up to date!  (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 McAfee SiteAdvisor    
 Java(TM) 6 Update 11  
 Java version 32-bit out of Date! 
  Adobe Flash Player 	15.0.0.246 Flash Player out of Date!  
 Adobe Reader 9 Adobe Reader out of Date! 
 Google Chrome (39.0.2171.95) 
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
 McAfee VIRUSS~1 mcsysmon.exe  
 McAfee VIRUSS~1 mcshield.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log``````````````````````
         
frst

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-12-2014
Ran by azita21 (administrator) on MMM-PC on 02-01-2015 14:04:02
Running from c:\Users\azita21.mmm-PC\Downloads
Loaded Profiles: azita21 &  (Available profiles: azita & azita21 & mmm)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 7
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Sony Corporation) C:\Program Files\sony\VAIO Update 5\VAIOUpdt.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apoint.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jusched.exe
(Sony Corporation) C:\Program Files\sony\ISB Utility\ISBMgr.exe
(Panda Security) C:\Program Files\Panda USB Vaccine\USBVaccine.exe
(Sony Corporation) C:\Program Files\sony\Marketing Tools\MarketingTools.exe
(McAfee, Inc.) C:\Program Files\McAfee.com\Agent\mcagent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Sony Corporation) C:\Program Files\sony\Network Utility\LANUtil.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(McAfee, Inc.) C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
(McAfee, Inc.) C:\Program Files\McAfee\MPF\MpfSrv.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSK\msksrver.exe
(Sony Corporation) C:\Program Files\sony\Network Utility\NSUService.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(ArcSoft, Inc.) C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
(Sony Corporation) C:\Program Files\sony\VAIO Event Service\VESMgr.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Sony Corporation) C:\Program Files\sony\VAIO Power Management\SPMService.exe
(Sony Corporation) C:\Program Files\sony\VAIO Event Service\VESMgrSub.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Sony Corporation) C:\Program Files\sony\VAIO Power Management\SPMgr.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApMsgFwd.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\mcmscsvc.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApntEx.exe
(ALPS) C:\Program Files\Apoint\Apvfb.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
(McAfee, Inc.) C:\Program Files\McAfee\VirusScan\mcsysmon.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(McAfee, Inc.) C:\Program Files\McAfee\VirusScan\Mcshield.exe
() C:\Users\azita21.mmm-PC\Downloads\SecurityCheck.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [6703648 2009-01-06] (Realtek Semiconductor)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint\Apoint.exe [155648 2009-04-13] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [35184 2008-12-03] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Java\jre6\bin\jusched.exe [136600 2009-05-15] (Sun Microsystems, Inc.)
HKLM\...\Run: [ISBMgr.exe] => C:\Program Files\Sony\ISB Utility\ISBMgr.exe [317288 2008-12-18] (Sony Corporation)
HKLM\...\Run: [StartCCC] => c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2009-02-10] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [McENUI] => C:\Program Files\McAfee\MHN\McENUI.exe [1176808 2008-09-12] (McAfee, Inc.)
HKLM\...\Run: [MarketingTools] => C:\Program Files\Sony\Marketing Tools\MarketingTools.exe [26624 2014-06-19] (Sony Corporation)
HKLM\...\Run: [mcagent_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [645328 2008-12-16] (McAfee, Inc.)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-04] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [126200 2014-11-20] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
Winlogon\Notify\VESWinlogon: C:\Windows\system32\VESWinlogon.dll (Sony Corporation)
HKU\S-1-5-21-3996859763-3761385545-3165565353-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-3996859763-3761385545-3165565353-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [NSUFloatingUI] => C:\Program Files\Sony\Network Utility\LANUtil.exe [274432 2008-12-21] (Sony Corporation)
HKU\S-1-5-21-3996859763-3761385545-3165565353-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GoogleChromeAutoLaunch_780E177AD0174018C2E60739DD3984CA] => C:\Program Files\Google\Chrome\Application\chrome.exe [856904 2014-12-06] (Google Inc.)
HKU\S-1-5-21-3996859763-3761385545-3165565353-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [vggopxip] => "c:\users\azita\appdata\local\vggopxip.exe" /r
HKU\S-1-5-21-3996859763-3761385545-3165565353-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {c91dfc59-fab0-11e3-8b73-002433e7a6f5} - H:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-3996859763-3761385545-3165565353-1001\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-3996859763-3761385545-3165565353-1001\...\Run: [NSUFloatingUI] => C:\Program Files\Sony\Network Utility\LANUtil.exe [274432 2008-12-21] (Sony Corporation)
HKU\S-1-5-21-3996859763-3761385545-3165565353-1001\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-3996859763-3761385545-3165565353-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-3996859763-3761385545-3165565353-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [NSUFloatingUI] => C:\Program Files\Sony\Network Utility\LANUtil.exe [274432 2008-12-21] (Sony Corporation)
HKU\S-1-5-21-3996859763-3761385545-3165565353-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\azita21.mmm-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\azita21.mmm-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3996859763-3761385545-3165565353-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3996859763-3761385545-3165565353-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SNYT
SearchScopes: HKLM -> {EA6E82DD-9489-4B32-8E7B-5A97F7EF3395} URL = hxxp://www.google.de/search?hl=de&q={searchTerms}&meta=
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3996859763-3761385545-3165565353-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SNYT
SearchScopes: HKU\S-1-5-21-3996859763-3761385545-3165565353-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {EA6E82DD-9489-4B32-8E7B-5A97F7EF3395} URL = hxxp://www.google.de/search?hl=de&q={searchTerms}&meta=
SearchScopes: HKU\S-1-5-21-3996859763-3761385545-3165565353-1001 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SNYT
SearchScopes: HKU\S-1-5-21-3996859763-3761385545-3165565353-1001 -> {EA6E82DD-9489-4B32-8E7B-5A97F7EF3395} URL = hxxp://www.google.de/search?hl=de&q={searchTerms}&meta=
SearchScopes: HKU\S-1-5-21-3996859763-3761385545-3165565353-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SNYT
SearchScopes: HKU\S-1-5-21-3996859763-3761385545-3165565353-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {EA6E82DD-9489-4B32-8E7B-5A97F7EF3395} URL = hxxp://www.google.de/search?hl=de&q={searchTerms}&meta=
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> C:\Program Files\McAfee\MSK\MskAPBho.dll ()
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
BHO: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-06-20]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files\McAfee\SiteAdvisor [2014-06-19]

Chrome: 
=======
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\azita21.mmm-PC\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\azita21.mmm-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-02]
CHR Extension: (Google Wallet) - C:\Users\azita21.mmm-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-02]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [109056 2008-08-01] (ArcSoft Inc.)
S3 Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2014-07-01] (Adobe Systems) [File not signed]
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [431920 2014-12-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-04] (Avira Operations GmbH & Co. KG)
S2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-11-20] (Avira Operations GmbH & Co. KG)
R2 EvtEng; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [860160 2008-08-20] (Intel(R) Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [131136 2014-12-03] (McAfee, Inc.)
R2 mcmscsvc; C:\Program Files\McAfee\MSC\mcmscsvc.exe [797864 2008-12-16] (McAfee, Inc.)
R2 McNASvc; c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe [2482848 2008-10-24] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [365072 2008-12-13] (McAfee, Inc.)
R2 McProxy; c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe [359952 2008-10-23] (McAfee, Inc.)
R2 McShield; C:\Program Files\McAfee\VirusScan\Mcshield.exe [144704 2008-12-19] (McAfee, Inc.)
R3 McSysmon; C:\Program Files\McAfee\VirusScan\mcsysmon.exe [606736 2008-12-16] (McAfee, Inc.)
R2 MpfService; C:\Program Files\McAfee\MPF\MPFSrv.exe [884360 2008-12-05] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\McAfee\MSK\MskSrver.exe [26640 2008-11-25] (McAfee, Inc.)
R2 NSUService; C:\Program Files\sony\Network Utility\NSUService.exe [303104 2008-12-21] (Sony Corporation) [File not signed]
S3 PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [114688 2009-01-07] (Sony Corporation) [File not signed]
R2 RegSrvc; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [466944 2008-08-20] (Intel(R) Corporation) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService.exe [109088 2009-01-06] (Realtek Semiconductor)
S3 SOHDBSvr; C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [70952 2009-02-05] (Sony Corporation)
S3 SOHPlMgr; C:\Program Files\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [91432 2009-02-05] (Sony Corporation)
R2 uCamMonitor; C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.)
S3 VAIO Entertainment TV Device Arbitration Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe [69632 2009-01-21] (Sony Corporation) [File not signed]
R2 VAIO Event Service; C:\Program Files\sony\VAIO Event Service\VESMgr.exe [203624 2009-01-19] (Sony Corporation)
R2 VAIO Power Management; C:\Program Files\Sony\VAIO Power Management\SPMService.exe [415592 2008-12-19] (Sony Corporation)
S3 VcmIAlzMgr; C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [394536 2009-01-19] (Sony Corporation)
R3 Vcsw; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe [313264 2009-01-21] (Sony Corporation)
S3 VUAgent; C:\Program Files\sony\VAIO Update 5\VUAgent.exe [722288 2010-04-09] (Sony Corporation)
R2 VzCdbSvc; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe [192512 2009-01-21] (Sony Corporation) [File not signed]
R2 yksvc; C:\Windows\System32\ykx32mpcoinst.dll [282624 2009-02-10] (Marvell)
S2 3f17c95f; "C:\Windows\system32\rundll32.exe" "c:\progra~1\so_boo~1\AssistantSvc.dll",service

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [17920 2008-04-24] (ArcSoft, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98160 2014-10-07] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-10-07] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2014-08-15] (Avira Operations GmbH & Co. KG)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-01-02] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [79304 2008-12-19] (McAfee, Inc.)
R3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [35272 2008-12-19] (McAfee, Inc.)
R1 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [213640 2008-12-19] (McAfee, Inc.)
S3 mferkdk; C:\Windows\System32\drivers\mferkdk.sys [34216 2008-12-19] (McAfee, Inc.)
R3 mfesmfk; C:\Windows\System32\drivers\mfesmfk.sys [40552 2008-12-19] (McAfee, Inc.)
R1 MPFP; C:\Windows\System32\Drivers\Mpfp.sys [130424 2008-10-23] (McAfee, Inc.)
R3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtHDMIV.sys [155808 2009-02-23] (Realtek Semiconductor Corp.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2014-08-15] (Avira GmbH)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 igfx; system32\DRIVERS\igdkmd32.sys [X]
S3 IntcHdmiAddService; system32\drivers\IntcHdmi.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S4 UIUSys; system32\DRIVERS\UIUSYS.SYS [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-02 13:58 - 2015-01-02 13:58 - 00852505 _____ () C:\Users\azita21.mmm-PC\Downloads\SecurityCheck.exe
2015-01-02 00:33 - 2015-01-02 00:33 - 00000000 ____D () C:\Program Files\ESET
2015-01-02 00:32 - 2015-01-02 00:32 - 02347384 _____ (ESET) C:\Users\azita21.mmm-PC\Downloads\esetsmartinstaller_deu.exe
2015-01-02 00:30 - 2015-01-02 00:30 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2015-01-02 00:09 - 2015-01-02 00:09 - 00001963 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-02 00:09 - 2015-01-02 00:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-02 00:07 - 2015-01-02 13:12 - 00001100 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-02 00:07 - 2015-01-02 00:25 - 00001096 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-01 23:41 - 2015-01-01 23:41 - 00880784 _____ (Google Inc.) C:\Users\azita21.mmm-PC\Desktop\ChromeSetup.exe
2015-01-01 22:36 - 2015-01-01 22:39 - 00000000 ____D () C:\Users\azita21.mmm-PC\Desktop\commedesgarcons
2015-01-01 13:57 - 2015-01-01 13:57 - 00001342 _____ () C:\Users\azita21.mmm-PC\Desktop\JRT.txt
2015-01-01 13:50 - 2015-01-01 13:50 - 00001295 _____ () C:\Users\azita21.mmm-PC\Desktop\AdwCleaner[S2].txt
2015-01-01 13:49 - 2015-01-01 13:49 - 00000000 ____D () C:\Windows\ERUNT
2015-01-01 13:48 - 2015-01-01 13:48 - 01707939 _____ (Thisisu) C:\Users\azita21.mmm-PC\Downloads\JRT.exe
2015-01-01 13:30 - 2015-01-01 13:30 - 02173952 _____ () C:\Users\azita21.mmm-PC\Desktop\AdwCleaner_4.106.exe
2015-01-01 13:30 - 2015-01-01 13:30 - 00001717 _____ () C:\Users\azita21.mmm-PC\Desktop\mbam.txt
2015-01-01 13:28 - 2015-01-01 13:28 - 00001002 _____ () C:\Users\Public\Desktop\Avira.lnk
2015-01-01 12:19 - 2015-01-02 13:30 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-01 12:19 - 2015-01-01 12:19 - 00000899 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-01-01 12:19 - 2015-01-01 12:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-01-01 12:18 - 2015-01-01 12:19 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2015-01-01 12:18 - 2015-01-01 12:18 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-01 12:18 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-01 12:18 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-01 12:18 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-01 12:12 - 2015-01-01 12:12 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\azita21.mmm-PC\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-01 00:08 - 2015-01-01 00:08 - 00031317 _____ () C:\ComboFix.txt
2014-12-31 23:38 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-12-31 23:38 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-12-31 23:38 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-12-31 23:38 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-12-31 23:38 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-12-31 23:38 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-12-31 23:38 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-12-31 23:38 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-12-31 23:18 - 2015-01-01 00:08 - 00000000 ____D () C:\Qoobox
2014-12-31 23:17 - 2015-01-01 00:06 - 00000000 ____D () C:\Windows\erdnt
2014-12-31 23:16 - 2014-12-31 23:17 - 00848856 _____ (Panda Security ) C:\Users\azita21.mmm-PC\Downloads\USBVaccineSetup (1).exe
2014-12-31 23:14 - 2014-12-31 23:14 - 05604036 ____R (Swearware) C:\Users\azita21.mmm-PC\Downloads\ComboFix.exe
2014-12-31 23:13 - 2014-12-31 23:13 - 00000000 ____D () C:\ProgramData\Panda Security
2014-12-31 23:13 - 2014-12-31 23:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
2014-12-31 23:13 - 2014-12-31 23:13 - 00000000 ____D () C:\Program Files\Panda USB Vaccine
2014-12-31 23:12 - 2014-12-31 23:12 - 00848856 _____ (Panda Security ) C:\Users\azita21.mmm-PC\Downloads\USBVaccineSetup.exe
2014-12-31 23:03 - 2014-12-31 23:03 - 00001057 _____ () C:\Users\azita21.mmm-PC\Desktop\Revo Uninstaller.lnk
2014-12-31 23:03 - 2014-12-31 23:03 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-12-31 23:02 - 2014-12-31 23:02 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\azita21.mmm-PC\Downloads\revosetup95.exe
2014-12-31 23:02 - 2014-12-31 23:02 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\azita21.mmm-PC\Downloads\revosetup95 (1).exe
2014-12-31 11:29 - 2014-12-31 11:36 - 00033090 _____ () C:\Users\azita21.mmm-PC\Downloads\Addition.txt
2014-12-31 11:27 - 2015-01-02 14:04 - 00024653 _____ () C:\Users\azita21.mmm-PC\Downloads\FRST.txt
2014-12-31 11:26 - 2015-01-02 14:04 - 00000000 ____D () C:\FRST
2014-12-31 11:25 - 2014-12-31 11:26 - 01114624 _____ (Farbar) C:\Users\azita21.mmm-PC\Downloads\FRST.exe
2014-12-31 11:02 - 2014-11-24 14:04 - 00229000 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-12-30 23:50 - 2014-12-31 23:38 - 00001912 _____ () C:\Windows\epplauncher.mif
2014-12-30 23:38 - 2014-12-30 23:39 - 11473216 _____ (Microsoft Corporation) C:\Users\azita21.mmm-PC\Downloads\MSEInstall (1).exe
2014-12-30 23:38 - 2014-12-30 23:38 - 14107296 _____ (Microsoft Corporation) C:\Users\azita21.mmm-PC\Downloads\MSEInstall.exe
2014-12-30 21:17 - 2014-12-30 21:20 - 13947406 _____ () C:\Users\azita21.mmm-PC\Downloads\Install_FD10DXZ_Trial.zip
2014-12-23 00:50 - 2014-12-23 00:51 - 00088641 _____ () C:\Users\azita21.mmm-PC\Downloads\hamburg_alstertanne_weihnacht_tanne_alster_jungfernstieg_michel_3666386309_600x450xcr.jpeg
2014-12-16 01:36 - 2014-12-16 01:36 - 05948992 _____ () C:\Users\azita21.mmm-PC\Downloads\Fragile lyrics - Tech N9ne (Kendall Morgan, Kendrick Lamar & ¡Mayday!).mp4
2014-12-15 21:55 - 2014-12-15 22:03 - 167650716 _____ () C:\Users\azita21.mmm-PC\Downloads\In Fashion- Sir Paul Smith interview.mp4
2014-12-12 02:26 - 2014-12-12 02:28 - 152333158 _____ () C:\Users\azita21.mmm-PC\Downloads\Sensational S'more Cones!! - Camp Food Pt.2.mp4
2014-12-12 02:25 - 2014-12-12 02:28 - 190470924 _____ () C:\Users\azita21.mmm-PC\Downloads\Boys Gone Wild - Camp Food Pt.1.mp4

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-02 13:13 - 2014-07-07 00:54 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-02 12:26 - 2006-11-02 13:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-02 12:26 - 2006-11-02 13:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-02 11:03 - 2014-06-19 23:16 - 01813023 _____ () C:\Windows\WindowsUpdate.log
2015-01-02 10:30 - 2014-06-19 23:35 - 00035715 _____ () C:\Windows\system32\Config.MPF
2015-01-02 00:24 - 2008-01-21 03:47 - 00593996 _____ () C:\Windows\PFRO.log
2015-01-02 00:24 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-02 00:23 - 2009-05-15 09:57 - 00000012 _____ () C:\Windows\bthservsdp.dat
2015-01-02 00:23 - 2006-11-02 14:01 - 00026906 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-02 00:21 - 2006-11-02 12:18 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2015-01-02 00:07 - 2014-06-19 23:29 - 00000000 ____D () C:\Program Files\Google
2015-01-01 13:38 - 2014-07-12 15:55 - 00000000 ____D () C:\AdwCleaner
2015-01-01 13:28 - 2014-08-28 17:32 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-01 13:28 - 2014-08-28 16:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-01-01 13:28 - 2014-08-28 16:36 - 00000000 ____D () C:\Program Files\Avira
2015-01-01 00:59 - 2014-06-19 23:31 - 00000348 _____ () C:\Windows\Tasks\McQcTask.job
2015-01-01 00:08 - 2006-11-02 12:18 - 00000000 __RHD () C:\Users\Default
2015-01-01 00:08 - 2006-11-02 12:18 - 00000000 ___RD () C:\Users\Public
2014-12-31 23:59 - 2006-11-02 11:23 - 00000215 _____ () C:\Windows\system.ini
2014-12-31 00:23 - 2014-08-21 23:00 - 00000000 ____D () C:\Users\azita21.mmm-PC\Desktop\tomo
2014-12-31 00:05 - 2014-06-19 23:30 - 00000000 ____D () C:\Program Files\McAfee
2014-12-30 20:57 - 2008-01-21 08:16 - 01565124 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-23 00:51 - 2014-09-03 00:58 - 155762616 _____ () C:\Users\azita21.mmm-PC\Downloads\How to Talk to Your Crush.mp4
2014-12-16 02:22 - 2006-11-02 13:52 - 00107520 _____ () C:\Windows\setupact.log
2014-12-15 01:00 - 2014-06-19 23:31 - 00000372 _____ () C:\Windows\Tasks\McDefragTask.job
2014-12-12 11:33 - 2014-06-19 23:37 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-11 01:13 - 2014-07-07 00:54 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-12-11 01:13 - 2014-07-07 00:54 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-12-06 18:36 - 2014-09-16 00:39 - 180013387 _____ () C:\Users\azita21.mmm-PC\Downloads\The What If- Game Ft. Daniel Radcliffe (1).mp4
2014-12-06 18:35 - 2014-09-16 00:43 - 46816571 _____ () C:\Users\azita21.mmm-PC\Downloads\Epic Rap Battle- Nerd vs. Geek (1).mp4
2014-12-06 18:35 - 2014-09-16 00:42 - 103218786 _____ () C:\Users\azita21.mmm-PC\Downloads\Daniel Radcliffe Talks About The Friend Zone.mp4

Some content of TEMP:
====================
C:\Users\azita21.mmm-PC\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-02 12:48

==================== End Of Log ============================
         
--- --- ---

--- --- ---


Ich kann immer noch nicht auf die Dateien auf meinem Stick zugreifen.. :/

Alt 02.01.2015, 15:22   #10
schrauber
/// the machine
/// TB-Ausbilder
 

USB Dateien als Verknüpfung angezeigt - Standard

USB Dateien als Verknüpfung angezeigt



Java, Flash und Adobe updaten.

Unbedingt Windows updaten. Da fehlen 5 Jahre an Updates inklusive Servicepack.


Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
C:\ProgramData\InstallMate

C:\Users\azita\AppData\Local\Google\Chrome\User Data\Default\Extensions\okadibdjfemgnhjiembecghcbfknbfhg\11818.8373.4127_0\extensionData\plugins\91.js

C:\Users\azita\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\00\00000001

C:\Users\azita\AppData\Local\Google\Chrome\User Data\Default\File System\001\t\00\00000003

C:\Users\azita\AppData\Roaming\Opera Software\Opera Stable\Extensions\kgdaeidiojbdgmnjnpmklilaodjlkbjp\1.26.27_0\extensionData\plugins\91.js

C:\Users\azita\Downloads\Java.exe

C:\Users\azita\Downloads\PerfectFrame_CB-DL-Manager.exe

C:\Users\azita\Downloads\Player_Setup (1).exe

C:\Users\azita\Downloads\Player_Setup (2).exe

C:\Users\azita\Downloads\Player_Setup (3).exe

C:\Users\azita\Downloads\Player_Setup.exe

C:\Users\azita\Downloads\setup (1).exe

C:\Users\azita\Downloads\setup (10).exe

C:\Users\azita\Downloads\setup (11).exe

C:\Users\azita\Downloads\setup (12).exe

C:\Users\azita\Downloads\setup (13).exe

C:\Users\azita\Downloads\setup (14).exe

C:\Users\azita\Downloads\setup (2).exe

C:\Users\azita\Downloads\setup (3).exe

C:\Users\azita\Downloads\setup (4).exe

C:\Users\azita\Downloads\setup (5).exe

C:\Users\azita\Downloads\setup (6).exe

C:\Users\azita\Downloads\setup (7).exe

C:\Users\azita\Downloads\setup (8).exe

C:\Users\azita\Downloads\setup (9).exe

C:\Users\azita\Downloads\setup.exe

C:\Users\azita\Downloads\SoftonicDownloader_for_jpeg-to-pdf.exe

C:\Users\azita21.mmm-PC\AppData\Local\fst_de_147\Download\majfst_gentlede.exe

C:\Users\azita21.mmm-PC\Downloads\Setup.exe
HKU\S-1-5-21-3996859763-3761385545-3165565353-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [vggopxip] => "c:\users\azita\appdata\local\vggopxip.exe" /r
c:\users\azita\appdata\local\vggopxip.exe
S2 3f17c95f; "C:\Windows\system32\rundll32.exe" "c:\progra~1\so_boo~1\AssistantSvc.dll",service
c:\progra~1\so_boo~1
Emptytemp:
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.




SO, jetzt ist die Malware runter. Stick anklemmen, im Windows Explorer öffnen, Screenshot davon bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 03.01.2015, 15:04   #11
mewmew
 
USB Dateien als Verknüpfung angezeigt - Standard

USB Dateien als Verknüpfung angezeigt



Hab alles gemacht, hier sind die Screenshots. Wenn ich auf Data (D) doppelklicke kommt das (screenshot 2).
Miniaturansicht angehängter Grafiken
-screenshot.jpg   -screenshot2.jpg  

Alt 03.01.2015, 16:06   #12
schrauber
/// the machine
/// TB-Ausbilder
 

USB Dateien als Verknüpfung angezeigt - Standard

USB Dateien als Verknüpfung angezeigt



Ist das die einzige Datei auf dem Stick, also auch Original?

Das ist ne Verknüpfung zu einem andern Laufwerk. Bitte mal Systemsteuerung > Ordneroptionen > versteckte DAteien anzeigen lassen, Haken raus bei geschützte Dateien ausblenden.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 03.01.2015, 17:10   #13
mewmew
 
USB Dateien als Verknüpfung angezeigt - Standard

USB Dateien als Verknüpfung angezeigt



Nein das war nicht die einzige datei.Aber jetzt sehe ich alles wieder

Da sind aber noch Kopien vom jeweiligen Original, muss ich die dalassen oder kann ich sie löschen?

Ich hab den Stick an einen Mac gesteckt, und dort besteht dasselbe Problem wie vorhin (screenshots)...
Was mach ich da??

Ich hab ja auch diverse malware scanner etc auf dem pc runtergeladen, sollten die auf dem pc bleiben? Welchen Virenschutz lass ich am besten aktiv?

Vielen Dank für den Support!

Geändert von mewmew (03.01.2015 um 17:57 Uhr)

Alt 03.01.2015, 17:56   #14
schrauber
/// the machine
/// TB-Ausbilder
 

USB Dateien als Verknüpfung angezeigt - Standard

USB Dateien als Verknüpfung angezeigt



Zeig jetzt bitte nochmal nen Screen wo man alles sieht, wir müssen da noch was tunen
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 03.01.2015, 18:02   #15
mewmew
 
USB Dateien als Verknüpfung angezeigt - Standard

USB Dateien als Verknüpfung angezeigt



Auf dem Mac kann ich auf die dateien immer noch nicht zugreifen
Miniaturansicht angehängter Grafiken
-screenshot3.jpg  

Antwort

Themen zu USB Dateien als Verknüpfung angezeigt
js/chromex.agent.m, js/kryptik.atb, js/superfish.a, js/toolbar.crossrider.b, msil/mypcbackup.a, msil/newplayer.a, win32/adware.multiplug.ag, win32/adware.multiplug.eb, win32/adware.multiplug.t, win32/adware.multiplug.y, win32/clientconnect.a, win32/conduit.searchprotect.h, win32/conduit.searchprotect.i, win32/installcore.pk, win32/installerex.m, win32/softpulse.f, win32/systweak.a, win32/systweak.g, win32/thinknice.b, win32/thinknice.c, win32/thinknice.d, win32/vopackage.bc, win64/thinknice.a, win64/thinknice.b, win64/thinknice.c




Ähnliche Themen: USB Dateien als Verknüpfung angezeigt


  1. Ordner auf Wechselmedien werden als Verknüpfung angezeigt
    Log-Analyse und Auswertung - 30.01.2015 (16)
  2. Win7: Dateien von USB Stick werden als Verknüpfung angezeigt
    Log-Analyse und Auswertung - 07.03.2014 (7)
  3. Ordner auf externer Festplatte und USB-Sticks als Verknüpfung angezeigt
    Plagegeister aller Art und deren Bekämpfung - 02.02.2013 (3)
  4. Ordner auf Wechselmedien werden als Verknüpfung angezeigt
    Log-Analyse und Auswertung - 18.01.2013 (28)
  5. Ordner werden auf dem Stick als Verknüpfung angezeigt
    Log-Analyse und Auswertung - 29.02.2012 (1)
  6. Trojaner/Virus -zeigt sich durch Ordner auf externen Festplatte die als Verknüpfung angezeigt werden
    Log-Analyse und Auswertung - 28.02.2012 (29)
  7. Ordner auf Wechselmedien werden als Verknüpfung angezeigt
    Log-Analyse und Auswertung - 09.01.2012 (24)
  8. Dateien nur noch als Verknüpfung auf externer FP
    Log-Analyse und Auswertung - 04.01.2012 (17)
  9. Ordner im USB Stick oder Handy werden als Verknüpfung angezeigt
    Log-Analyse und Auswertung - 04.12.2011 (1)
  10. Ordner auf Wechselmedien werden als Verknüpfung angezeigt
    Log-Analyse und Auswertung - 04.12.2011 (1)
  11. 2. Fall - Ordner auf USB-Stick werden nur noch als Verknüpfung angezeigt
    Plagegeister aller Art und deren Bekämpfung - 02.12.2011 (1)
  12. Facebook.Virus / Datein auf USB-Geräten werden nur noch als Verknüpfung angezeigt
    Log-Analyse und Auswertung - 08.11.2011 (4)
  13. Ordner auf USB-Stick werden nur noch als Verknüpfung angezeigt
    Plagegeister aller Art und deren Bekämpfung - 01.11.2011 (5)
  14. Trojaner von Facebook geladen - Ordner werden als Verknüpfung angezeigt
    Plagegeister aller Art und deren Bekämpfung - 28.10.2011 (19)
  15. USB Ordner werden nur mehr als Verknüpfung angezeigt
    Plagegeister aller Art und deren Bekämpfung - 21.10.2011 (11)
  16. Ordner auf externer Festplatte als Verknüpfung angezeigt
    Plagegeister aller Art und deren Bekämpfung - 09.05.2011 (3)
  17. Nach Trojaner werden Ordner auf externe Festplatte nur noch als Verknüpfung angezeigt
    Log-Analyse und Auswertung - 05.05.2011 (33)

Zum Thema USB Dateien als Verknüpfung angezeigt - Hallo, ich bin neu in diesem Forum und kenne mich nicht gut mit Computern aus. Als zu meinem Problem: ich habe seit einiger Zeit auf meine USB Dateien keinen Zugriff. - USB Dateien als Verknüpfung angezeigt...
Archiv
Du betrachtest: USB Dateien als Verknüpfung angezeigt auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.