|
Plagegeister aller Art und deren Bekämpfung: USB Dateien als Verknüpfung angezeigtWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
31.12.2014, 11:41 | #1 |
| USB Dateien als Verknüpfung angezeigt Hallo, ich bin neu in diesem Forum und kenne mich nicht gut mit Computern aus. Als zu meinem Problem: ich habe seit einiger Zeit auf meine USB Dateien keinen Zugriff. Zunächst sind die Dateien Verknüpfungen und lnk gewesen. Ich habe versucht eigenständig gegen dieses Problem vorzugehen, also habe ich Microsoft Security Essentials heruntergeladen und installiert, weil ich gelesen habe es hat jemand bei demselben Problem geholfen. Jetzt sehe ich wenn ich meinen Stick mit dem Computer verbinde, die Automatische Wiedergabe des Wechseldatenträgers, dann wenn ich auf "Dateien öffnen" klicke wird mir im Wechsedatenträger DATA (D) - Verknüpfung angezeigt und eine meiner PDF Dateien. Wenn ich auf DATA (D) Verknüpfung klicke, kommt die Meldung dass ich einen Wechseldatenträger einlegen soll. Ich hoffe jemand kann mir weiterhelfen. |
31.12.2014, 12:32 | #2 |
/// the machine /// TB-Ausbilder | USB Dateien als Verknüpfung angezeigt hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
31.12.2014, 16:25 | #3 |
| USB Dateien als Verknüpfung angezeigt Hier die Logs im Anhang.
__________________FRST.txt FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-12-2014 Ran by azita21 (administrator) on MMM-PC on 31-12-2014 11:27:34 Running from C:\Users\azita21.mmm-PC\Downloads Loaded Profile: azita21 (Available profiles: azita & azita21 & mmm) Platform: Microsoft® Windows Vista™ Home Premium Service Pack 1 (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 7 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe (Microsoft Corporation) C:\Windows\System32\SLsvc.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService.exe (ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (McAfee, Inc.) C:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.) C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.) C:\Program Files\McAfee\MPF\MpfSrv.exe (McAfee, Inc.) C:\Program Files\McAfee\MSK\msksrver.exe (Sony Corporation) C:\Program Files\sony\Network Utility\NSUService.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (ArcSoft, Inc.) C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (Sony Corporation) C:\Program Files\sony\VAIO Event Service\VESMgr.exe (Sony Corporation) C:\Program Files\sony\VAIO Power Management\SPMService.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Sony Corporation) C:\Program Files\sony\VAIO Event Service\VESMgrSub.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (McAfee, Inc.) C:\Program Files\McAfee\MSC\mcmscsvc.exe (Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (McAfee, Inc.) C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.) C:\Program Files\McAfee.com\Agent\mcagent.exe (Sony Corporation) C:\Program Files\sony\VAIO Power Management\SPMgr.exe (Sony Corporation) C:\Program Files\sony\VAIO Update 5\VAIOUpdt.exe (Microsoft Corporation) C:\Windows\System32\wuauclt.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apoint.exe (Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jusched.exe (Sony Corporation) C:\Program Files\sony\ISB Utility\ISBMgr.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApMsgFwd.exe (Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Sony Corporation) C:\Program Files\sony\Marketing Tools\MarketingTools.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Sony Corporation) C:\Program Files\sony\Network Utility\LANUtil.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApntEx.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (ALPS) C:\Program Files\Apoint\Apvfb.exe (ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\cmd.exe (McAfee, Inc.) C:\Program Files\McAfee\SiteAdvisor\McChHost.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (McAfee, Inc.) C:\Program Files\McAfee\SiteAdvisor\saUI.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\mobsync.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [6703648 2009-01-06] (Realtek Semiconductor) HKLM\...\Run: [Apoint] => C:\Program Files\Apoint\Apoint.exe [155648 2009-04-13] (Alps Electric Co., Ltd.) HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [35184 2008-12-03] (Adobe Systems Incorporated) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Java\jre6\bin\jusched.exe [136600 2009-05-15] (Sun Microsystems, Inc.) HKLM\...\Run: [ISBMgr.exe] => C:\Program Files\Sony\ISB Utility\ISBMgr.exe [317288 2008-12-18] (Sony Corporation) HKLM\...\Run: [StartCCC] => c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2009-02-10] (Advanced Micro Devices, Inc.) HKLM\...\Run: [McENUI] => C:\Program Files\McAfee\MHN\McENUI.exe [1176808 2008-09-12] (McAfee, Inc.) HKLM\...\Run: [MarketingTools] => C:\Program Files\Sony\Marketing Tools\MarketingTools.exe [26624 2014-06-19] (Sony Corporation) HKLM\...\Run: [mcagent_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [645328 2008-12-16] (McAfee, Inc.) HKLM\...\Run: [fst_de_88] => [X] HKLM\...\Run: [fst_de_147] => "C:\Program Files\fst_de_147\fst_de_147.exe" HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-04] (Avira Operations GmbH & Co. KG) HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [124208 2014-10-22] (Avira Operations GmbH & Co. KG) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.) HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [974432 2014-08-22] (Microsoft Corporation) Winlogon\Notify\igfxcui: igfxdev.dll [X] Winlogon\Notify\VESWinlogon: C:\Windows\system32\VESWinlogon.dll (Sony Corporation) HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-21-3996859763-3761385545-3165565353-1001\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-21-3996859763-3761385545-3165565353-1001\...\Run: [NSUFloatingUI] => C:\Program Files\Sony\Network Utility\LANUtil.exe [274432 2008-12-21] (Sony Corporation) HKU\S-1-5-21-3996859763-3761385545-3165565353-1001\...\Run: [GoogleChromeAutoLaunch_058E7E9EBC9AFAD151F8EE0ED50FBC3A] => C:\Program Files\Google\Chrome\Application\chrome.exe [860488 2014-06-05] (Google Inc.) HKU\S-1-5-21-3996859763-3761385545-3165565353-1001\...\Run: [genesis_08201850] => /r HKU\S-1-5-21-3996859763-3761385545-3165565353-1001\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation) HKU\S-1-5-21-3996859763-3761385545-3165565353-1001\...\MountPoints2: {c91dfc59-fab0-11e3-8b73-002433e7a6f5} - H:\HTC_Sync_Manager_PC.exe Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) Startup: C:\Users\azita\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vggopxip.lnk ShortcutTarget: vggopxip.lnk -> C:\Users\azita21.mmm-PC\AppData\Local\vggopxip.exe (No File) Startup: C:\Users\azita21.mmm-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk ShortcutTarget: MyPC Backup.lnk -> C:\Program Files\MyPC Backup\MyPC Backup.exe (No File) Startup: C:\Users\azita21.mmm-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) Startup: C:\Users\azita21.mmm-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk ShortcutTarget: MyPC Backup.lnk -> C:\Program Files\MyPC Backup\MyPC Backup.exe (No File) Startup: C:\Users\azita21.mmm-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SNYT SearchScopes: HKLM -> {EA6E82DD-9489-4B32-8E7B-5A97F7EF3395} URL = hxxp://www.google.de/search?hl=de&q={searchTerms}&meta= SearchScopes: HKU\S-1-5-21-3996859763-3761385545-3165565353-1001 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SNYT SearchScopes: HKU\S-1-5-21-3996859763-3761385545-3165565353-1001 -> {EA6E82DD-9489-4B32-8E7B-5A97F7EF3395} URL = hxxp://www.google.de/search?hl=de&q={searchTerms}&meta= BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> C:\Program Files\McAfee\MSK\MskAPBho.dll () BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) BHO: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.) BHO: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation) Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation) Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_246.dll () FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-06-20] FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor FF Extension: McAfee SiteAdvisor - C:\Program Files\McAfee\SiteAdvisor [2014-06-19] Chrome: ======= CHR dev: Chrome dev build detected! <======= ATTENTION CHR Profile: C:\Users\azita21.mmm-PC\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\azita21.mmm-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-21] CHR Extension: (Google Drive) - C:\Users\azita21.mmm-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-21] CHR Extension: (YouTube) - C:\Users\azita21.mmm-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-21] CHR Extension: (Google-Suche) - C:\Users\azita21.mmm-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-21] CHR Extension: (SiteAdvisor) - C:\Users\azita21.mmm-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2014-07-21] CHR Extension: (Avira Browserschutz) - C:\Users\azita21.mmm-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-08-28] CHR Extension: (Google Mail) - C:\Users\azita21.mmm-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-21] CHR Extension: (Extutil) - C:\Users\AZITA2~1.MMM\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B [2014-08-20] CHR Extension: (Managera) - C:\Users\AZITA2~1.MMM\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42 [2014-08-20] CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - No Path CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [109056 2008-08-01] (ArcSoft Inc.) S3 Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2014-07-01] (Adobe Systems) [File not signed] R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [431920 2014-12-04] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-04] (Avira Operations GmbH & Co. KG) S2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [164656 2014-10-22] (Avira Operations GmbH & Co. KG) R2 EvtEng; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [860160 2008-08-20] (Intel(R) Corporation) [File not signed] R2 McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [131136 2014-12-03] (McAfee, Inc.) R2 mcmscsvc; C:\Program Files\McAfee\MSC\mcmscsvc.exe [797864 2008-12-16] (McAfee, Inc.) R2 McNASvc; c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe [2482848 2008-10-24] (McAfee, Inc.) S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [365072 2008-12-13] (McAfee, Inc.) R2 McProxy; c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe [359952 2008-10-23] (McAfee, Inc.) R2 McShield; C:\Program Files\McAfee\VirusScan\Mcshield.exe [144704 2008-12-19] (McAfee, Inc.) R3 McSysmon; C:\Program Files\McAfee\VirusScan\mcsysmon.exe [606736 2008-12-16] (McAfee, Inc.) R2 MpfService; C:\Program Files\McAfee\MPF\MPFSrv.exe [884360 2008-12-05] (McAfee, Inc.) R2 MSK80Service; C:\Program Files\McAfee\MSK\MskSrver.exe [26640 2008-11-25] (McAfee, Inc.) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation) R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation) R2 NSUService; C:\Program Files\sony\Network Utility\NSUService.exe [303104 2008-12-21] (Sony Corporation) [File not signed] S3 PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [114688 2009-01-07] (Sony Corporation) [File not signed] R2 RegSrvc; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [466944 2008-08-20] (Intel(R) Corporation) [File not signed] R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService.exe [109088 2009-01-06] (Realtek Semiconductor) S3 SOHDBSvr; C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [70952 2009-02-05] (Sony Corporation) S3 SOHPlMgr; C:\Program Files\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [91432 2009-02-05] (Sony Corporation) R2 uCamMonitor; C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.) S3 VAIO Entertainment TV Device Arbitration Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe [69632 2009-01-21] (Sony Corporation) [File not signed] R2 VAIO Event Service; C:\Program Files\sony\VAIO Event Service\VESMgr.exe [203624 2009-01-19] (Sony Corporation) R2 VAIO Power Management; C:\Program Files\Sony\VAIO Power Management\SPMService.exe [415592 2008-12-19] (Sony Corporation) S3 VcmIAlzMgr; C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [394536 2009-01-19] (Sony Corporation) R3 Vcsw; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe [313264 2009-01-21] (Sony Corporation) S3 VUAgent; C:\Program Files\sony\VAIO Update 5\VUAgent.exe [722288 2010-04-09] (Sony Corporation) R2 VzCdbSvc; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe [192512 2009-01-21] (Sony Corporation) [File not signed] R2 yksvc; C:\Windows\System32\ykx32mpcoinst.dll [282624 2009-02-10] (Marvell) S2 3f17c95f; "C:\Windows\system32\rundll32.exe" "c:\progra~1\so_boo~1\AssistantSvc.dll",service S2 gupdate; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [X] S3 gupdatem; "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [17920 2008-04-24] (ArcSoft, Inc.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98160 2014-10-07] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-10-07] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2014-08-15] (Avira Operations GmbH & Co. KG) R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [79304 2008-12-19] (McAfee, Inc.) R3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [35272 2008-12-19] (McAfee, Inc.) R1 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [213640 2008-12-19] (McAfee, Inc.) S3 mferkdk; C:\Windows\System32\drivers\mferkdk.sys [34216 2008-12-19] (McAfee, Inc.) R3 mfesmfk; C:\Windows\System32\drivers\mfesmfk.sys [40552 2008-12-19] (McAfee, Inc.) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation) R1 MPFP; C:\Windows\System32\Drivers\Mpfp.sys [130424 2008-10-23] (McAfee, Inc.) R1 MpKslb3ecba18; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{51D1D6C5-3ECC-4D51-BCC8-2AA5AA080117}\MpKslb3ecba18.sys [39464 2014-12-31] (Microsoft Corporation) R3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtHDMIV.sys [155808 2009-02-23] (Realtek Semiconductor Corp.) R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2014-08-15] (Avira GmbH) S3 igfx; system32\DRIVERS\igdkmd32.sys [X] S3 IntcHdmiAddService; system32\drivers\IntcHdmi.sys [X] S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] S4 UIUSys; system32\DRIVERS\UIUSYS.SYS [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-31 11:27 - 2014-12-31 11:28 - 00024174 _____ () C:\Users\azita21.mmm-PC\Downloads\FRST.txt 2014-12-31 11:26 - 2014-12-31 11:27 - 00000000 ____D () C:\FRST 2014-12-31 11:25 - 2014-12-31 11:26 - 01114624 _____ (Farbar) C:\Users\azita21.mmm-PC\Downloads\FRST.exe 2014-12-31 11:02 - 2014-10-30 12:24 - 00229000 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2014-12-30 23:50 - 2014-12-30 23:50 - 00002154 _____ () C:\Windows\epplauncher.mif 2014-12-30 23:49 - 2014-12-30 23:49 - 00001826 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk 2014-12-30 23:47 - 2014-12-30 23:49 - 00000000 ____D () C:\Program Files\Microsoft Security Client 2014-12-30 23:38 - 2014-12-30 23:39 - 11473216 _____ (Microsoft Corporation) C:\Users\azita21.mmm-PC\Downloads\MSEInstall (1).exe 2014-12-30 23:38 - 2014-12-30 23:38 - 14107296 _____ (Microsoft Corporation) C:\Users\azita21.mmm-PC\Downloads\MSEInstall.exe 2014-12-30 21:17 - 2014-12-30 21:20 - 13947406 _____ () C:\Users\azita21.mmm-PC\Downloads\Install_FD10DXZ_Trial.zip 2014-12-23 00:50 - 2014-12-23 00:51 - 00088641 _____ () C:\Users\azita21.mmm-PC\Downloads\hamburg_alstertanne_weihnacht_tanne_alster_jungfernstieg_michel_3666386309_600x450xcr.jpeg 2014-12-16 01:36 - 2014-12-16 01:36 - 05948992 _____ () C:\Users\azita21.mmm-PC\Downloads\Fragile lyrics - Tech N9ne (Kendall Morgan, Kendrick Lamar & ¡Mayday!).mp4 2014-12-15 21:55 - 2014-12-15 22:03 - 167650716 _____ () C:\Users\azita21.mmm-PC\Downloads\In Fashion- Sir Paul Smith interview.mp4 2014-12-12 02:26 - 2014-12-12 02:28 - 152333158 _____ () C:\Users\azita21.mmm-PC\Downloads\Sensational S'more Cones!! - Camp Food Pt.2.mp4 2014-12-12 02:25 - 2014-12-12 02:28 - 190470924 _____ () C:\Users\azita21.mmm-PC\Downloads\Boys Gone Wild - Camp Food Pt.1.mp4 ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-31 11:21 - 2014-06-20 00:16 - 00001112 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-12-31 11:13 - 2014-07-07 00:54 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-12-31 11:07 - 2014-06-19 23:16 - 01694728 _____ () C:\Windows\WindowsUpdate.log 2014-12-31 00:23 - 2014-08-21 23:00 - 00000000 ____D () C:\Users\azita21.mmm-PC\Desktop\tomo 2014-12-31 00:12 - 2014-07-02 22:28 - 00000480 ____H () C:\Windows\Tasks\SO_Booster-S-126785670.job 2014-12-31 00:12 - 2014-06-26 00:30 - 00000464 ____H () C:\Windows\Tasks\SO_Booster-S-4675958519.job 2014-12-31 00:12 - 2014-06-20 00:16 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-12-31 00:09 - 2014-06-19 23:35 - 00031985 _____ () C:\Windows\system32\Config.MPF 2014-12-31 00:05 - 2014-06-19 23:30 - 00000000 ____D () C:\Program Files\McAfee 2014-12-31 00:05 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-12-31 00:05 - 2006-11-02 13:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2014-12-31 00:05 - 2006-11-02 13:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2014-12-31 00:04 - 2008-01-21 03:47 - 00588150 _____ () C:\Windows\PFRO.log 2014-12-31 00:02 - 2009-05-15 09:57 - 00000012 _____ () C:\Windows\bthservsdp.dat 2014-12-31 00:02 - 2006-11-02 14:01 - 00025016 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-12-30 20:57 - 2008-01-21 08:16 - 01565124 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-12-23 00:51 - 2014-09-03 00:58 - 155762616 _____ () C:\Users\azita21.mmm-PC\Downloads\How to Talk to Your Crush.mp4 2014-12-16 02:22 - 2006-11-02 13:52 - 00107520 _____ () C:\Windows\setupact.log 2014-12-15 01:00 - 2014-06-19 23:31 - 00000372 _____ () C:\Windows\Tasks\McDefragTask.job 2014-12-12 11:33 - 2014-06-19 23:37 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-12-11 01:13 - 2014-07-07 00:54 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-12-11 01:13 - 2014-07-07 00:54 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2014-12-06 18:36 - 2014-09-16 00:39 - 180013387 _____ () C:\Users\azita21.mmm-PC\Downloads\The What If- Game Ft. Daniel Radcliffe (1).mp4 2014-12-06 18:35 - 2014-09-16 00:43 - 46816571 _____ () C:\Users\azita21.mmm-PC\Downloads\Epic Rap Battle- Nerd vs. Geek (1).mp4 2014-12-06 18:35 - 2014-09-16 00:42 - 103218786 _____ () C:\Users\azita21.mmm-PC\Downloads\Daniel Radcliffe Talks About The Friend Zone.mp4 Some content of TEMP: ==================== C:\Users\azita\AppData\Local\Temp\avgnt.exe C:\Users\azita\AppData\Local\Temp\BackupSetup.exe C:\Users\azita\AppData\Local\Temp\Quarantine.exe C:\Users\azita\AppData\Local\Temp\vcredist_x86.exe C:\Users\azita21.mmm-PC\AppData\Local\Temp\avgnt.exe C:\Users\azita21.mmm-PC\AppData\Local\Temp\BackupSetup.exe C:\Users\azita21.mmm-PC\AppData\Local\Temp\cloud_backup_setup.exe C:\Users\azita21.mmm-PC\AppData\Local\Temp\dlLogic.exe C:\Users\azita21.mmm-PC\AppData\Local\Temp\dltr.exe C:\Users\azita21.mmm-PC\AppData\Local\Temp\GCVerifier.dll C:\Users\azita21.mmm-PC\AppData\Local\Temp\lly_istart123.exe C:\Users\azita21.mmm-PC\AppData\Local\Temp\newvideoplayersetup.exe C:\Users\azita21.mmm-PC\AppData\Local\Temp\nsj547E.exe C:\Users\azita21.mmm-PC\AppData\Local\Temp\nsoB4A3.exe C:\Users\azita21.mmm-PC\AppData\Local\Temp\nsu461C.exe C:\Users\azita21.mmm-PC\AppData\Local\Temp\nszABBD.exe C:\Users\azita21.mmm-PC\AppData\Local\Temp\post2.dll C:\Users\azita21.mmm-PC\AppData\Local\Temp\post2.exe C:\Users\azita21.mmm-PC\AppData\Local\Temp\Quarantine.exe C:\Users\azita21.mmm-PC\AppData\Local\Temp\speedupmypc.exe C:\Users\azita21.mmm-PC\AppData\Local\Temp\verifier.exe C:\Users\azita21.mmm-PC\AppData\Local\Temp\vopackage.exe C:\Users\mmm.mmm-PC\AppData\Local\Temp\avgnt.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-12-31 00:20 ==================== End Of Log ============================ Addition.txt Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 28-12-2014 Ran by azita21 at 2014-12-31 11:29:07 Running from C:\Users\azita21.mmm-PC\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859} AV: McAfee VirusScan (Disabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892} AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1} AV: McAfee VirusScan (Enabled - Out of date) {86355677-4064-3EA7-ABB3-1B136EB04637} AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C} AS: McAfee VirusScan (Disabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F} AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: McAfee VirusScan (Enabled - Up to date) {3D54B793-665E-3129-9103-206115370C8A} FW: McAfee Personal Firewall (Enabled) {BE0ED752-0A0B-3FFF-80EC-B2269063014C} FW: McAfee Personal Firewall (Disabled) {959DA8E2-3527-57D1-4915-924367AD4FE9} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated) Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated) Adobe Illustrator CS2 (HKLM\...\Adobe Illustrator CS2) (Version: 12.000.000 - Adobe Systems Inc.) Adobe Reader 9.0.1 - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-A90100000001}) (Version: 9.0.1 - Adobe Systems Incorporated) Adobe SVG Viewer 3.0 (HKLM\...\Adobe SVG Viewer) (Version: 3.0 - Adobe Systems, Inc.) Alps Pointing-device for VAIO (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: - ALPS ELECTRIC CO., LTD.) Apple Application Support (HKLM\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{235EBB33-3DA1-46DF-AADE-9955123409CB}) (Version: 8.0.5.6 - Apple Inc.) Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) ArcSoft Magic-i Visual Effects 2 (HKLM\...\{7BB90344-0647-468E-925A-7F69F7983421}) (Version: 2.0.1.39 - ArcSoft) ArcSoft WebCam Companion 2 (HKLM\...\{9973498D-EA29-4A68-BE0B-C88D6E03E928}) (Version: - ArcSoft) ATI Catalyst Install Manager (HKLM\...\{C144CB60-EE5D-B625-C672-176AC5B488D2}) (Version: 3.0.710.0 - ATI Technologies, Inc.) Avira (HKLM\...\{9480d4af-12b9-4e56-8034-4031ef6ab39d}) (Version: 1.1.25.25607 - Avira Operations GmbH & Co. KG) Avira (Version: 1.1.25.25607 - Avira Operations GmbH & Co. KG) Hidden Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira) Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.) ccc-core-static (Version: 2009.0210.2216.39965 - Ihr Firmenname) Hidden Choice Guard (Version: 1.2.87.0 - Microsoft Corporation) Hidden Click to Disc (HKLM\...\{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}) (Version: 1.2.60.13210 - Sony Corporation) Click to Disc (Version: 1.2.60.13210 - Sony Corporation) Hidden Click to Disc Editor (HKLM\...\InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}) (Version: 2.0.00 - Sony Corporation) Click to Disc Editor (Version: 2.0.00 - Sony Corporation) Hidden Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Genesis (HKU\S-1-5-21-3996859763-3761385545-3165565353-1001\...\genesis_08201850) (Version: - ) <==== ATTENTION Google Chrome (HKLM\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.) Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden HDAUDIO SoftV92 Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200) (Version: - ) Intel(R) PROSet/Wireless WiFi-Software (HKLM\...\{52A7C6A6-6B88-47D1-922E-9F8A7E089E6A}) (Version: 12.01.1000 - Intel(R) Corporation) istart123 uninstall (HKLM\...\istart123 uninstall) (Version: - istart123) <==== ATTENTION iTunes (HKLM\...\{5D928931-D1D2-4A93-A82D-BF60D0E7CFA5}) (Version: 12.0.1.26 - Apple Inc.) Java(TM) 6 Update 11 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216011FF}) (Version: 6.0.110 - Sun Microsystems, Inc.) McAfee SecurityCenter (HKLM\...\MSC) (Version: - McAfee, Inc.) McAfee SiteAdvisor (HKLM\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.156 - McAfee, Inc.) Me&My VAIO (HKLM\...\{76D7CCD6-8369-405C-B494-5F34FAE67249}) (Version: 1.2.0.14020 - Sony Corporation) Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version: - Microsoft Corporation) Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation) Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office PowerPoint Viewer 2007 (German) (HKLM\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Suite Activation Assistant (HKLM\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation) Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Works (HKLM\...\{62F7DA7E-CCCB-439C-A760-00C3926E761F}) (Version: 9.7.0621 - Microsoft Corporation) MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) Music Transfer (HKLM\...\{CE2121C6-C94D-4A73-8EA4-6943F33EE335}) (Version: 1.3.01.13160 - Sony Corporation) Norton Online Backup aktivieren (HKLM\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 1.0.2046 - Symantec) OpenMG Secure Module 5.3.00 (HKLM\...\InstallShield_{DEF97A70-C67D-41E1-837C-6462C97A6F65}) (Version: 5.3.00.13080 - Sony Corporation) OpenMG Secure Module 5.3.00 (Version: 5.3.00.13080 - Sony Corporation) Hidden Primo (Version: 1.00.0000 - Your Company Name) Hidden Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5759 - Realtek Semiconductor Corp.) Roxio Easy Media Creator 10 LJ (HKLM\...\{537BF16E-7412-448C-95D8-846E85A1D817}) (Version: 10.1 - Roxio) Runtime (Version: 1.00.0000 - Your Company Name) Hidden Setting Utility Series (HKLM\...\{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}) (Version: 4.3.0.14120 - Sony Corporation) Skins (Version: 2009.0210.2216.39965 - ATI) Hidden Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.) Software Info for Me&My VAIO (HKLM\...\{69C8B1E3-2665-4A0F-B049-67746E5C4CE3}) (Version: 1.0.0.14020 - Sony Corporation) Sony Home Network Library (HKLM\...\{D03D02D8-AB64-4785-A48E-5AA8B0FB8C14}) (Version: 1.4.0.14050 - Sony Corporation) Sony Home Network Library (Version: 1.4.0.14050 - Sony Corporation) Hidden Sony Picture Utility (HKLM\...\{D5068583-D569-468B-9755-5FBF5848F46F}) (Version: 4.2.12.14260 - Sony Corporation) Sony Video Shared Library (HKLM\...\{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}) (Version: 3.5.00 - Sony Corporation) Splashtop (HKLM\...\splashtop) (Version: 1.0.7.2 - DeviceVM, Inc.) Splashtop (Version: 1.0.7.2 - DeviceVM, Inc.) Hidden Unterstützung für VAIO-Präsentation (HKLM\...\{2018C019-30D9-4240-8C01-0865C10DCF5A}) (Version: 1.2.0.12240 - Sony Corporation) Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft) Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft) Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft) VAIO Content Folder Setting (HKLM\...\{23825B69-36DF-4DAD-9CFD-118D11D80F16}) (Version: 2.3.0.12220 - Sony Corporation) VAIO Content Folder Watcher (HKLM\...\{327B75F0-92AF-420A-988F-FA596A218E0B}) (Version: 1.1.0.13140 - Sony Corporation) VAIO Content Folder Watcher (Version: 1.1.0.13140 - Sony Corporation) Hidden VAIO Content Metadata Intelligent Analyzing Manager (HKLM\...\{BFD85D24-D4F3-4CCC-B518-D7C4FC29C76D}) (Version: 3.4.0.13192 - Sony Corporation) VAIO Content Metadata Intelligent Analyzing Manager (Version: 3.4.0.13192 - Sony Corporation) Hidden VAIO Content Metadata Manager Setting (HKLM\...\{EADE97A7-E7AA-43FD-A042-92A68E0187A6}) (Version: 3.4.0.13160 - Sony Corporation) VAIO Content Metadata Manager Setting (Version: 3.4.0.13160 - Sony Corporation) Hidden VAIO Content Metadata XML Interface Library (HKLM\...\{E3453B1B-C91B-4C48-B046-8DF635DD46F2}) (Version: 3.4.0.13160 - Sony Corporation) VAIO Content Metadata XML Interface Library (Version: 3.4.0.13160 - Sony Corporation) Hidden VAIO Control Center (HKLM\...\{72042FA6-5609-489F-A8EA-3C2DD650F667}) (Version: 3.3.0.12240 - Sony Corporation) VAIO Data Restore Tool (HKLM\...\{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}) (Version: 1.1.00.13080 - Sony Corporation) VAIO DVD Menu Data Basic (HKLM\...\{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}) (Version: 1.0.00.08130 - Sony Corporation) VAIO Energie Verwaltung (HKLM\...\{5F5867F0-2D23-4338-A206-01A76C823924}) (Version: 3.3.0.12190 - Sony Corporation) VAIO Entertainment Platform (HKLM\...\{6B1F20F2-6321-4669-A58C-33DF8E7517FF}) (Version: 3.4.0.13210 - Sony Corporation) VAIO Entertainment Platform (Version: 3.4.0.13210 - Sony Corporation) Hidden VAIO Event Service (HKLM\...\{C7477742-DDB4-43E5-AC8D-0259E1E661B1}) (Version: 4.3.0.13190 - Sony Corporation) VAIO Marketing Tools (HKLM\...\MarketingTools) (Version: - Sony Corporation) VAIO Media plus (HKLM\...\{8DE50158-80AA-4FF2-9E9F-0A7C46F71FCD}) (Version: 1.4.0.14050 - Sony Corporation) VAIO Media plus Opening Movie (HKLM\...\{9238E8A4-BEBA-43A3-B926-769BDBF194C5}) (Version: 1.2.0.09100 - Sony Corporation) VAIO Movie Story (HKLM\...\{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}) (Version: 1.4.00.13080 - Sony Corporation) VAIO Movie Story (Version: 1.4.00.13080 - Sony Corporation) Hidden VAIO Movie Story Template Data (HKLM\...\{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}) (Version: 1.4.00.13080 - Sony Corporation) VAIO MusicBox (HKLM\...\{D613E659-6503-42A8-9617-4F599061EAD5}) (Version: 2.2.0.13091 - Sony Corporation) VAIO MusicBox Sample Music (HKLM\...\{98FC7A64-774B-49B5-B046-4B4EBC053FA9}) (Version: 1.1.00.14140 - Sony Corporation) VAIO Original Function Setting (HKLM\...\{A63E7492-A0BC-4BB9-89A7-352965222380}) (Version: 1.5.01.10310 - Sony Corporation) VAIO Smart Network (HKLM\...\{3B659FAD-E772-44A3-B7E7-560FF084669F}) (Version: 2.3.0.12210 - Sony Corporation) VAIO Update (HKLM\...\{5BEE8F1F-BD32-4553-8107-500439E43BD7}) (Version: 5.1.1.04090 - Sony Corporation) VAIO Wallpaper Contents (HKLM\...\{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}) (Version: 1.3.0.10310 - Sony Corporation) WIDCOMM Bluetooth Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.0.8000 - Broadcom Corporation) Windows Live Anmelde-Assistent (HKLM\...\{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}) (Version: 5.000.818.6 - Microsoft Corporation) Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8050.1202 - Microsoft Corporation) Windows Live-Uploadtool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation) WinDVD BD for VAIO (HKLM\...\InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}) (Version: 8.0-B9.727 - InterVideo Inc.) WinDVD BD for VAIO (Version: 8.0-B9.727 - InterVideo Inc.) Hidden ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 19-11-2014 21:47:44 Geplanter Prüfpunkt 21-11-2014 12:46:01 Geplanter Prüfpunkt 22-11-2014 11:59:10 Geplanter Prüfpunkt 28-11-2014 21:44:46 Gerätetreiber-Paketinstallation: Apple, Inc. USB-Controller 28-11-2014 21:46:53 Gerätetreiber-Paketinstallation: Apple Netzwerkadapter 28-11-2014 21:48:53 Installed iTunes 30-11-2014 13:23:44 Geplanter Prüfpunkt 07-12-2014 03:48:14 Geplanter Prüfpunkt 11-12-2014 20:35:33 Geplanter Prüfpunkt 12-12-2014 08:05:42 Windows Update 13-12-2014 12:05:33 Geplanter Prüfpunkt 14-12-2014 11:48:33 Geplanter Prüfpunkt 16-12-2014 17:53:16 Geplanter Prüfpunkt 19-12-2014 19:53:17 Geplanter Prüfpunkt 20-12-2014 11:12:32 Geplanter Prüfpunkt 21-12-2014 04:50:31 Geplanter Prüfpunkt 22-12-2014 11:22:08 Geplanter Prüfpunkt 23-12-2014 18:56:22 Geplanter Prüfpunkt 24-12-2014 17:40:52 Geplanter Prüfpunkt 27-12-2014 17:36:44 Geplanter Prüfpunkt 30-12-2014 19:08:14 Geplanter Prüfpunkt 30-12-2014 23:42:19 Windows Update 31-12-2014 11:01:42 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2006-11-02 11:23 - 2006-09-18 22:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ::1 localhost ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {12F05A7F-2EBF-4F48-96B4-DA3AEE2FF7E6} - System32\Tasks\ucjpde => C:\Users\azita\AppData\Local\ucjpde.bat [2014-07-07] () Task: {147984B0-FFBA-4562-9D7C-490F65FE566F} - System32\Tasks\nfflmtc => C:\Users\azita\AppData\Local\nfflmtc.bat [2014-07-07] () Task: {1D4E3C4B-4264-4945-9B02-4FC30406628C} - System32\Tasks\SO_Booster-S-126785670 => c:\programdata\wideblue installer\so_booster\SO_Booster.exe <==== ATTENTION Task: {2115A1BF-D089-4AEB-A512-781A1A3439CB} - System32\Tasks\SO_Booster-S-4675958519 => c:\programdata\blueocean\so_booster\SO_Booster.exe <==== ATTENTION Task: {29D10A04-931C-404B-8FB3-AE15D53D8AFD} - System32\Tasks\qbcenx => C:\Users\azita\AppData\Local\qbcenx.bat [2014-07-07] () Task: {3B7FE4AB-F10A-446E-AAE5-A86AFC9DD6B4} - System32\Tasks\livspur => C:\Users\azita\AppData\Local\livspur.bat [2014-07-07] () Task: {3C2C9D82-2FB6-42C1-9340-F717842931AB} - System32\Tasks\McDefragTask => c:\Program Files\McAfee\MQC\QcConsol.exe [2008-10-24] (McAfee, Inc.) Task: {4C779743-5077-45CF-A921-FC44CCFF6E7C} - System32\Tasks\euskca => C:\Users\azita\AppData\Local\euskca.bat [2014-07-07] () Task: {59217BDA-4C4A-4474-B8C7-2899EEE6DC53} - System32\Tasks\djgmc => C:\Users\azita\AppData\Local\djgmc.bat [2014-07-07] () Task: {5B0DC9ED-4B8E-45BB-AAD7-9C8CD1ACE50C} - System32\Tasks\SONY\VAIO Update\VAIO Update 5 => C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe [2010-04-09] (Sony Corporation) Task: {69FA8425-2DB8-47EC-B5EB-0E437FECAA06} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe Task: {7C18E654-317D-4FF7-903D-48B15DA7005E} - System32\Tasks\auauhtgs => C:\Users\azita\AppData\Local\auauhtgs.bat [2014-07-07] () Task: {7DD4B2A1-8D3B-4A3F-82EE-750BE23D7D45} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe Task: {802095F4-3235-4E46-BF84-BCB4ADDC50F9} - System32\Tasks\SONY\Me&My VAIO\Me&My VAIO => C:\Program Files\Sony\Me&My VAIO\QLGuide.exe Task: {81285A85-63DB-4F55-B758-4ED748527F58} - System32\Tasks\rwbnb => C:\Users\azita\AppData\Local\rwbnb.bat [2014-07-07] () Task: {97E964BB-8B17-4E99-8BC9-BA587610A375} - System32\Tasks\SONY\VAIO Recovery Center\VAIO Reminder => C:\Program Files\Sony\VAIO Reminder\VAIOReminder.exe [2009-01-13] (Sony Corporation) Task: {A55A7238-B6FB-45FA-83F3-9E7F83551449} - System32\Tasks\McQcTask => c:\Program Files\McAfee\MQC\QcConsol.exe [2008-10-24] (McAfee, Inc.) Task: {A69ED224-55FE-4C0C-81C6-11FC1E2C4F4E} - System32\Tasks\ekrahvdk => C:\Users\azita\AppData\Local\ekrahvdk.bat [2014-07-07] () Task: {A9A2954A-C8BD-4847-917F-B63A0F59AFF4} - System32\Tasks\kbxnshe => C:\Users\azita\AppData\Local\kbxnshe.bat [2014-07-07] () Task: {B619E332-90CE-4D6A-B025-060FB00D101D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {B68DDC0D-20C1-42C1-8180-3E2899023CA4} - System32\Tasks\wfvenfmc => C:\Users\azita\AppData\Local\wfvenfmc.bat [2014-07-07] () Task: {CC1F027C-ADE4-4C0F-8B67-38BCD40E700C} - System32\Tasks\uucbb => C:\Users\azita\AppData\Local\uucbb.bat [2014-07-07] () Task: {D0597CDA-23E3-49C1-A1F1-7F638C3455A8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-11] (Adobe Systems Incorporated) Task: {D7171AE0-EC66-4DDE-9FA2-2E53CE4ED248} - System32\Tasks\qmhdgc => C:\Users\azita\AppData\Local\qmhdgc.bat [2014-07-07] () Task: {F70C03A3-BA86-4BF7-AE77-FA9214C5CEBF} - System32\Tasks\ibdya => C:\Users\azita\AppData\Local\ibdya.bat [2014-07-07] () (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\McDefragTask.job => C:\Windows\system32\defrag.exe Task: C:\Windows\Tasks\McQcTask.job => c:\PROGRA~1\mcafee\mqc\QcConsol.exe Task: C:\Windows\Tasks\SO_Booster-S-126785670.job => c:\programdata\wideblue installer\so_booster\SO_Booster.exe <==== ATTENTION Task: C:\Windows\Tasks\SO_Booster-S-4675958519.job => c:\programdata\blueocean\so_booster\SO_Booster.exe <==== ATTENTION ==================== Loaded Modules (whitelisted) ============= 2008-08-20 15:10 - 2008-08-20 15:10 - 00200704 _____ () C:\Program Files\Intel\WiFi\bin\IWMSPROV.DLL 2014-10-11 13:06 - 2014-10-11 13:06 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2014-06-19 23:33 - 2008-09-04 10:43 - 00116000 _____ () c:\Program Files\McAfee\SiteAdvisor\apengine.dll 2014-06-19 23:33 - 2008-09-04 10:43 - 00070432 _____ () c:\Program Files\McAfee\SiteAdvisor\mcfrmwk.dll 2014-06-19 23:33 - 2008-09-04 10:43 - 00206112 _____ () c:\Program Files\McAfee\SiteAdvisor\cntscan.dll 2014-06-19 23:53 - 2009-01-19 11:49 - 00010752 _____ () C:\Program Files\Sony\VAIO Event Service\VESBasePS.dll 2014-06-19 23:53 - 2009-01-19 11:49 - 00009728 _____ () C:\Program Files\Sony\VAIO Event Service\VESMgrSubPS.dll 2009-05-15 18:21 - 2009-03-02 21:16 - 00159744 _____ () C:\Windows\system32\atitmmxx.dll 2014-06-19 23:21 - 2014-06-19 23:21 - 00014848 _____ () C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll 2008-08-26 10:41 - 2008-08-26 10:41 - 00016384 ____R () c:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll 2014-06-20 00:16 - 2014-06-05 14:58 - 04217672 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.153\pdf.dll 2014-06-20 00:16 - 2014-06-05 14:58 - 00414536 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll 2014-06-20 00:16 - 2014-06-05 14:58 - 01732424 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.153\ffmpegsumo.dll 2014-07-21 12:52 - 2014-02-10 12:44 - 04592128 _____ () C:\Users\azita21.mmm-PC\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll 2014-07-21 12:52 - 2014-02-10 12:44 - 00112128 _____ () C:\Users\azita21.mmm-PC\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll 2014-07-21 12:36 - 2014-07-08 07:18 - 14663856 _____ () C:\Users\azita21.mmm-PC\AppData\Local\Google\Chrome\User Data\PepperFlash\14.0.0.145\pepflashplayer.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:373E1720 AlternateDataStreams: C:\Users\azita21.mmm-PC\Downloads\Artists vs TMNT. Epic Rap Battles of History Season 3 Finale..mp4:TOC.WMV AlternateDataStreams: C:\Users\azita21.mmm-PC\Downloads\Atoms For Peace - Shinkiba Studio Coast, Tokyo, Japan (2013) HD.mp4:TOC.WMV AlternateDataStreams: C:\Users\azita21.mmm-PC\Downloads\Daniel Radcliffe Talks About The Friend Zone.mp4:TOC.WMV AlternateDataStreams: C:\Users\azita21.mmm-PC\Downloads\Epic Rap Battle- Nerd vs. Geek (1).mp4:TOC.WMV AlternateDataStreams: C:\Users\azita21.mmm-PC\Downloads\How to Talk to Your Crush.mp4:TOC.WMV AlternateDataStreams: C:\Users\azita21.mmm-PC\Downloads\Rhett & Link Get Waxed.mp4:TOC.WMV AlternateDataStreams: C:\Users\azita21.mmm-PC\Downloads\The Ghost Pepper Challenge.mp4:TOC.WMV AlternateDataStreams: C:\Users\azita21.mmm-PC\Downloads\The What If- Game Ft. Daniel Radcliffe (1).mp4:TOC.WMV AlternateDataStreams: C:\Users\azita21.mmm-PC\Downloads\Yo Daddy Battle (1).mp4:TOC.WMV ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ========================= Accounts: ========================== Administrator (S-1-5-21-3996859763-3761385545-3165565353-500 - Administrator - Disabled) azita (S-1-5-21-3996859763-3761385545-3165565353-1000 - Administrator - Enabled) => C:\Users\azita azita21 (S-1-5-21-3996859763-3761385545-3165565353-1001 - Administrator - Enabled) => C:\Users\azita21.mmm-PC Gast (S-1-5-21-3996859763-3761385545-3165565353-501 - Limited - Enabled) mmm (S-1-5-21-3996859763-3761385545-3165565353-1002 - Administrator - Enabled) => C:\Users\mmm.mmm-PC ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (12/31/2014 11:33:18 AM) (Source: McLogEvent) (EventID: 5051) (User: NT-AUTORITÄT) Description: Ein Thread in Vorgang C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe brauchte länger als 90000 ms, um eine Anfrage auszuführen. Der Vorgang wird beendet. Thread-ID: 3600 (0xe10) Thread-Adresse: 0x770996F4 Thread-Nachricht: Build VSCORE.14.0.0.405 / 5300.2777 Object being scanned = \Device\HarddiskVolume2\Users\azita21.mmm-PC\Downloads\Setup.exe by c:\Program Files\Microsoft Security Client\MsMpEng.exe 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0) Error: (12/31/2014 10:41:59 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 37092452 Error: (12/31/2014 10:41:59 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 37092452 Error: (12/31/2014 10:41:59 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (12/31/2014 10:41:57 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 37090486 Error: (12/31/2014 10:41:57 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 37090486 Error: (12/31/2014 10:41:57 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (12/31/2014 10:41:56 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 37089425 Error: (12/31/2014 10:41:56 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 37089425 Error: (12/31/2014 10:41:56 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second System errors: ============= Error: (12/31/2014 11:33:25 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: McAfee Real-time Scanner1600001Neustart des Diensts Error: (12/31/2014 00:10:49 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Google Update-Dienst (gupdate)%%2 Error: (12/31/2014 00:07:36 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: 30000Avira Service Host Error: (12/31/2014 00:07:36 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: 30000SO_Sustainer Error: (12/31/2014 00:07:36 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Parallel port driver%%1058 Error: (12/31/2014 00:05:31 AM) (Source: HTTP) (EventID: 15016) (User: ) Description: \Device\Http\ReqQueueKerberos Error: (12/31/2014 00:01:24 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: ) Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt. Neue Signaturversion: Vorherige Signaturversion: 1.191.1200.0 Aktualisierungsquelle: %NT-AUTORITÄT59 Aktualisierungsphase: 4.6.0305.00 Quellpfad: 4.6.0305.01 Signaturtyp: %NT-AUTORITÄT602 Aktualisierungstyp: %NT-AUTORITÄT604 Benutzer: NT-AUTORITÄT\SYSTEM Aktuelle Modulversion: %NT-AUTORITÄT605 Vorherige Modulversion: %NT-AUTORITÄT606 Fehlercode: %NT-AUTORITÄT607 Fehlerbeschreibung: %NT-AUTORITÄT608 Error: (12/30/2014 11:59:10 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: {6295DF2D-35EE-11D1-8707-00C04FD93327} Error: (12/30/2014 11:56:05 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: ) Description: Beim Aktualisieren der Signaturen wurde von %mmm-PC60 ein Fehler festgestellt. Neue Signaturversion: Vorherige Signaturversion: 0.0.0.0 Aktualisierungsquelle: %mmm-PC51 Aktualisierungsphase: 4.6.0305.00 Quellpfad: 4.6.0305.01 Signaturtyp: %mmm-PC602 Aktualisierungstyp: %mmm-PC604 Benutzer: mmm-PC\azita21 Aktuelle Modulversion: %mmm-PC605 Vorherige Modulversion: %mmm-PC606 Fehlercode: %mmm-PC607 Fehlerbeschreibung: %mmm-PC608 Error: (12/30/2014 11:55:46 PM) (Source: Microsoft Antimalware) (EventID: 2003) (User: ) Description: Beim Aktualisieren des Moduls wurde von %mmm-PC60 ein Fehler festgestellt. Neue Modulversion: Vorherige Modulversion: Modultyp: %mmm-PC604 Benutzer: mmm-PC\azita21 Fehlercode: %mmm-PC601 Fehlerbeschreibung: %mmm-PC602 Microsoft Office Sessions: ========================= CodeIntegrity Errors: =================================== Date: 2014-12-31 11:28:11.482 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-12-31 11:28:11.385 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-12-31 11:28:11.293 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-12-31 11:28:11.208 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-12-31 11:28:11.044 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-12-31 11:28:10.965 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-12-31 11:28:10.880 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-12-31 11:28:10.760 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-09-19 09:58:01.612 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-09-19 09:58:01.487 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Geändert von mewmew (31.12.2014 um 16:30 Uhr) |
31.12.2014, 18:39 | #4 |
/// the machine /// TB-Ausbilder | USB Dateien als Verknüpfung angezeigt Lade Dir bitte von hier Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
Panda USB Vaccine Bitte lade Dir von hier Panda USB Vaccine herunter.
Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
01.01.2015, 00:24 | #5 |
| USB Dateien als Verknüpfung angezeigt Ich habe aus versehen combofix ausgeführt bevor ich die antivirus programme deaktiviert habe, darauf hat mich dann combofix hingewiesen und ich habe sie dann deaktiviert und dann den scan gestartet. kann ich jetzt alles wieder aktivieren, sollte ich combofix jetzt deinstallieren? mein inaktives mcafee programm sagt mir ständig, dass combofix schädlich sein könnte... hier die logfile Code:
ATTFilter ComboFix 14-12-30.01 - azita21 31.12.2014 23:40:58.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.49.1031.18.3038.1225 [GMT 1:00] ausgeführt von:: c:\users\azita21.mmm-PC\Downloads\ComboFix.exe AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859} AV: McAfee VirusScan *Disabled/Outdated* {86355677-4064-3EA7-ABB3-1B136EB04637} AV: McAfee VirusScan *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892} FW: McAfee Personal Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9} FW: McAfee Personal Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C} SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4} SP: McAfee VirusScan *Disabled/Outdated* {3D54B793-665E-3129-9103-206115370C8A} SP: McAfee VirusScan *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F} SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\ntuser.pol c:\programdata\Roaming c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\background.html c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\content.js c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\lsdb.js c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\manifest.json c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\Mmvs4RO4XL.js c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eaongaogdgldgphnbioefiadjaoljmif c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eaongaogdgldgphnbioefiadjaoljmif\2.14\background.html c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eaongaogdgldgphnbioefiadjaoljmif\2.14\content.js c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eaongaogdgldgphnbioefiadjaoljmif\2.14\cYbFcqR.js c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eaongaogdgldgphnbioefiadjaoljmif\2.14\lsdb.js c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eaongaogdgldgphnbioefiadjaoljmif\2.14\manifest.json c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\background.html c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\content.js c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\lsdb.js c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\manifest.json c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\Mmvs4RO4XL.js c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oajmcmcpiboagipoflploplebgicaadj c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oajmcmcpiboagipoflploplebgicaadj\244\background.html c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oajmcmcpiboagipoflploplebgicaadj\244\content.js c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oajmcmcpiboagipoflploplebgicaadj\244\inDr4DS.js c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oajmcmcpiboagipoflploplebgicaadj\244\lsdb.js c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oajmcmcpiboagipoflploplebgicaadj\244\manifest.json c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\oajmcmcpiboagipoflploplebgicaadj c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\oajmcmcpiboagipoflploplebgicaadj\244\background.html c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\oajmcmcpiboagipoflploplebgicaadj\244\content.js c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\oajmcmcpiboagipoflploplebgicaadj\244\inDr4DS.js c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\oajmcmcpiboagipoflploplebgicaadj\244\lsdb.js c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\oajmcmcpiboagipoflploplebgicaadj\244\manifest.json c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eggkjddfhddopindkfioepjplbgcamgp_0.localstorage-journal c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eggkjddfhddopindkfioepjplbgcamgp_0.localstorage c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_oajmcmcpiboagipoflploplebgicaadj_0.localstorage-journal c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_oajmcmcpiboagipoflploplebgicaadj_0.localstorage c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\preferences c:\users\azita\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem c:\users\azita\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\background.html c:\users\azita\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\content.js c:\users\azita\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\lsdb.js c:\users\azita\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\manifest.json c:\users\azita\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\Mmvs4RO4XL.js c:\users\azita\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem c:\users\azita\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\background.html c:\users\azita\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\content.js c:\users\azita\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\lsdb.js c:\users\azita\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\manifest.json c:\users\azita\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\Mmvs4RO4XL.js c:\users\azita\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcdpjakjgmgklajndnlekpojkelnibfp c:\users\azita\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcdpjakjgmgklajndnlekpojkelnibfp\232\background.html c:\users\azita\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcdpjakjgmgklajndnlekpojkelnibfp\232\content.js c:\users\azita\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcdpjakjgmgklajndnlekpojkelnibfp\232\lsdb.js c:\users\azita\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcdpjakjgmgklajndnlekpojkelnibfp\232\manifest.json c:\users\azita\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcdpjakjgmgklajndnlekpojkelnibfp\232\vTjIssd2E.js c:\users\azita\AppData\Local\Google\Chrome\User Data\Default\Extensions\eimhdmlhdgmboegnmecdnfbmdmhdoool c:\users\azita\AppData\Local\Google\Chrome\User Data\Default\Extensions\eimhdmlhdgmboegnmecdnfbmdmhdoool\233\background.html c:\users\azita\AppData\Local\Google\Chrome\User Data\Default\Extensions\eimhdmlhdgmboegnmecdnfbmdmhdoool\233\content.js c:\users\azita\AppData\Local\Google\Chrome\User Data\Default\Extensions\eimhdmlhdgmboegnmecdnfbmdmhdoool\233\lsdb.js c:\users\azita\AppData\Local\Google\Chrome\User Data\Default\Extensions\eimhdmlhdgmboegnmecdnfbmdmhdoool\233\manifest.json c:\users\azita\AppData\Local\Google\Chrome\User Data\Default\Extensions\eimhdmlhdgmboegnmecdnfbmdmhdoool\233\uqoNLV.js c:\users\azita\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oajmcmcpiboagipoflploplebgicaadj c:\users\azita\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oajmcmcpiboagipoflploplebgicaadj\000029.log c:\users\azita\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oajmcmcpiboagipoflploplebgicaadj\CURRENT c:\users\azita\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oajmcmcpiboagipoflploplebgicaadj\LOCK c:\users\azita\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oajmcmcpiboagipoflploplebgicaadj\LOG c:\users\azita\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oajmcmcpiboagipoflploplebgicaadj\LOG.old c:\users\azita\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oajmcmcpiboagipoflploplebgicaadj\MANIFEST-000028 c:\users\azita\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojikelkknjgenapclhclakdlllgpnmbh c:\users\azita\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojikelkknjgenapclhclakdlllgpnmbh\000005.ldb c:\users\azita\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojikelkknjgenapclhclakdlllgpnmbh\000008.ldb c:\users\azita\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojikelkknjgenapclhclakdlllgpnmbh\000013.ldb c:\users\azita\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojikelkknjgenapclhclakdlllgpnmbh\000014.log c:\users\azita\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojikelkknjgenapclhclakdlllgpnmbh\CURRENT c:\users\azita\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojikelkknjgenapclhclakdlllgpnmbh\LOCK c:\users\azita\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojikelkknjgenapclhclakdlllgpnmbh\LOG c:\users\azita\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojikelkknjgenapclhclakdlllgpnmbh\LOG.old c:\users\azita\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojikelkknjgenapclhclakdlllgpnmbh\MANIFEST-000012 c:\users\azita\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_dcdpjakjgmgklajndnlekpojkelnibfp_0.localstorage-journal c:\users\azita\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_dcdpjakjgmgklajndnlekpojkelnibfp_0.localstorage c:\users\azita\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eimhdmlhdgmboegnmecdnfbmdmhdoool_0.localstorage-journal c:\users\azita\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eimhdmlhdgmboegnmecdnfbmdmhdoool_0.localstorage c:\users\azita\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_kmbhlefgdonlhbobodmjccfbmcbejfhj_0.localstorage-journal c:\users\azita\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_kmbhlefgdonlhbobodmjccfbmcbejfhj_0.localstorage c:\users\azita\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ojikelkknjgenapclhclakdlllgpnmbh_0.localstorage-journal c:\users\azita\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ojikelkknjgenapclhclakdlllgpnmbh_0.localstorage c:\users\azita\AppData\Local\Google\Chrome\User Data\Default\Preferences c:\users\AZITA2~1.MMM\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll c:\users\azita21.mmm-PC\AppData\Local\Google\Chrome\User Data\Default\Preferences c:\users\azita21.mmm-PC\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll c:\users\azita21\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem c:\users\azita21\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\background.html c:\users\azita21\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\content.js c:\users\azita21\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\lsdb.js c:\users\azita21\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\manifest.json c:\users\azita21\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\Mmvs4RO4XL.js c:\users\azita21\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem c:\users\azita21\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\background.html c:\users\azita21\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\content.js c:\users\azita21\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\lsdb.js c:\users\azita21\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\manifest.json c:\users\azita21\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\Mmvs4RO4XL.js c:\users\azita21\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\background.html c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\content.js c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\lsdb.js c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\manifest.json c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\Mmvs4RO4XL.js c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\background.html c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\content.js c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\lsdb.js c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\manifest.json c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\Mmvs4RO4XL.js c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eaongaogdgldgphnbioefiadjaoljmif c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eaongaogdgldgphnbioefiadjaoljmif\2.14\background.html c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eaongaogdgldgphnbioefiadjaoljmif\2.14\content.js c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eaongaogdgldgphnbioefiadjaoljmif\2.14\cYbFcqR.js c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eaongaogdgldgphnbioefiadjaoljmif\2.14\lsdb.js c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eaongaogdgldgphnbioefiadjaoljmif\2.14\manifest.json c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oajmcmcpiboagipoflploplebgicaadj c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oajmcmcpiboagipoflploplebgicaadj\244\background.html c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oajmcmcpiboagipoflploplebgicaadj\244\content.js c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oajmcmcpiboagipoflploplebgicaadj\244\inDr4DS.js c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oajmcmcpiboagipoflploplebgicaadj\244\lsdb.js c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oajmcmcpiboagipoflploplebgicaadj\244\manifest.json c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eaongaogdgldgphnbioefiadjaoljmif c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eaongaogdgldgphnbioefiadjaoljmif\2.14\background.html c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eaongaogdgldgphnbioefiadjaoljmif\2.14\content.js c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eaongaogdgldgphnbioefiadjaoljmif\2.14\cYbFcqR.js c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eaongaogdgldgphnbioefiadjaoljmif\2.14\lsdb.js c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eaongaogdgldgphnbioefiadjaoljmif\2.14\manifest.json c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oajmcmcpiboagipoflploplebgicaadj c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oajmcmcpiboagipoflploplebgicaadj\244\background.html c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oajmcmcpiboagipoflploplebgicaadj\244\content.js c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oajmcmcpiboagipoflploplebgicaadj\244\inDr4DS.js c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oajmcmcpiboagipoflploplebgicaadj\244\lsdb.js c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oajmcmcpiboagipoflploplebgicaadj\244\manifest.json c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\eaongaogdgldgphnbioefiadjaoljmif c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\oajmcmcpiboagipoflploplebgicaadj c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\oajmcmcpiboagipoflploplebgicaadj\244\background.html c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\oajmcmcpiboagipoflploplebgicaadj\244\content.js c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\oajmcmcpiboagipoflploplebgicaadj\244\inDr4DS.js c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\oajmcmcpiboagipoflploplebgicaadj\244\lsdb.js c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\oajmcmcpiboagipoflploplebgicaadj\244\manifest.json c:\users\mmm.mmm-PC\AppData\Local\Google\Chrome\User Data\Default\Preferences c:\users\mmm\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem c:\users\mmm\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\background.html c:\users\mmm\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\content.js c:\users\mmm\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\lsdb.js c:\users\mmm\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\manifest.json c:\users\mmm\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\Mmvs4RO4XL.js c:\users\mmm\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem c:\users\mmm\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\background.html c:\users\mmm\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\content.js c:\users\mmm\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\lsdb.js c:\users\mmm\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\manifest.json c:\users\mmm\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\Mmvs4RO4XL.js c:\users\mmm\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem c:\windows\security\logs\scecomp.log c:\windows\system32\Thumbs.db . . ((((((((((((((((((((((( Dateien erstellt von 2014-11-28 bis 2014-12-31 )))))))))))))))))))))))))))))) . . 2014-12-31 22:51 . 2014-12-31 22:51 -------- d-----w- c:\users\mmm.mmm-PC\AppData\Local\temp 2014-12-31 22:51 . 2014-12-31 22:51 -------- d-----w- c:\users\Default\AppData\Local\temp 2014-12-31 22:51 . 2014-12-31 22:51 -------- d-----w- c:\users\azita\AppData\Local\temp 2014-12-31 22:13 . 2014-12-31 22:13 -------- d-----w- c:\programdata\Panda Security 2014-12-31 22:13 . 2014-12-31 22:13 -------- d-----w- c:\program files\Panda USB Vaccine 2014-12-31 22:03 . 2014-12-31 22:03 -------- d-----w- c:\program files\VS Revo Group 2014-12-31 10:26 . 2014-12-31 10:36 -------- d-----w- C:\FRST 2014-12-31 10:02 . 2014-10-30 11:24 229000 ------w- c:\windows\system32\MpSigStub.exe . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-12-11 00:13 . 2014-07-06 23:54 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2014-12-11 00:13 . 2014-07-06 23:54 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2014-11-18 13:56 . 2014-11-18 13:56 1202848 ----a-w- c:\windows\system32\FM20.DLL 2014-10-27 21:30 . 2014-10-27 21:30 1207568 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2014-10-07 11:29 . 2014-08-28 15:36 136216 ----a-w- c:\windows\system32\drivers\avipbb.sys 2014-10-07 11:29 . 2014-08-28 15:36 98160 ----a-w- c:\windows\system32\drivers\avgntflt.sys . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "genesis_08201850"="/r" [X] "WindowsWelcomeCenter"="oobefldr.dll" [2008-01-21 2153472] "NSUFloatingUI"="c:\program files\Sony\Network Utility\LANUtil.exe" [2008-12-21 274432] "GoogleChromeAutoLaunch_058E7E9EBC9AFAD151F8EE0ED50FBC3A"="c:\program files\Google\Chrome\Application\chrome.exe" [2014-06-05 860488] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-01-06 6703648] "Apoint"="c:\program files\Apoint\Apoint.exe" [2009-04-13 155648] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-12-03 35184] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-15 136600] "ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2008-12-18 317288] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-10 61440] "McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2008-09-12 1176808] "MarketingTools"="c:\program files\Sony\Marketing Tools\MarketingTools.exe" [2014-06-19 26624] "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2008-12-16 645328] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2014-12-04 702768] "Avira Systray"="c:\program files\Avira\My Avira\Avira.OE.Systray.exe" [2014-10-22 124208] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2014-10-15 157480] . c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664] . c:\users\azita21.mmm-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-3-1 789032] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon] 2009-01-19 10:49 98304 ----a-w- c:\windows\System32\VESWinlogon.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "mixer3"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . R2 3f17c95f;SO_Sustainer;c:\windows\system32\rundll32.exe [2006-11-02 44544] . . --- Andere Dienste/Treiber im Speicher --- . *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ yksvcs REG_MULTI_SZ yksvc . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2014-06-19 23:16 1091912 ----a-w- c:\program files\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe . Inhalt des "geplante Tasks" Ordners . 2014-12-31 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-06 00:13] . 2014-12-15 c:\windows\Tasks\McDefragTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2014-06-19 07:38] . 2014-09-30 c:\windows\Tasks\McQcTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2014-06-19 07:38] . . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://www.google.com mStart Page = about:blank uInternet Settings,ProxyOverride = *.local IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm TCP: DhcpNameServer = 192.168.2.1 . - - - - Entfernte verwaiste Registrierungseinträge - - - - . HKLM-Run-fst_de_88 - (no file) HKLM-Run-fst_de_147 - c:\program files\fst_de_147\fst_de_147.exe c:\users\azita\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vggopxip.lnk - c:\users\azita21.mmm-PC\AppData\Local\vggopxip.exe /r c:\users\azita21.mmm-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk - c:\program files\MyPC Backup\MyPC Backup.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net Rootkit scan 2015-01-01 00:00 Windows 6.0.6001 Service Pack 1 NTFS . Scanne versteckte Prozesse... . Scanne versteckte Autostarteinträge... . Scanne versteckte Dateien... . Scan erfolgreich abgeschlossen versteckte Dateien: 0 . ************************************************************************** . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:00000042 . --------------------- Durch laufende Prozesse gestartete DLLs --------------------- . - - - - - - - > 'Explorer.exe'(5940) c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll . ------------------------ Weitere laufende Prozesse ------------------------ . c:\windows\system32\Ati2evxx.exe c:\program files\Realtek\Audio\HDA\RtkAudioService.exe c:\windows\system32\WLANExt.exe c:\program files\Avira\AntiVir Desktop\sched.exe c:\windows\system32\Ati2evxx.exe c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe c:\program files\Intel\WiFi\bin\EvtEng.exe c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe c:\program files\McAfee\SiteAdvisor\McSACore.exe c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe c:\progra~1\McAfee\VIRUSS~1\mcshield.exe c:\program files\McAfee\MPF\MPFSrv.exe c:\program files\McAfee\MSK\MskSrver.exe c:\program files\sony\Network Utility\NSUService.exe c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe c:\program files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe c:\program files\sony\VAIO Event Service\VESMgr.exe c:\program files\Sony\VAIO Power Management\SPMService.exe c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe c:\windows\system32\DllHost.exe c:\windows\system32\DRIVERS\xaudio.exe c:\windows\system32\WUDFHost.exe c:\program files\sony\VAIO Event Service\VESMgrSub.exe c:\windows\system32\DllHost.exe c:\program files\Sony\VAIO Power Management\SPMgr.exe c:\program files\Sony\VAIO Update 5\VAIOUpdt.exe c:\program files\Sony\VAIO Reminder\VAIOReminder.exe c:\program files\Panda USB Vaccine\USBVaccine.exe c:\program files\Avira\AntiVir Desktop\avshadow.exe c:\progra~1\McAfee\MSC\mcmscsvc.exe c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe c:\progra~1\McAfee.com\Agent\mcagent.exe c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe c:\windows\system32\conime.exe c:\progra~1\mcafee\VIRUSS~1\mcvsshld.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe c:\program files\Apoint\ApMsgFwd.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\program files\Apoint\Apntex.exe c:\program files\Apoint\Apvfb.exe c:\program files\Microsoft Office\Office12\ONENOTEM.EXE c:\progra~1\COMMON~1\mcafee\mna\mcnasvc.exe c:\program files\iPod\bin\iPodService.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe c:\windows\servicing\TrustedInstaller.exe . ************************************************************************** . Zeit der Fertigstellung: 2015-01-01 00:08:24 - PC wurde neu gestartet ComboFix-quarantined-files.txt 2014-12-31 23:08 . Vor Suchlauf: 13 Verzeichnis(se), 372.782.649.344 Bytes frei Nach Suchlauf: 21 Verzeichnis(se), 374.361.063.424 Bytes frei . - - End Of File - - 28E777B69FCBCE7033E5F4D7C9BB2E82 5C616939100B85E558DA92B899A0FC36 |
01.01.2015, 08:40 | #6 |
/// the machine /// TB-Ausbilder | USB Dateien als Verknüpfung angezeigt USB anklemmen und dran lassen. Downloade Dir bitte Malwarebytes Anti-Malware
Downloade Dir bitte AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ --> USB Dateien als Verknüpfung angezeigt |
01.01.2015, 14:07 | #7 |
| USB Dateien als Verknüpfung angezeigt mbam Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Protection, 01.01.2015 12:19:43, SYSTEM, MMM-PC, Protection, Malware Protection, Starting, Protection, 01.01.2015 12:19:46, SYSTEM, MMM-PC, Protection, Malware Protection, Started, Protection, 01.01.2015 12:19:46, SYSTEM, MMM-PC, Protection, Malicious Website Protection, Starting, Protection, 01.01.2015 12:19:54, SYSTEM, MMM-PC, Protection, Malicious Website Protection, Started, Update, 01.01.2015 12:20:03, SYSTEM, MMM-PC, Manual, Remediation Database, 2013.10.16.1, 2014.12.6.1, Update, 01.01.2015 12:20:03, SYSTEM, MMM-PC, Manual, Rootkit Database, 2014.11.18.1, 2014.12.30.1, Update, 01.01.2015 12:20:12, SYSTEM, MMM-PC, Manual, Malware Database, 2014.11.20.6, 2015.1.1.2, Protection, 01.01.2015 12:20:12, SYSTEM, MMM-PC, Protection, Refresh, Starting, Protection, 01.01.2015 12:20:12, SYSTEM, MMM-PC, Protection, Malicious Website Protection, Stopping, Protection, 01.01.2015 12:20:13, SYSTEM, MMM-PC, Protection, Malicious Website Protection, Stopped, Protection, 01.01.2015 12:20:21, SYSTEM, MMM-PC, Protection, Refresh, Success, Protection, 01.01.2015 12:20:21, SYSTEM, MMM-PC, Protection, Malicious Website Protection, Starting, Protection, 01.01.2015 12:20:22, SYSTEM, MMM-PC, Protection, Malicious Website Protection, Started, Protection, 01.01.2015 13:19:43, SYSTEM, MMM-PC, Protection, Malware Protection, Starting, Protection, 01.01.2015 13:19:43, SYSTEM, MMM-PC, Protection, Malware Protection, Started, Protection, 01.01.2015 13:19:43, SYSTEM, MMM-PC, Protection, Malicious Website Protection, Starting, Protection, 01.01.2015 13:22:31, SYSTEM, MMM-PC, Protection, Malicious Website Protection, Started, (end) Code:
ATTFilter # AdwCleaner v4.106 - Bericht erstellt am 01/01/2015 um 13:32:26 # Aktualisiert 21/12/2014 von Xplode # Database : 2014-12-21.4 [Local] # Betriebssystem : Windows Vista (TM) Home Premium Service Pack 1 (32 bits) # Benutzername : azita21 - MMM-PC # Gestartet von : C:\Users\azita21.mmm-PC\Desktop\AdwCleaner_4.106.exe # Option : Suchen ***** [ Dienste ] ***** ***** [ Dateien / Ordner ] ***** Ordner Gefunden : C:\ProgramData\48f81aa1bb9c31ec Ordner Gefunden : C:\ProgramData\Wideblue installer ***** [ Tasks ] ***** Task Gefunden : APSnotifierPP1 Task Gefunden : APSnotifierPP2 Task Gefunden : APSnotifierPP3 Task Gefunden : globalUpdateUpdateTaskMachineCore Task Gefunden : globalUpdateUpdateTaskMachineUA ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762} ***** [ Browser ] ***** -\\ Internet Explorer v7.0.6001.18527 -\\ Google Chrome v35.0.1916.153 ************************* AdwCleaner[R0].txt - [23136 octets] - [12/07/2014 15:55:31] AdwCleaner[R1].txt - [13846 octets] - [04/09/2014 11:11:09] AdwCleaner[R2].txt - [1166 octets] - [01/01/2015 13:32:26] AdwCleaner[S0].txt - [21120 octets] - [12/07/2014 16:21:06] AdwCleaner[S1].txt - [12167 octets] - [04/09/2014 11:14:15] ########## EOF - C:\AdwCleaner\AdwCleaner[R2].txt - [1348 octets] ########## Code:
ATTFilter # AdwCleaner v4.106 - Bericht erstellt am 01/01/2015 um 13:38:37 # Aktualisiert 21/12/2014 von Xplode # Database : 2014-12-21.4 [Local] # Betriebssystem : Windows Vista (TM) Home Premium Service Pack 1 (32 bits) # Benutzername : azita21 - MMM-PC # Gestartet von : C:\Users\azita21.mmm-PC\Desktop\AdwCleaner_4.106.exe # Option : Löschen ***** [ Dienste ] ***** ***** [ Dateien / Ordner ] ***** Ordner Gelöscht : C:\ProgramData\Wideblue installer Ordner Gelöscht : C:\ProgramData\48f81aa1bb9c31ec ***** [ Tasks ] ***** ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762} ***** [ Browser ] ***** -\\ Internet Explorer v7.0.6001.18527 -\\ Google Chrome v35.0.1916.153 ************************* AdwCleaner[R0].txt - [23136 octets] - [12/07/2014 15:55:31] AdwCleaner[R1].txt - [13846 octets] - [04/09/2014 11:11:09] AdwCleaner[R2].txt - [1428 octets] - [01/01/2015 13:32:26] AdwCleaner[S0].txt - [21120 octets] - [12/07/2014 16:21:06] AdwCleaner[S1].txt - [12167 octets] - [04/09/2014 11:14:15] AdwCleaner[S2].txt - [1153 octets] - [01/01/2015 13:38:37] ########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1213 octets] ########## Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.4.1 (12.28.2014:1) OS: Windows Vista (TM) Home Premium x86 Ran by azita21 on 01.01.2015 at 13:51:42,85 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB} Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB} ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\Users\azita21.mmm-PC\AppData\Roaming\systweak" Successfully deleted: [Folder] "C:\Users\azita21.mmm-PC\AppData\Roaming\vopackage" Successfully deleted: [Folder] "C:\Users\azita21.mmm-PC\AppData\Roaming\microsoft\windows\start menu\programs\mypc backup" Successfully deleted: [Folder] "C:\Users\azita21.mmm-PC\AppData\Roaming\microsoft\windows\start menu\programs\vopackage" ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 01.01.2015 at 13:57:47,22 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-12-2014 Ran by azita21 (administrator) on MMM-PC on 01-01-2015 14:02:46 Running from c:\Users\azita21.mmm-PC\Downloads Loaded Profile: azita21 (Available profiles: azita & azita21 & mmm) Platform: Microsoft® Windows Vista™ Home Premium Service Pack 1 (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 7 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe (Microsoft Corporation) C:\Windows\System32\SLsvc.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe (Sony Corporation) C:\Program Files\sony\VAIO Update 5\VAIOUpdt.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apoint.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jusched.exe (Sony Corporation) C:\Program Files\sony\ISB Utility\ISBMgr.exe (Sony Corporation) C:\Program Files\sony\Marketing Tools\MarketingTools.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (McAfee, Inc.) C:\Program Files\McAfee.com\Agent\mcagent.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe (Sony Corporation) C:\Program Files\sony\Network Utility\LANUtil.exe (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe (McAfee, Inc.) C:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.) C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.) C:\Program Files\McAfee\MPF\MpfSrv.exe (McAfee, Inc.) C:\Program Files\McAfee\MSK\msksrver.exe (Sony Corporation) C:\Program Files\sony\Network Utility\NSUService.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe (Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ArcSoft, Inc.) C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (Sony Corporation) C:\Program Files\sony\VAIO Event Service\VESMgr.exe (Panda Security) C:\Program Files\Panda USB Vaccine\USBVaccine.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe (Sony Corporation) C:\Program Files\sony\VAIO Event Service\VESMgrSub.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (McAfee, Inc.) C:\Program Files\McAfee\MSC\mcmscsvc.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApMsgFwd.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApntEx.exe (ALPS) C:\Program Files\Apoint\Apvfb.exe (McAfee, Inc.) C:\Program Files\McAfee\VirusScan\mcsysmon.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (Microsoft Corporation) C:\Windows\System32\wuauclt.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [6703648 2009-01-06] (Realtek Semiconductor) HKLM\...\Run: [Apoint] => C:\Program Files\Apoint\Apoint.exe [155648 2009-04-13] (Alps Electric Co., Ltd.) HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [35184 2008-12-03] (Adobe Systems Incorporated) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Java\jre6\bin\jusched.exe [136600 2009-05-15] (Sun Microsystems, Inc.) HKLM\...\Run: [ISBMgr.exe] => C:\Program Files\Sony\ISB Utility\ISBMgr.exe [317288 2008-12-18] (Sony Corporation) HKLM\...\Run: [StartCCC] => c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2009-02-10] (Advanced Micro Devices, Inc.) HKLM\...\Run: [McENUI] => C:\Program Files\McAfee\MHN\McENUI.exe [1176808 2008-09-12] (McAfee, Inc.) HKLM\...\Run: [MarketingTools] => C:\Program Files\Sony\Marketing Tools\MarketingTools.exe [26624 2014-06-19] (Sony Corporation) HKLM\...\Run: [mcagent_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [645328 2008-12-16] (McAfee, Inc.) HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-04] (Avira Operations GmbH & Co. KG) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.) HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [126200 2014-11-20] (Avira Operations GmbH & Co. KG) Winlogon\Notify\igfxcui: igfxdev.dll [X] Winlogon\Notify\VESWinlogon: C:\Windows\system32\VESWinlogon.dll (Sony Corporation) HKU\S-1-5-21-3996859763-3761385545-3165565353-1001\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-21-3996859763-3761385545-3165565353-1001\...\Run: [NSUFloatingUI] => C:\Program Files\Sony\Network Utility\LANUtil.exe [274432 2008-12-21] (Sony Corporation) HKU\S-1-5-21-3996859763-3761385545-3165565353-1001\...\Run: [GoogleChromeAutoLaunch_058E7E9EBC9AFAD151F8EE0ED50FBC3A] => C:\Program Files\Google\Chrome\Application\chrome.exe [860488 2014-06-05] (Google Inc.) HKU\S-1-5-21-3996859763-3761385545-3165565353-1001\...\Run: [genesis_08201850] => /r HKU\S-1-5-21-3996859763-3761385545-3165565353-1001\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation) Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) Startup: C:\Users\azita21.mmm-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) Startup: C:\Users\azita21.mmm-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-3996859763-3761385545-3165565353-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-3996859763-3761385545-3165565353-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SNYT SearchScopes: HKLM -> {EA6E82DD-9489-4B32-8E7B-5A97F7EF3395} URL = hxxp://www.google.de/search?hl=de&q={searchTerms}&meta= SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3996859763-3761385545-3165565353-1001 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SNYT SearchScopes: HKU\S-1-5-21-3996859763-3761385545-3165565353-1001 -> {EA6E82DD-9489-4B32-8E7B-5A97F7EF3395} URL = hxxp://www.google.de/search?hl=de&q={searchTerms}&meta= BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> C:\Program Files\McAfee\MSK\MskAPBho.dll () BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) BHO: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.) BHO: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation) Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation) Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_246.dll () FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-06-20] FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor FF Extension: McAfee SiteAdvisor - C:\Program Files\McAfee\SiteAdvisor [2014-06-19] Chrome: ======= CHR dev: Chrome dev build detected! <======= ATTENTION CHR Profile: C:\Users\azita21.mmm-PC\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Docs) - C:\Users\azita21.mmm-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-21] CHR Extension: (Google Drive) - C:\Users\azita21.mmm-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-21] CHR Extension: (YouTube) - C:\Users\azita21.mmm-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-21] CHR Extension: (Google Search) - C:\Users\azita21.mmm-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-21] CHR Extension: (SiteAdvisor) - C:\Users\azita21.mmm-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2014-07-21] CHR Extension: (Avira Browserschutz) - C:\Users\azita21.mmm-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-08-28] CHR Extension: (Gmail) - C:\Users\azita21.mmm-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-21] CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - No Path CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [109056 2008-08-01] (ArcSoft Inc.) S3 Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2014-07-01] (Adobe Systems) [File not signed] R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [431920 2014-12-04] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-04] (Avira Operations GmbH & Co. KG) S2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-11-20] (Avira Operations GmbH & Co. KG) R2 EvtEng; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [860160 2008-08-20] (Intel(R) Corporation) [File not signed] R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) R2 McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [131136 2014-12-03] (McAfee, Inc.) R2 mcmscsvc; C:\Program Files\McAfee\MSC\mcmscsvc.exe [797864 2008-12-16] (McAfee, Inc.) R2 McNASvc; c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe [2482848 2008-10-24] (McAfee, Inc.) S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [365072 2008-12-13] (McAfee, Inc.) R2 McProxy; c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe [359952 2008-10-23] (McAfee, Inc.) R2 McShield; C:\Program Files\McAfee\VirusScan\Mcshield.exe [144704 2008-12-19] (McAfee, Inc.) R3 McSysmon; C:\Program Files\McAfee\VirusScan\mcsysmon.exe [606736 2008-12-16] (McAfee, Inc.) R2 MpfService; C:\Program Files\McAfee\MPF\MPFSrv.exe [884360 2008-12-05] (McAfee, Inc.) R2 MSK80Service; C:\Program Files\McAfee\MSK\MskSrver.exe [26640 2008-11-25] (McAfee, Inc.) R2 NSUService; C:\Program Files\sony\Network Utility\NSUService.exe [303104 2008-12-21] (Sony Corporation) [File not signed] S3 PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [114688 2009-01-07] (Sony Corporation) [File not signed] S2 RegSrvc; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [466944 2008-08-20] (Intel(R) Corporation) [File not signed] R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService.exe [109088 2009-01-06] (Realtek Semiconductor) S3 SOHDBSvr; C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [70952 2009-02-05] (Sony Corporation) S3 SOHPlMgr; C:\Program Files\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [91432 2009-02-05] (Sony Corporation) R2 uCamMonitor; C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.) S3 VAIO Entertainment TV Device Arbitration Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe [69632 2009-01-21] (Sony Corporation) [File not signed] R2 VAIO Event Service; C:\Program Files\sony\VAIO Event Service\VESMgr.exe [203624 2009-01-19] (Sony Corporation) S2 VAIO Power Management; C:\Program Files\Sony\VAIO Power Management\SPMService.exe [415592 2008-12-19] (Sony Corporation) S3 VcmIAlzMgr; C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [394536 2009-01-19] (Sony Corporation) R3 Vcsw; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe [313264 2009-01-21] (Sony Corporation) S3 VUAgent; C:\Program Files\sony\VAIO Update 5\VUAgent.exe [722288 2010-04-09] (Sony Corporation) R2 VzCdbSvc; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe [192512 2009-01-21] (Sony Corporation) [File not signed] R2 yksvc; C:\Windows\System32\ykx32mpcoinst.dll [282624 2009-02-10] (Marvell) S2 3f17c95f; "C:\Windows\system32\rundll32.exe" "c:\progra~1\so_boo~1\AssistantSvc.dll",service S2 gupdate; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [X] S3 gupdatem; "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [17920 2008-04-24] (ArcSoft, Inc.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98160 2014-10-07] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-10-07] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2014-08-15] (Avira Operations GmbH & Co. KG) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-01-01] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation) R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [79304 2008-12-19] (McAfee, Inc.) R3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [35272 2008-12-19] (McAfee, Inc.) R1 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [213640 2008-12-19] (McAfee, Inc.) S3 mferkdk; C:\Windows\System32\drivers\mferkdk.sys [34216 2008-12-19] (McAfee, Inc.) R3 mfesmfk; C:\Windows\System32\drivers\mfesmfk.sys [40552 2008-12-19] (McAfee, Inc.) R1 MPFP; C:\Windows\System32\Drivers\Mpfp.sys [130424 2008-10-23] (McAfee, Inc.) R3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtHDMIV.sys [155808 2009-02-23] (Realtek Semiconductor Corp.) R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2014-08-15] (Avira GmbH) U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation) S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 igfx; system32\DRIVERS\igdkmd32.sys [X] S3 IntcHdmiAddService; system32\drivers\IntcHdmi.sys [X] S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] S4 UIUSys; system32\DRIVERS\UIUSYS.SYS [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-01 13:57 - 2015-01-01 13:57 - 00001342 _____ () C:\Users\azita21.mmm-PC\Desktop\JRT.txt 2015-01-01 13:50 - 2015-01-01 13:50 - 00001295 _____ () C:\Users\azita21.mmm-PC\Desktop\AdwCleaner[S2].txt 2015-01-01 13:49 - 2015-01-01 13:49 - 00000000 ____D () C:\Windows\ERUNT 2015-01-01 13:48 - 2015-01-01 13:48 - 01707939 _____ (Thisisu) C:\Users\azita21.mmm-PC\Downloads\JRT.exe 2015-01-01 13:30 - 2015-01-01 13:30 - 02173952 _____ () C:\Users\azita21.mmm-PC\Desktop\AdwCleaner_4.106.exe 2015-01-01 13:30 - 2015-01-01 13:30 - 00001717 _____ () C:\Users\azita21.mmm-PC\Desktop\mbam.txt 2015-01-01 13:28 - 2015-01-01 13:28 - 00001002 _____ () C:\Users\Public\Desktop\Avira.lnk 2015-01-01 12:19 - 2015-01-01 13:47 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-01-01 12:19 - 2015-01-01 12:19 - 00000899 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-01-01 12:19 - 2015-01-01 12:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-01-01 12:18 - 2015-01-01 12:19 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2015-01-01 12:18 - 2015-01-01 12:18 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-01-01 12:18 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-01-01 12:18 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-01-01 12:18 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-01-01 12:12 - 2015-01-01 12:12 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\azita21.mmm-PC\Downloads\mbam-setup-2.0.4.1028.exe 2015-01-01 00:08 - 2015-01-01 00:08 - 00031317 _____ () C:\ComboFix.txt 2014-12-31 23:38 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe 2014-12-31 23:38 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe 2014-12-31 23:38 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2014-12-31 23:38 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2014-12-31 23:38 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2014-12-31 23:38 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe 2014-12-31 23:38 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe 2014-12-31 23:38 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe 2014-12-31 23:18 - 2015-01-01 00:08 - 00000000 ____D () C:\Qoobox 2014-12-31 23:17 - 2015-01-01 00:06 - 00000000 ____D () C:\Windows\erdnt 2014-12-31 23:16 - 2014-12-31 23:17 - 00848856 _____ (Panda Security ) C:\Users\azita21.mmm-PC\Downloads\USBVaccineSetup (1).exe 2014-12-31 23:14 - 2014-12-31 23:14 - 05604036 ____R (Swearware) C:\Users\azita21.mmm-PC\Downloads\ComboFix.exe 2014-12-31 23:13 - 2014-12-31 23:13 - 00000000 ____D () C:\ProgramData\Panda Security 2014-12-31 23:13 - 2014-12-31 23:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security 2014-12-31 23:13 - 2014-12-31 23:13 - 00000000 ____D () C:\Program Files\Panda USB Vaccine 2014-12-31 23:12 - 2014-12-31 23:12 - 00848856 _____ (Panda Security ) C:\Users\azita21.mmm-PC\Downloads\USBVaccineSetup.exe 2014-12-31 23:03 - 2014-12-31 23:03 - 00001057 _____ () C:\Users\azita21.mmm-PC\Desktop\Revo Uninstaller.lnk 2014-12-31 23:03 - 2014-12-31 23:03 - 00000000 ____D () C:\Program Files\VS Revo Group 2014-12-31 23:02 - 2014-12-31 23:02 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\azita21.mmm-PC\Downloads\revosetup95.exe 2014-12-31 23:02 - 2014-12-31 23:02 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\azita21.mmm-PC\Downloads\revosetup95 (1).exe 2014-12-31 11:29 - 2014-12-31 11:36 - 00033090 _____ () C:\Users\azita21.mmm-PC\Downloads\Addition.txt 2014-12-31 11:27 - 2015-01-01 14:02 - 00022474 _____ () C:\Users\azita21.mmm-PC\Downloads\FRST.txt 2014-12-31 11:26 - 2015-01-01 14:02 - 00000000 ____D () C:\FRST 2014-12-31 11:25 - 2014-12-31 11:26 - 01114624 _____ (Farbar) C:\Users\azita21.mmm-PC\Downloads\FRST.exe 2014-12-31 11:02 - 2014-11-24 14:04 - 00229000 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2014-12-30 23:50 - 2014-12-31 23:38 - 00001912 _____ () C:\Windows\epplauncher.mif 2014-12-30 23:38 - 2014-12-30 23:39 - 11473216 _____ (Microsoft Corporation) C:\Users\azita21.mmm-PC\Downloads\MSEInstall (1).exe 2014-12-30 23:38 - 2014-12-30 23:38 - 14107296 _____ (Microsoft Corporation) C:\Users\azita21.mmm-PC\Downloads\MSEInstall.exe 2014-12-30 21:17 - 2014-12-30 21:20 - 13947406 _____ () C:\Users\azita21.mmm-PC\Downloads\Install_FD10DXZ_Trial.zip 2014-12-23 00:50 - 2014-12-23 00:51 - 00088641 _____ () C:\Users\azita21.mmm-PC\Downloads\hamburg_alstertanne_weihnacht_tanne_alster_jungfernstieg_michel_3666386309_600x450xcr.jpeg 2014-12-16 01:36 - 2014-12-16 01:36 - 05948992 _____ () C:\Users\azita21.mmm-PC\Downloads\Fragile lyrics - Tech N9ne (Kendall Morgan, Kendrick Lamar & ¡Mayday!).mp4 2014-12-15 21:55 - 2014-12-15 22:03 - 167650716 _____ () C:\Users\azita21.mmm-PC\Downloads\In Fashion- Sir Paul Smith interview.mp4 2014-12-12 02:26 - 2014-12-12 02:28 - 152333158 _____ () C:\Users\azita21.mmm-PC\Downloads\Sensational S'more Cones!! - Camp Food Pt.2.mp4 2014-12-12 02:25 - 2014-12-12 02:28 - 190470924 _____ () C:\Users\azita21.mmm-PC\Downloads\Boys Gone Wild - Camp Food Pt.1.mp4 ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-01 13:46 - 2014-06-19 23:35 - 00034391 _____ () C:\Windows\system32\Config.MPF 2015-01-01 13:40 - 2008-01-21 03:47 - 00591582 _____ () C:\Windows\PFRO.log 2015-01-01 13:40 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-01-01 13:40 - 2006-11-02 13:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2015-01-01 13:40 - 2006-11-02 13:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2015-01-01 13:39 - 2014-06-19 23:16 - 01759123 _____ () C:\Windows\WindowsUpdate.log 2015-01-01 13:39 - 2009-05-15 09:57 - 00000012 _____ () C:\Windows\bthservsdp.dat 2015-01-01 13:39 - 2006-11-02 14:01 - 00026150 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2015-01-01 13:38 - 2014-07-12 15:55 - 00000000 ____D () C:\AdwCleaner 2015-01-01 13:28 - 2014-08-28 17:32 - 00000000 ____D () C:\ProgramData\Package Cache 2015-01-01 13:28 - 2014-08-28 16:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2015-01-01 13:28 - 2014-08-28 16:36 - 00000000 ____D () C:\Program Files\Avira 2015-01-01 13:13 - 2014-07-07 00:54 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-01-01 00:59 - 2014-06-19 23:31 - 00000348 _____ () C:\Windows\Tasks\McQcTask.job 2015-01-01 00:08 - 2006-11-02 12:18 - 00000000 __RHD () C:\Users\Default 2015-01-01 00:08 - 2006-11-02 12:18 - 00000000 ___RD () C:\Users\Public 2014-12-31 23:59 - 2006-11-02 11:23 - 00000215 _____ () C:\Windows\system.ini 2014-12-31 00:23 - 2014-08-21 23:00 - 00000000 ____D () C:\Users\azita21.mmm-PC\Desktop\tomo 2014-12-31 00:05 - 2014-06-19 23:30 - 00000000 ____D () C:\Program Files\McAfee 2014-12-30 20:57 - 2008-01-21 08:16 - 01565124 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-12-23 00:51 - 2014-09-03 00:58 - 155762616 _____ () C:\Users\azita21.mmm-PC\Downloads\How to Talk to Your Crush.mp4 2014-12-16 02:22 - 2006-11-02 13:52 - 00107520 _____ () C:\Windows\setupact.log 2014-12-15 01:00 - 2014-06-19 23:31 - 00000372 _____ () C:\Windows\Tasks\McDefragTask.job 2014-12-12 11:33 - 2014-06-19 23:37 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-12-11 01:13 - 2014-07-07 00:54 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-12-11 01:13 - 2014-07-07 00:54 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2014-12-06 18:36 - 2014-09-16 00:39 - 180013387 _____ () C:\Users\azita21.mmm-PC\Downloads\The What If- Game Ft. Daniel Radcliffe (1).mp4 2014-12-06 18:35 - 2014-09-16 00:43 - 46816571 _____ () C:\Users\azita21.mmm-PC\Downloads\Epic Rap Battle- Nerd vs. Geek (1).mp4 2014-12-06 18:35 - 2014-09-16 00:42 - 103218786 _____ () C:\Users\azita21.mmm-PC\Downloads\Daniel Radcliffe Talks About The Friend Zone.mp4 Some content of TEMP: ==================== C:\Users\azita21.mmm-PC\AppData\Local\Temp\avgnt.exe C:\Users\azita21.mmm-PC\AppData\Local\Temp\Quarantine.exe C:\Users\azita21.mmm-PC\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-01-01 13:51 ==================== End Of Log ============================ --- --- --- |
01.01.2015, 16:26 | #8 |
/// the machine /// TB-Ausbilder | USB Dateien als Verknüpfung angezeigt Revo Uninstaller - Download - Filepony damit Chrome deinstallieren, keine Daten behalten, Reste entfernen lassen, neu installieren. Dann: https://support.google.com/chrome/answer/3296214?hl=de Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter HKU\S-1-5-21-3996859763-3761385545-3165565353-1001\...\Run: [genesis_08201850] => /r GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION HKU\S-1-5-21-3996859763-3761385545-3165565353-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - No Path CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path Emptytemp: Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
ESET Online Scanner
Downloade Dir bitte SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
02.01.2015, 14:12 | #9 |
| USB Dateien als Verknüpfung angezeigt Fixlog Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 28-12-2014 Ran by azita21 at 2015-01-02 00:20:59 Run:1 Running from C:\Users\azita21.mmm-PC\Downloads Loaded Profile: azita21 (Available profiles: azita & azita21 & mmm) Boot Mode: Normal ============================================== Content of fixlist: ***************** HKU\S-1-5-21-3996859763-3761385545-3165565353-1001\...\Run: [genesis_08201850] => /r GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION HKU\S-1-5-21-3996859763-3761385545-3165565353-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - No Path CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path Emptytemp: ***************** HKU\S-1-5-21-3996859763-3761385545-3165565353-1001\Software\Microsoft\Windows\CurrentVersion\Run\\genesis_08201850 => value deleted successfully. C:\Windows\system32\GroupPolicy\Machine => Moved successfully. C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully. "HKLM\SOFTWARE\Policies\Google" => Key deleted successfully. "HKU\S-1-5-21-3996859763-3761385545-3165565353-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully. "HKLM\SOFTWARE\Google\Chrome\Extensions\fheoggkfdfchfphceeifdbepaooicaho" => Key deleted successfully. "HKLM\SOFTWARE\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk" => Key deleted successfully. EmptyTemp: => Removed 88.8 MB temporary data. The system needed a reboot. ==== End of Fixlog 00:22:03 ==== Code:
ATTFilter # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7623 # api_version=3.0.2 # EOSSerial=9140a9e8566d914d819eb3693b6afac6 # engine=21785 # end=stopped # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2015-01-02 01:33:00 # local_time=2015-01-02 02:33:00 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1031 # osver=6.0.6001 NT Service Pack 1 # compatibility_mode_1='Avira Desktop' # compatibility_mode=1810 16777213 100 99 30422 12070977 0 0 # compatibility_mode_1='McAfee VirusScan' # compatibility_mode=5121 16776573 100 96 15872126 191014634 0 0 # compatibility_mode_1='' # compatibility_mode=5892 16776574 100 100 51123 257695108 0 0 # scanned=61667 # found=160 # cleaned=0 # scan_time=6946 sh=169902243AEBE2CD2F1B856E6EF1403514BEC67D ft=1 fh=fc6a22eefa41c9ca vn="Variante von MSIL/MyPCBackup.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\MyPC Backup\MyPC Backup.exe.vir" sh=69965658CBE50E2BDADB72755BB94332A4D5F971 ft=1 fh=b5c5c236bb0c961e vn="Variante von MSIL/NewPlayer.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\NewPlayer\AddonNP.exe.vir" sh=43A123C825F2DB7104D75DA73B6B71C0A2B320DA ft=1 fh=36bf59f3c65f5b85 vn="Variante von MSIL/NewPlayer.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\NewPlayer\NewVideoPlayer.exe.vir" sh=8F6E476776CD4FA44D506E22250FA6E5CC3082E3 ft=1 fh=079aa239846523ec vn="Variante von MSIL/NewPlayer.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\NewPlayer\NewVideoPlayerUpdater.exe.vir" sh=E519ED8E680E82B608957A593691208AF95AFC36 ft=0 fh=0000000000000000 vn="JS/Superfish.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\NewPlayer\AddOn\ChromeAddon\manifest.json.vir" sh=13D795C2E726FEC7BE8B15EADDEA20B893C45464 ft=0 fh=0000000000000000 vn="JS/Superfish.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\NewPlayer\AddOn\ChromeAddon\script.js.vir" sh=DBAE067FA9F72487D9331D77AFE14E3C6D77AE6F ft=0 fh=0000000000000000 vn="JS/Superfish.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\NewPlayer\flaelojgnhjgiilnmignlkamlcncclph\1.0_0\manifest.json.vir" sh=13D795C2E726FEC7BE8B15EADDEA20B893C45464 ft=0 fh=0000000000000000 vn="JS/Superfish.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\NewPlayer\flaelojgnhjgiilnmignlkamlcncclph\1.0_0\script.js.vir" sh=08120C49FFCC10FFF09C4965E1CCC99F08EC06E3 ft=1 fh=c4065e695ff8e78d vn="Variante von MSIL/NewPlayer.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\NewPlayer\references\NewPlayerChecker.exe.vir" sh=10AB6F5BF2AE7B357A7E1BEE97AA30A6512DE7DE ft=1 fh=fc4a296bcfd5af48 vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SearchProtect\Main\bin\CltMngSvc.exe.vir" sh=BB6E4EFDCDDC5C876EF941A8E8FC8C37A558C6D3 ft=1 fh=5a3b188cd9c263c2 vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SearchProtect\Main\bin\SPTool.dll.vir" sh=6E92E96780D7A012AEC66D81A04C1C1644989A7D ft=1 fh=42eab3640c7f75db vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SearchProtect\Main\bin\uninstall.exe.vir" sh=7F851F7F3AB08BB489A9E9553635ACFF24BD2F4F ft=1 fh=480bb73806aecf9e vn="Variante von Win32/Conduit.SearchProtect.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SearchProtect\SearchProtect\bin\cltmng.exe.vir" sh=ED0BB5C058DD66D8CF7FC430901119E5FA9460E8 ft=1 fh=493186a480a7c1be vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SearchProtect\SearchProtect\bin\SPTool64.exe.vir" sh=3ECB52E629A307F1154A11FFC420FEABA8805651 ft=1 fh=7eaccb99bfbac335 vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SearchProtect\SearchProtect\bin\SPVC32.dll.vir" sh=3009704625F497D74601071243D3260D3C026D48 ft=1 fh=29c0ddfe71de86ad vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SearchProtect\SearchProtect\bin\SPVC32Loader.dll.vir" sh=3F252E848CE5BA3571A8FA3B9CE9FD8D7EE86634 ft=1 fh=af780bdc59dfdab5 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SearchProtect\SearchProtect\bin\SPVC64.dll.vir" sh=68E215FD9A959DD28595B0DA25EC5100EFB98253 ft=1 fh=50730cf0e69141f8 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SearchProtect\SearchProtect\bin\SPVC64Loader.dll.vir" sh=EBB8454D4017FE184FD4B1A4D390C8CE099213C1 ft=1 fh=438201fe522fde58 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SearchProtect\UI\bin\cltmngui.exe.vir" sh=047D99E909F761A7DEA06B779AFE19B554A50C8E ft=1 fh=2380586d2a5d399e vn="Win32/Thinknice.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SupTab\DpInterface32.dll.vir" sh=7CE87614C256EF192C11FE5BAE8F5370D323C954 ft=1 fh=fada82384f0fa257 vn="Win64/Thinknice.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SupTab\DpInterface64.dll.vir" sh=A5C29D6E3E18E7337B054F2ED1716420C855E89D ft=1 fh=9eebf1fc4a4ec7f6 vn="Variante von Win32/Thinknice.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SupTab\DpInterfacef32.dll.vir" sh=75D8960BE3E4E8D69D5120AF145CD71BD2911E8A ft=1 fh=871c7df5222a359d vn="Win32/Thinknice.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SupTab\SearchProtect32.dll.vir" sh=CB0FACA0EFAC61A0E2C06A7AA2FB1226B4D259F6 ft=1 fh=748dcd1285b267f0 vn="Win64/Thinknice.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SupTab\SearchProtect64.dll.vir" sh=E9186EE9441DC1FFCEDC1B85C7E8F9610F74C545 ft=1 fh=217025d488d26a6f vn="Win32/Thinknice.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SupTab\SpAPPSv32.dll.vir" sh=7A5DEE7799ADCABA410C536555D47BBC2FCF53DE ft=1 fh=04f7507cc1643fbe vn="Win64/Thinknice.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SupTab\SpAPPSv64.dll.vir" sh=D900E7A2C4BEC4703960CFAC1B7F534858C113C4 ft=1 fh=61d87035b3a8bda7 vn="Win32/Thinknice.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SupTab\SupTab.dll.vir" sh=610AA9E7DAE8ED5181299795E8D728DF9F001918 ft=1 fh=c71c0011631e338a vn="Variante von Win32/AdWare.MultiPlug.Y Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Adblocker\uQ.exe.vir" sh=8EB72E101395FEBB37131078A884E25D05BB51C9 ft=1 fh=c71c00113a7cc125 vn="Variante von Win32/AdWare.MultiPlug.T Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\ReguularDeaLs\F2YAwPdR.dll.vir" sh=610AA9E7DAE8ED5181299795E8D728DF9F001918 ft=1 fh=c71c0011631e338a vn="Variante von Win32/AdWare.MultiPlug.Y Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\SavE On\1w4CqR2Ab.exe.vir" sh=0EDEFA987AD96277656D30D6BBE9E36FF8096603 ft=1 fh=c71c001158d95df3 vn="Variante von Win32/AdWare.MultiPlug.AG Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\SavE On\lNWc6OR2d.exe.vir" sh=0D6AEAF9DBBDED91342CE464798143DDDBA41306 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\content.js.vir" sh=2932A4B3E32623CF30952C97AB7C1DA8F73CF140 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\lsdb.js.vir" sh=0742B3A1E0610AC0F7D6F516D1C5EAF80C3C3155 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\Mmvs4RO4XL.js.vir" sh=0A5DE936298503354D4FB872FC4C7D0BC43A47AB ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\eaongaogdgldgphnbioefiadjaoljmif\2.14\cYbFcqR.js.vir" sh=0D6AEAF9DBBDED91342CE464798143DDDBA41306 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\content.js.vir" sh=2932A4B3E32623CF30952C97AB7C1DA8F73CF140 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\lsdb.js.vir" sh=0742B3A1E0610AC0F7D6F516D1C5EAF80C3C3155 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\Mmvs4RO4XL.js.vir" sh=0A5DE936298503354D4FB872FC4C7D0BC43A47AB ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\eaongaogdgldgphnbioefiadjaoljmif\2.14\cYbFcqR.js.vir" sh=0D6AEAF9DBBDED91342CE464798143DDDBA41306 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\content.js.vir" sh=2932A4B3E32623CF30952C97AB7C1DA8F73CF140 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\lsdb.js.vir" sh=0742B3A1E0610AC0F7D6F516D1C5EAF80C3C3155 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\Mmvs4RO4XL.js.vir" sh=0D7492DD9A350855F27FF2373D82145C3EAEDB5B ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\oajmcmcpiboagipoflploplebgicaadj\244\inDr4DS.js.vir" sh=1483AFFABA32C36F782F021B0A8FD0FF7C0AF9C3 ft=1 fh=4f0adcc353eb039f vn="Win32/VOPackage.BC evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\azita\AppData\Local\AnyProtectScannerSetup.exe.vir" sh=0D6AEAF9DBBDED91342CE464798143DDDBA41306 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\azita\AppData\Local\Chromatic Browser\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\content.js.vir" sh=2932A4B3E32623CF30952C97AB7C1DA8F73CF140 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\azita\AppData\Local\Chromatic Browser\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\lsdb.js.vir" sh=0742B3A1E0610AC0F7D6F516D1C5EAF80C3C3155 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\azita\AppData\Local\Chromatic Browser\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\Mmvs4RO4XL.js.vir" sh=0D6AEAF9DBBDED91342CE464798143DDDBA41306 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\azita\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\content.js.vir" sh=2932A4B3E32623CF30952C97AB7C1DA8F73CF140 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\azita\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\lsdb.js.vir" sh=0742B3A1E0610AC0F7D6F516D1C5EAF80C3C3155 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\azita\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\Mmvs4RO4XL.js.vir" sh=9B44A50B0CEC33F635818F1DEE7879E1EE13BBE9 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.EB Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\azita\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmbhlefgdonlhbobodmjccfbmcbejfhj\7.2\ranJB.js.vir" sh=0D6AEAF9DBBDED91342CE464798143DDDBA41306 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\azita\AppData\Local\torch\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\content.js.vir" sh=2932A4B3E32623CF30952C97AB7C1DA8F73CF140 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\azita\AppData\Local\torch\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\lsdb.js.vir" sh=0742B3A1E0610AC0F7D6F516D1C5EAF80C3C3155 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\azita\AppData\Local\torch\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\Mmvs4RO4XL.js.vir" sh=FEDDD9DAA3D941361E28D9ED92767D4FB2E77AE1 ft=1 fh=b99d9b5e29803b84 vn="Win32/Systweak.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\azita\AppData\Roaming\Systweak\ssd\SSDPTstub.exe.vir" sh=0D6AEAF9DBBDED91342CE464798143DDDBA41306 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\azita21\AppData\Local\Chromatic Browser\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\content.js.vir" sh=2932A4B3E32623CF30952C97AB7C1DA8F73CF140 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\azita21\AppData\Local\Chromatic Browser\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\lsdb.js.vir" sh=0742B3A1E0610AC0F7D6F516D1C5EAF80C3C3155 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\azita21\AppData\Local\Chromatic Browser\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\Mmvs4RO4XL.js.vir" sh=0D6AEAF9DBBDED91342CE464798143DDDBA41306 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\azita21\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\content.js.vir" sh=2932A4B3E32623CF30952C97AB7C1DA8F73CF140 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\azita21\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\lsdb.js.vir" sh=0742B3A1E0610AC0F7D6F516D1C5EAF80C3C3155 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\azita21\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\Mmvs4RO4XL.js.vir" sh=0D6AEAF9DBBDED91342CE464798143DDDBA41306 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\azita21\AppData\Local\torch\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\content.js.vir" sh=2932A4B3E32623CF30952C97AB7C1DA8F73CF140 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\azita21\AppData\Local\torch\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\lsdb.js.vir" sh=0742B3A1E0610AC0F7D6F516D1C5EAF80C3C3155 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\azita21\AppData\Local\torch\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\Mmvs4RO4XL.js.vir" sh=0D6AEAF9DBBDED91342CE464798143DDDBA41306 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gast\AppData\Local\Chromatic Browser\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\content.js.vir" sh=2932A4B3E32623CF30952C97AB7C1DA8F73CF140 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gast\AppData\Local\Chromatic Browser\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\lsdb.js.vir" sh=0742B3A1E0610AC0F7D6F516D1C5EAF80C3C3155 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gast\AppData\Local\Chromatic Browser\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\Mmvs4RO4XL.js.vir" sh=0D6AEAF9DBBDED91342CE464798143DDDBA41306 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\content.js.vir" sh=2932A4B3E32623CF30952C97AB7C1DA8F73CF140 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\lsdb.js.vir" sh=0742B3A1E0610AC0F7D6F516D1C5EAF80C3C3155 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\Mmvs4RO4XL.js.vir" sh=0D6AEAF9DBBDED91342CE464798143DDDBA41306 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gast\AppData\Local\torch\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\content.js.vir" sh=2932A4B3E32623CF30952C97AB7C1DA8F73CF140 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gast\AppData\Local\torch\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\lsdb.js.vir" sh=0742B3A1E0610AC0F7D6F516D1C5EAF80C3C3155 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gast\AppData\Local\torch\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\Mmvs4RO4XL.js.vir" sh=0A5DE936298503354D4FB872FC4C7D0BC43A47AB ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\eaongaogdgldgphnbioefiadjaoljmif\2.14\cYbFcqR.js.vir" sh=0D7492DD9A350855F27FF2373D82145C3EAEDB5B ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\oajmcmcpiboagipoflploplebgicaadj\244\inDr4DS.js.vir" sh=0A5DE936298503354D4FB872FC4C7D0BC43A47AB ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\eaongaogdgldgphnbioefiadjaoljmif\2.14\cYbFcqR.js.vir" sh=0A5DE936298503354D4FB872FC4C7D0BC43A47AB ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\torch\User Data\Default\Extensions\eaongaogdgldgphnbioefiadjaoljmif\2.14\cYbFcqR.js.vir" sh=0D7492DD9A350855F27FF2373D82145C3EAEDB5B ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\torch\User Data\Default\Extensions\oajmcmcpiboagipoflploplebgicaadj\244\inDr4DS.js.vir" sh=0D6AEAF9DBBDED91342CE464798143DDDBA41306 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\mmm\AppData\Local\Chromatic Browser\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\content.js.vir" sh=2932A4B3E32623CF30952C97AB7C1DA8F73CF140 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\mmm\AppData\Local\Chromatic Browser\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\lsdb.js.vir" sh=0742B3A1E0610AC0F7D6F516D1C5EAF80C3C3155 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\mmm\AppData\Local\Chromatic Browser\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\Mmvs4RO4XL.js.vir" sh=0D6AEAF9DBBDED91342CE464798143DDDBA41306 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\mmm\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\content.js.vir" sh=2932A4B3E32623CF30952C97AB7C1DA8F73CF140 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\mmm\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\lsdb.js.vir" sh=0742B3A1E0610AC0F7D6F516D1C5EAF80C3C3155 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\mmm\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\Mmvs4RO4XL.js.vir" sh=0D6AEAF9DBBDED91342CE464798143DDDBA41306 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\mmm\AppData\Local\torch\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\content.js.vir" sh=2932A4B3E32623CF30952C97AB7C1DA8F73CF140 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\mmm\AppData\Local\torch\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\lsdb.js.vir" sh=0742B3A1E0610AC0F7D6F516D1C5EAF80C3C3155 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\mmm\AppData\Local\torch\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\Mmvs4RO4XL.js.vir" sh=05A2E943969BE29318675E105EE1605CC2B7FE50 ft=1 fh=28e73ed5b32e7ff9 vn="Variante von Win32/Systweak.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\system32\roboot.exe.vir" sh=6F339DF7EF61590C7CA38AC684CBA0F287A1D23F ft=1 fh=c71c001198f425ea vn="Win32/InstalleRex.M evtl. unerwünschte Anwendung" ac=I fn="C:\ProgramData\InstallMate\{849EE2CA-BC4F-451B-A7F0-F46D5F7DC03C}\Custom.dll" sh=87ACA7965ACCB43236DED22E5D8ED1299188BDA0 ft=1 fh=c71c001198f425ea vn="Win32/InstalleRex.M evtl. unerwünschte Anwendung" ac=I fn="C:\ProgramData\InstallMate\{AF741F22-AC2A-4678-A493-E40874973DD4}\Custom.dll" sh=0D6AEAF9DBBDED91342CE464798143DDDBA41306 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\content.js.vir" sh=2932A4B3E32623CF30952C97AB7C1DA8F73CF140 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\lsdb.js.vir" sh=0742B3A1E0610AC0F7D6F516D1C5EAF80C3C3155 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\Mmvs4RO4XL.js.vir" sh=0D7492DD9A350855F27FF2373D82145C3EAEDB5B ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\oajmcmcpiboagipoflploplebgicaadj\244\inDr4DS.js.vir" sh=0A5DE936298503354D4FB872FC4C7D0BC43A47AB ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eaongaogdgldgphnbioefiadjaoljmif\2.14\cYbFcqR.js.vir" sh=0D6AEAF9DBBDED91342CE464798143DDDBA41306 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\content.js.vir" sh=2932A4B3E32623CF30952C97AB7C1DA8F73CF140 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\lsdb.js.vir" sh=0742B3A1E0610AC0F7D6F516D1C5EAF80C3C3155 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\Mmvs4RO4XL.js.vir" sh=0D7492DD9A350855F27FF2373D82145C3EAEDB5B ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oajmcmcpiboagipoflploplebgicaadj\244\inDr4DS.js.vir" sh=0D6AEAF9DBBDED91342CE464798143DDDBA41306 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\azita\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\content.js.vir" sh=2932A4B3E32623CF30952C97AB7C1DA8F73CF140 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\azita\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\lsdb.js.vir" sh=0742B3A1E0610AC0F7D6F516D1C5EAF80C3C3155 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\azita\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\Mmvs4RO4XL.js.vir" sh=16B847609909F6465847192D4739BD78C6316E77 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.EB Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\azita\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcdpjakjgmgklajndnlekpojkelnibfp\232\vTjIssd2E.js.vir" sh=6B210DA61DF46D3AB5DC77D6B6553C2951124A8F ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.EB Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\azita\AppData\Local\Google\Chrome\User Data\Default\Extensions\eimhdmlhdgmboegnmecdnfbmdmhdoool\233\uqoNLV.js.vir" sh=0D6AEAF9DBBDED91342CE464798143DDDBA41306 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\azita\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\content.js.vir" sh=2932A4B3E32623CF30952C97AB7C1DA8F73CF140 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\azita\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\lsdb.js.vir" sh=0742B3A1E0610AC0F7D6F516D1C5EAF80C3C3155 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\azita\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\Mmvs4RO4XL.js.vir" sh=0D6AEAF9DBBDED91342CE464798143DDDBA41306 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\azita21\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\content.js.vir" sh=2932A4B3E32623CF30952C97AB7C1DA8F73CF140 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\azita21\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\lsdb.js.vir" sh=0742B3A1E0610AC0F7D6F516D1C5EAF80C3C3155 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\azita21\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\Mmvs4RO4XL.js.vir" sh=0D6AEAF9DBBDED91342CE464798143DDDBA41306 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\azita21\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\content.js.vir" sh=2932A4B3E32623CF30952C97AB7C1DA8F73CF140 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\azita21\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\lsdb.js.vir" sh=0742B3A1E0610AC0F7D6F516D1C5EAF80C3C3155 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\azita21\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\Mmvs4RO4XL.js.vir" sh=0D6AEAF9DBBDED91342CE464798143DDDBA41306 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\content.js.vir" sh=2932A4B3E32623CF30952C97AB7C1DA8F73CF140 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\lsdb.js.vir" sh=0742B3A1E0610AC0F7D6F516D1C5EAF80C3C3155 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\Mmvs4RO4XL.js.vir" sh=0D6AEAF9DBBDED91342CE464798143DDDBA41306 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\content.js.vir" sh=2932A4B3E32623CF30952C97AB7C1DA8F73CF140 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\lsdb.js.vir" sh=0742B3A1E0610AC0F7D6F516D1C5EAF80C3C3155 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\Mmvs4RO4XL.js.vir" sh=0A5DE936298503354D4FB872FC4C7D0BC43A47AB ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eaongaogdgldgphnbioefiadjaoljmif\2.14\cYbFcqR.js.vir" sh=0D7492DD9A350855F27FF2373D82145C3EAEDB5B ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oajmcmcpiboagipoflploplebgicaadj\244\inDr4DS.js.vir" sh=0D7492DD9A350855F27FF2373D82145C3EAEDB5B ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\oajmcmcpiboagipoflploplebgicaadj\244\inDr4DS.js.vir" sh=0A5DE936298503354D4FB872FC4C7D0BC43A47AB ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eaongaogdgldgphnbioefiadjaoljmif\2.14\cYbFcqR.js.vir" sh=0D7492DD9A350855F27FF2373D82145C3EAEDB5B ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oajmcmcpiboagipoflploplebgicaadj\244\inDr4DS.js.vir" sh=0D6AEAF9DBBDED91342CE464798143DDDBA41306 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\mmm\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\content.js.vir" sh=2932A4B3E32623CF30952C97AB7C1DA8F73CF140 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\mmm\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\lsdb.js.vir" sh=0742B3A1E0610AC0F7D6F516D1C5EAF80C3C3155 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\mmm\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\Mmvs4RO4XL.js.vir" sh=0D6AEAF9DBBDED91342CE464798143DDDBA41306 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\mmm\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\content.js.vir" sh=2932A4B3E32623CF30952C97AB7C1DA8F73CF140 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\mmm\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\lsdb.js.vir" sh=0742B3A1E0610AC0F7D6F516D1C5EAF80C3C3155 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\mmm\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\Mmvs4RO4XL.js.vir" sh=6F339DF7EF61590C7CA38AC684CBA0F287A1D23F ft=1 fh=c71c001198f425ea vn="Win32/InstalleRex.M evtl. unerwünschte Anwendung" ac=I fn="C:\Users\All Users\InstallMate\{849EE2CA-BC4F-451B-A7F0-F46D5F7DC03C}\Custom.dll" sh=87ACA7965ACCB43236DED22E5D8ED1299188BDA0 ft=1 fh=c71c001198f425ea vn="Win32/InstalleRex.M evtl. unerwünschte Anwendung" ac=I fn="C:\Users\All Users\InstallMate\{AF741F22-AC2A-4678-A493-E40874973DD4}\Custom.dll" sh=DF1D3DB3B839BBEFA71C3CC67836EE4FD2683909 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\azita\AppData\Local\Google\Chrome\User Data\Default\Extensions\okadibdjfemgnhjiembecghcbfknbfhg\11818.8373.4127_0\extensionData\plugins\91.js" sh=4DBA30229FFB8587FF9D0A01C3C84738318F99A2 ft=1 fh=96887c64059f99eb vn="Variante von Win32/SoftPulse.F evtl. unerwünschte Anwendung" ac=I fn="C:\Users\azita\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\00\00000001" sh=063C8DF5A00EBFB1774E35C1B8EFCD712E5BF3D0 ft=1 fh=a5c1ffc2059f99eb vn="Variante von Win32/SoftPulse.F evtl. unerwünschte Anwendung" ac=I fn="C:\Users\azita\AppData\Local\Google\Chrome\User Data\Default\File System\001\t\00\00000003" sh=C805FD8704F50E2CB2A471A034E5A44642FDA20F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\azita\AppData\Roaming\Opera Software\Opera Stable\Extensions\kgdaeidiojbdgmnjnpmklilaodjlkbjp\1.26.27_0\extensionData\plugins\91.js" sh=A0178FCDBB41F8C9614D6C62ABE76086FF8DF3EC ft=1 fh=5f1e9858059f99eb vn="Variante von Win32/SoftPulse.F evtl. unerwünschte Anwendung" ac=I fn="C:\Users\azita\Downloads\Java.exe" sh=2C6E8BAEE63357547FCCDA9A0D9EAC9B89B381C0 ft=1 fh=26d53975f5b1b150 vn="Variante von Win32/InstallCore.PK evtl. unerwünschte Anwendung" ac=I fn="C:\Users\azita\Downloads\PerfectFrame_CB-DL-Manager.exe" sh=05E915843AB6FB13703313AEE492CC78274B2AB6 ft=1 fh=8d406387059f99eb vn="Variante von Win32/SoftPulse.F evtl. unerwünschte Anwendung" ac=I fn="C:\Users\azita\Downloads\Player_Setup (1).exe" sh=E4932FB436B28AB81FCA993ED344C07E8F72CFD5 ft=1 fh=eb7435e1059f99eb vn="Variante von Win32/SoftPulse.F evtl. unerwünschte Anwendung" ac=I fn="C:\Users\azita\Downloads\Player_Setup (2).exe" sh=063C8DF5A00EBFB1774E35C1B8EFCD712E5BF3D0 ft=1 fh=a5c1ffc2059f99eb vn="Variante von Win32/SoftPulse.F evtl. unerwünschte Anwendung" ac=I fn="C:\Users\azita\Downloads\Player_Setup (3).exe" sh=04990BD2E174FAD75E053C1B1C41D926272477B2 ft=1 fh=85be3987059f99eb vn="Variante von Win32/SoftPulse.F evtl. unerwünschte Anwendung" ac=I fn="C:\Users\azita\Downloads\Player_Setup.exe" sh=C8E3B3C0717965413EB561FCC866176D0112B6E2 ft=1 fh=4f2415caf0d6aeaf vn="Win32/OutBrowse.Y evtl. unerwünschte Anwendung" ac=I fn="C:\Users\azita\Downloads\setup (1).exe" sh=8E627D4F39933BAD969A15324F496DFC92114FC0 ft=1 fh=03c55b8beecb0eb4 vn="Win32/OutBrowse.Y evtl. unerwünschte Anwendung" ac=I fn="C:\Users\azita\Downloads\setup (10).exe" sh=5038FC490584AE3F5B0B805E89BBC2D77C725AD4 ft=1 fh=6d6fe3ed8cd5c531 vn="Win32/OutBrowse.Y evtl. unerwünschte Anwendung" ac=I fn="C:\Users\azita\Downloads\setup (11).exe" sh=A0F5C1416D31862CB79064E4A71F1D2930D4CA0F ft=1 fh=7718711dc903ea0d vn="Win32/OutBrowse.AA evtl. unerwünschte Anwendung" ac=I fn="C:\Users\azita\Downloads\setup (12).exe" sh=57D3B4D9007F8F3AD2EEADBE719D3A96D48452B0 ft=1 fh=05821bd46e16176b vn="Win32/OutBrowse.AA evtl. unerwünschte Anwendung" ac=I fn="C:\Users\azita\Downloads\setup (13).exe" sh=06A87F9333E67DA404C8C1ECE8787DCD3F371280 ft=1 fh=4eef9b076e039cfc vn="Win32/OutBrowse.AA evtl. unerwünschte Anwendung" ac=I fn="C:\Users\azita\Downloads\setup (14).exe" sh=3E8B3DBF0B5EB1C370D0DA11123CF94EF198FE71 ft=1 fh=1802abf7c4220c4e vn="Win32/OutBrowse.Y evtl. unerwünschte Anwendung" ac=I fn="C:\Users\azita\Downloads\setup (2).exe" sh=B429770BD27726DE9524FB47F64165F893608C8F ft=1 fh=853dabbc8166a0d4 vn="Win32/OutBrowse.Y evtl. unerwünschte Anwendung" ac=I fn="C:\Users\azita\Downloads\setup (3).exe" sh=536DDE5AD040F05F13B7B8A57040AA6D5450A59D ft=1 fh=4ff590269a641eb7 vn="Win32/OutBrowse.Y evtl. unerwünschte Anwendung" ac=I fn="C:\Users\azita\Downloads\setup (4).exe" sh=AD4047E6513E7AB74F38429EA2840DBBD74C9759 ft=1 fh=365588e0d1aebb54 vn="Win32/OutBrowse.Y evtl. unerwünschte Anwendung" ac=I fn="C:\Users\azita\Downloads\setup (5).exe" sh=BD426A2FAEB5B299C15C696D2C930BDE3CF18342 ft=1 fh=c7301b67b40e178b vn="Win32/OutBrowse.Y evtl. unerwünschte Anwendung" ac=I fn="C:\Users\azita\Downloads\setup (6).exe" sh=89F437857F180B8B80DA2F4EB3C1B4A9597ABF95 ft=1 fh=8074bc1c993a32b3 vn="Win32/OutBrowse.Y evtl. unerwünschte Anwendung" ac=I fn="C:\Users\azita\Downloads\setup (7).exe" sh=D126ABF5D007DF958EB01FEA338E196BEF0EAC3A ft=1 fh=ae18a634e49e5df3 vn="Win32/OutBrowse.Y evtl. unerwünschte Anwendung" ac=I fn="C:\Users\azita\Downloads\setup (8).exe" sh=A3F9AAFC27E82E8B8A584936FA4B5D087E650BD8 ft=1 fh=553f4248d3f5df29 vn="Win32/OutBrowse.Y evtl. unerwünschte Anwendung" ac=I fn="C:\Users\azita\Downloads\setup (9).exe" sh=BBD3E43520222552D6C685290029536A341193D8 ft=1 fh=d8aed24a918eed9a vn="Win32/OutBrowse.Y evtl. unerwünschte Anwendung" ac=I fn="C:\Users\azita\Downloads\setup.exe" sh=322BC4CE08C289F7D423878AC2B15FF65460BC14 ft=1 fh=dc9b09d274abd61d vn="Variante von Win32/SoftonicDownloader.G evtl. unerwünschte Anwendung" ac=I fn="C:\Users\azita\Downloads\SoftonicDownloader_for_jpeg-to-pdf.exe" sh=F165BFB58CCCEBA76EFA9E4B2F1CB2A774BB3445 ft=1 fh=a8bb9f0a0afd3e36 vn="Win32/AdWare.EoRezo.AW Anwendung" ac=I fn="C:\Users\azita21.mmm-PC\AppData\Local\fst_de_147\Download\majfst_gentlede.exe" sh=C0E3CC6145D892B8479C11F80E2FB0F334427090 ft=1 fh=369f3d976ac26e30 vn="Variante von Win32/SoftPulse.O evtl. unerwünschte Anwendung" ac=I fn="C:\Users\azita21.mmm-PC\Downloads\Setup.exe" ESETSmartInstaller@High as downloader log: all ok DLL:pipe not connected. attempts=120 # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7623 # api_version=3.0.2 # EOSSerial=9140a9e8566d914d819eb3693b6afac6 # engine=21785 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2015-01-02 12:43:53 # local_time=2015-01-02 01:43:53 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1031 # osver=6.0.6001 NT Service Pack 1 # compatibility_mode_1='Avira Desktop' # compatibility_mode=1810 16777213 100 99 15012 12111230 0 0 # compatibility_mode_1='McAfee VirusScan' # compatibility_mode=5121 16776573 100 96 15912379 191054887 0 0 # compatibility_mode_1='' # compatibility_mode=5892 16776574 100 100 94976 257735361 0 0 # scanned=135448 # found=160 # cleaned=0 # scan_time=10735 sh=169902243AEBE2CD2F1B856E6EF1403514BEC67D ft=1 fh=fc6a22eefa41c9ca vn="Variante von MSIL/MyPCBackup.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\MyPC Backup\MyPC Backup.exe.vir" sh=69965658CBE50E2BDADB72755BB94332A4D5F971 ft=1 fh=b5c5c236bb0c961e vn="Variante von MSIL/NewPlayer.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\NewPlayer\AddonNP.exe.vir" sh=43A123C825F2DB7104D75DA73B6B71C0A2B320DA ft=1 fh=36bf59f3c65f5b85 vn="Variante von MSIL/NewPlayer.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\NewPlayer\NewVideoPlayer.exe.vir" sh=8F6E476776CD4FA44D506E22250FA6E5CC3082E3 ft=1 fh=079aa239846523ec vn="Variante von MSIL/NewPlayer.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\NewPlayer\NewVideoPlayerUpdater.exe.vir" sh=E519ED8E680E82B608957A593691208AF95AFC36 ft=0 fh=0000000000000000 vn="JS/Superfish.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\NewPlayer\AddOn\ChromeAddon\manifest.json.vir" sh=13D795C2E726FEC7BE8B15EADDEA20B893C45464 ft=0 fh=0000000000000000 vn="JS/Superfish.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\NewPlayer\AddOn\ChromeAddon\script.js.vir" sh=DBAE067FA9F72487D9331D77AFE14E3C6D77AE6F ft=0 fh=0000000000000000 vn="JS/Superfish.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\NewPlayer\flaelojgnhjgiilnmignlkamlcncclph\1.0_0\manifest.json.vir" sh=13D795C2E726FEC7BE8B15EADDEA20B893C45464 ft=0 fh=0000000000000000 vn="JS/Superfish.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\NewPlayer\flaelojgnhjgiilnmignlkamlcncclph\1.0_0\script.js.vir" sh=08120C49FFCC10FFF09C4965E1CCC99F08EC06E3 ft=1 fh=c4065e695ff8e78d vn="Variante von MSIL/NewPlayer.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\NewPlayer\references\NewPlayerChecker.exe.vir" sh=10AB6F5BF2AE7B357A7E1BEE97AA30A6512DE7DE ft=1 fh=fc4a296bcfd5af48 vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SearchProtect\Main\bin\CltMngSvc.exe.vir" sh=BB6E4EFDCDDC5C876EF941A8E8FC8C37A558C6D3 ft=1 fh=5a3b188cd9c263c2 vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SearchProtect\Main\bin\SPTool.dll.vir" sh=6E92E96780D7A012AEC66D81A04C1C1644989A7D ft=1 fh=42eab3640c7f75db vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SearchProtect\Main\bin\uninstall.exe.vir" sh=7F851F7F3AB08BB489A9E9553635ACFF24BD2F4F ft=1 fh=480bb73806aecf9e vn="Variante von Win32/Conduit.SearchProtect.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SearchProtect\SearchProtect\bin\cltmng.exe.vir" sh=ED0BB5C058DD66D8CF7FC430901119E5FA9460E8 ft=1 fh=493186a480a7c1be vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SearchProtect\SearchProtect\bin\SPTool64.exe.vir" sh=3ECB52E629A307F1154A11FFC420FEABA8805651 ft=1 fh=7eaccb99bfbac335 vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SearchProtect\SearchProtect\bin\SPVC32.dll.vir" sh=3009704625F497D74601071243D3260D3C026D48 ft=1 fh=29c0ddfe71de86ad vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SearchProtect\SearchProtect\bin\SPVC32Loader.dll.vir" sh=3F252E848CE5BA3571A8FA3B9CE9FD8D7EE86634 ft=1 fh=af780bdc59dfdab5 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SearchProtect\SearchProtect\bin\SPVC64.dll.vir" sh=68E215FD9A959DD28595B0DA25EC5100EFB98253 ft=1 fh=50730cf0e69141f8 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SearchProtect\SearchProtect\bin\SPVC64Loader.dll.vir" sh=EBB8454D4017FE184FD4B1A4D390C8CE099213C1 ft=1 fh=438201fe522fde58 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SearchProtect\UI\bin\cltmngui.exe.vir" sh=047D99E909F761A7DEA06B779AFE19B554A50C8E ft=1 fh=2380586d2a5d399e vn="Win32/Thinknice.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SupTab\DpInterface32.dll.vir" sh=7CE87614C256EF192C11FE5BAE8F5370D323C954 ft=1 fh=fada82384f0fa257 vn="Win64/Thinknice.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SupTab\DpInterface64.dll.vir" sh=A5C29D6E3E18E7337B054F2ED1716420C855E89D ft=1 fh=9eebf1fc4a4ec7f6 vn="Variante von Win32/Thinknice.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SupTab\DpInterfacef32.dll.vir" sh=75D8960BE3E4E8D69D5120AF145CD71BD2911E8A ft=1 fh=871c7df5222a359d vn="Win32/Thinknice.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SupTab\SearchProtect32.dll.vir" sh=CB0FACA0EFAC61A0E2C06A7AA2FB1226B4D259F6 ft=1 fh=748dcd1285b267f0 vn="Win64/Thinknice.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SupTab\SearchProtect64.dll.vir" sh=E9186EE9441DC1FFCEDC1B85C7E8F9610F74C545 ft=1 fh=217025d488d26a6f vn="Win32/Thinknice.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SupTab\SpAPPSv32.dll.vir" sh=7A5DEE7799ADCABA410C536555D47BBC2FCF53DE ft=1 fh=04f7507cc1643fbe vn="Win64/Thinknice.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SupTab\SpAPPSv64.dll.vir" sh=D900E7A2C4BEC4703960CFAC1B7F534858C113C4 ft=1 fh=61d87035b3a8bda7 vn="Win32/Thinknice.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SupTab\SupTab.dll.vir" sh=610AA9E7DAE8ED5181299795E8D728DF9F001918 ft=1 fh=c71c0011631e338a vn="Variante von Win32/AdWare.MultiPlug.Y Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Adblocker\uQ.exe.vir" sh=8EB72E101395FEBB37131078A884E25D05BB51C9 ft=1 fh=c71c00113a7cc125 vn="Variante von Win32/AdWare.MultiPlug.T Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\ReguularDeaLs\F2YAwPdR.dll.vir" sh=610AA9E7DAE8ED5181299795E8D728DF9F001918 ft=1 fh=c71c0011631e338a vn="Variante von Win32/AdWare.MultiPlug.Y Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\SavE On\1w4CqR2Ab.exe.vir" sh=0EDEFA987AD96277656D30D6BBE9E36FF8096603 ft=1 fh=c71c001158d95df3 vn="Variante von Win32/AdWare.MultiPlug.AG Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\SavE On\lNWc6OR2d.exe.vir" sh=0D6AEAF9DBBDED91342CE464798143DDDBA41306 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\content.js.vir" sh=2932A4B3E32623CF30952C97AB7C1DA8F73CF140 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\lsdb.js.vir" sh=0742B3A1E0610AC0F7D6F516D1C5EAF80C3C3155 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\Mmvs4RO4XL.js.vir" sh=0A5DE936298503354D4FB872FC4C7D0BC43A47AB ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\eaongaogdgldgphnbioefiadjaoljmif\2.14\cYbFcqR.js.vir" sh=0D6AEAF9DBBDED91342CE464798143DDDBA41306 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\content.js.vir" sh=2932A4B3E32623CF30952C97AB7C1DA8F73CF140 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\lsdb.js.vir" sh=0742B3A1E0610AC0F7D6F516D1C5EAF80C3C3155 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\Mmvs4RO4XL.js.vir" sh=0A5DE936298503354D4FB872FC4C7D0BC43A47AB ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\eaongaogdgldgphnbioefiadjaoljmif\2.14\cYbFcqR.js.vir" sh=0D6AEAF9DBBDED91342CE464798143DDDBA41306 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\content.js.vir" sh=2932A4B3E32623CF30952C97AB7C1DA8F73CF140 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\lsdb.js.vir" sh=0742B3A1E0610AC0F7D6F516D1C5EAF80C3C3155 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\Mmvs4RO4XL.js.vir" sh=0D7492DD9A350855F27FF2373D82145C3EAEDB5B ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\oajmcmcpiboagipoflploplebgicaadj\244\inDr4DS.js.vir" sh=1483AFFABA32C36F782F021B0A8FD0FF7C0AF9C3 ft=1 fh=4f0adcc353eb039f vn="Win32/VOPackage.BC evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\azita\AppData\Local\AnyProtectScannerSetup.exe.vir" sh=0D6AEAF9DBBDED91342CE464798143DDDBA41306 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\azita\AppData\Local\Chromatic Browser\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\content.js.vir" sh=2932A4B3E32623CF30952C97AB7C1DA8F73CF140 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\azita\AppData\Local\Chromatic Browser\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\lsdb.js.vir" sh=0742B3A1E0610AC0F7D6F516D1C5EAF80C3C3155 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\azita\AppData\Local\Chromatic Browser\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\Mmvs4RO4XL.js.vir" sh=0D6AEAF9DBBDED91342CE464798143DDDBA41306 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\azita\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\content.js.vir" sh=2932A4B3E32623CF30952C97AB7C1DA8F73CF140 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\azita\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\lsdb.js.vir" sh=0742B3A1E0610AC0F7D6F516D1C5EAF80C3C3155 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\azita\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\Mmvs4RO4XL.js.vir" sh=9B44A50B0CEC33F635818F1DEE7879E1EE13BBE9 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.EB Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\azita\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmbhlefgdonlhbobodmjccfbmcbejfhj\7.2\ranJB.js.vir" sh=0D6AEAF9DBBDED91342CE464798143DDDBA41306 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\azita\AppData\Local\torch\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\content.js.vir" sh=2932A4B3E32623CF30952C97AB7C1DA8F73CF140 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\azita\AppData\Local\torch\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\lsdb.js.vir" sh=0742B3A1E0610AC0F7D6F516D1C5EAF80C3C3155 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\azita\AppData\Local\torch\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\Mmvs4RO4XL.js.vir" sh=FEDDD9DAA3D941361E28D9ED92767D4FB2E77AE1 ft=1 fh=b99d9b5e29803b84 vn="Win32/Systweak.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\azita\AppData\Roaming\Systweak\ssd\SSDPTstub.exe.vir" sh=0D6AEAF9DBBDED91342CE464798143DDDBA41306 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\azita21\AppData\Local\Chromatic Browser\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\content.js.vir" sh=2932A4B3E32623CF30952C97AB7C1DA8F73CF140 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\azita21\AppData\Local\Chromatic Browser\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\lsdb.js.vir" sh=0742B3A1E0610AC0F7D6F516D1C5EAF80C3C3155 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\azita21\AppData\Local\Chromatic Browser\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\Mmvs4RO4XL.js.vir" sh=0D6AEAF9DBBDED91342CE464798143DDDBA41306 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\azita21\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\content.js.vir" sh=2932A4B3E32623CF30952C97AB7C1DA8F73CF140 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\azita21\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\lsdb.js.vir" sh=0742B3A1E0610AC0F7D6F516D1C5EAF80C3C3155 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\azita21\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\Mmvs4RO4XL.js.vir" sh=0D6AEAF9DBBDED91342CE464798143DDDBA41306 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\azita21\AppData\Local\torch\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\content.js.vir" sh=2932A4B3E32623CF30952C97AB7C1DA8F73CF140 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\azita21\AppData\Local\torch\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\lsdb.js.vir" sh=0742B3A1E0610AC0F7D6F516D1C5EAF80C3C3155 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\azita21\AppData\Local\torch\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\Mmvs4RO4XL.js.vir" sh=0D6AEAF9DBBDED91342CE464798143DDDBA41306 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gast\AppData\Local\Chromatic Browser\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\content.js.vir" sh=2932A4B3E32623CF30952C97AB7C1DA8F73CF140 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gast\AppData\Local\Chromatic Browser\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\lsdb.js.vir" sh=0742B3A1E0610AC0F7D6F516D1C5EAF80C3C3155 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gast\AppData\Local\Chromatic Browser\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\Mmvs4RO4XL.js.vir" sh=0D6AEAF9DBBDED91342CE464798143DDDBA41306 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\content.js.vir" sh=2932A4B3E32623CF30952C97AB7C1DA8F73CF140 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\lsdb.js.vir" sh=0742B3A1E0610AC0F7D6F516D1C5EAF80C3C3155 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\Mmvs4RO4XL.js.vir" sh=0D6AEAF9DBBDED91342CE464798143DDDBA41306 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gast\AppData\Local\torch\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\content.js.vir" sh=2932A4B3E32623CF30952C97AB7C1DA8F73CF140 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gast\AppData\Local\torch\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\lsdb.js.vir" sh=0742B3A1E0610AC0F7D6F516D1C5EAF80C3C3155 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gast\AppData\Local\torch\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\Mmvs4RO4XL.js.vir" sh=0A5DE936298503354D4FB872FC4C7D0BC43A47AB ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\eaongaogdgldgphnbioefiadjaoljmif\2.14\cYbFcqR.js.vir" sh=0D7492DD9A350855F27FF2373D82145C3EAEDB5B ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\oajmcmcpiboagipoflploplebgicaadj\244\inDr4DS.js.vir" sh=0A5DE936298503354D4FB872FC4C7D0BC43A47AB ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\eaongaogdgldgphnbioefiadjaoljmif\2.14\cYbFcqR.js.vir" sh=0A5DE936298503354D4FB872FC4C7D0BC43A47AB ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\torch\User Data\Default\Extensions\eaongaogdgldgphnbioefiadjaoljmif\2.14\cYbFcqR.js.vir" sh=0D7492DD9A350855F27FF2373D82145C3EAEDB5B ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\torch\User Data\Default\Extensions\oajmcmcpiboagipoflploplebgicaadj\244\inDr4DS.js.vir" sh=0D6AEAF9DBBDED91342CE464798143DDDBA41306 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\mmm\AppData\Local\Chromatic Browser\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\content.js.vir" sh=2932A4B3E32623CF30952C97AB7C1DA8F73CF140 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\mmm\AppData\Local\Chromatic Browser\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\lsdb.js.vir" sh=0742B3A1E0610AC0F7D6F516D1C5EAF80C3C3155 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\mmm\AppData\Local\Chromatic Browser\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\Mmvs4RO4XL.js.vir" sh=0D6AEAF9DBBDED91342CE464798143DDDBA41306 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\mmm\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\content.js.vir" sh=2932A4B3E32623CF30952C97AB7C1DA8F73CF140 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\mmm\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\lsdb.js.vir" sh=0742B3A1E0610AC0F7D6F516D1C5EAF80C3C3155 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\mmm\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\Mmvs4RO4XL.js.vir" sh=0D6AEAF9DBBDED91342CE464798143DDDBA41306 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\mmm\AppData\Local\torch\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\content.js.vir" sh=2932A4B3E32623CF30952C97AB7C1DA8F73CF140 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\mmm\AppData\Local\torch\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\lsdb.js.vir" sh=0742B3A1E0610AC0F7D6F516D1C5EAF80C3C3155 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\mmm\AppData\Local\torch\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\Mmvs4RO4XL.js.vir" sh=05A2E943969BE29318675E105EE1605CC2B7FE50 ft=1 fh=28e73ed5b32e7ff9 vn="Variante von Win32/Systweak.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\system32\roboot.exe.vir" sh=6F339DF7EF61590C7CA38AC684CBA0F287A1D23F ft=1 fh=c71c001198f425ea vn="Win32/InstalleRex.M evtl. unerwünschte Anwendung" ac=I fn="C:\ProgramData\InstallMate\{849EE2CA-BC4F-451B-A7F0-F46D5F7DC03C}\Custom.dll" sh=87ACA7965ACCB43236DED22E5D8ED1299188BDA0 ft=1 fh=c71c001198f425ea vn="Win32/InstalleRex.M evtl. unerwünschte Anwendung" ac=I fn="C:\ProgramData\InstallMate\{AF741F22-AC2A-4678-A493-E40874973DD4}\Custom.dll" sh=0D6AEAF9DBBDED91342CE464798143DDDBA41306 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\content.js.vir" sh=2932A4B3E32623CF30952C97AB7C1DA8F73CF140 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\lsdb.js.vir" sh=0742B3A1E0610AC0F7D6F516D1C5EAF80C3C3155 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\Mmvs4RO4XL.js.vir" sh=0D7492DD9A350855F27FF2373D82145C3EAEDB5B ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\oajmcmcpiboagipoflploplebgicaadj\244\inDr4DS.js.vir" sh=0A5DE936298503354D4FB872FC4C7D0BC43A47AB ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eaongaogdgldgphnbioefiadjaoljmif\2.14\cYbFcqR.js.vir" sh=0D6AEAF9DBBDED91342CE464798143DDDBA41306 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\content.js.vir" sh=2932A4B3E32623CF30952C97AB7C1DA8F73CF140 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\lsdb.js.vir" sh=0742B3A1E0610AC0F7D6F516D1C5EAF80C3C3155 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\Mmvs4RO4XL.js.vir" sh=0D7492DD9A350855F27FF2373D82145C3EAEDB5B ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oajmcmcpiboagipoflploplebgicaadj\244\inDr4DS.js.vir" sh=0D6AEAF9DBBDED91342CE464798143DDDBA41306 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\azita\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\content.js.vir" sh=2932A4B3E32623CF30952C97AB7C1DA8F73CF140 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\azita\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\lsdb.js.vir" sh=0742B3A1E0610AC0F7D6F516D1C5EAF80C3C3155 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\azita\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\Mmvs4RO4XL.js.vir" sh=16B847609909F6465847192D4739BD78C6316E77 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.EB Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\azita\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcdpjakjgmgklajndnlekpojkelnibfp\232\vTjIssd2E.js.vir" sh=6B210DA61DF46D3AB5DC77D6B6553C2951124A8F ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.EB Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\azita\AppData\Local\Google\Chrome\User Data\Default\Extensions\eimhdmlhdgmboegnmecdnfbmdmhdoool\233\uqoNLV.js.vir" sh=0D6AEAF9DBBDED91342CE464798143DDDBA41306 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\azita\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\content.js.vir" sh=2932A4B3E32623CF30952C97AB7C1DA8F73CF140 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\azita\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\lsdb.js.vir" sh=0742B3A1E0610AC0F7D6F516D1C5EAF80C3C3155 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\azita\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\Mmvs4RO4XL.js.vir" sh=0D6AEAF9DBBDED91342CE464798143DDDBA41306 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\azita21\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\content.js.vir" sh=2932A4B3E32623CF30952C97AB7C1DA8F73CF140 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\azita21\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\lsdb.js.vir" sh=0742B3A1E0610AC0F7D6F516D1C5EAF80C3C3155 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\azita21\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\Mmvs4RO4XL.js.vir" sh=0D6AEAF9DBBDED91342CE464798143DDDBA41306 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\azita21\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\content.js.vir" sh=2932A4B3E32623CF30952C97AB7C1DA8F73CF140 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\azita21\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\lsdb.js.vir" sh=0742B3A1E0610AC0F7D6F516D1C5EAF80C3C3155 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\azita21\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\Mmvs4RO4XL.js.vir" sh=0D6AEAF9DBBDED91342CE464798143DDDBA41306 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\content.js.vir" sh=2932A4B3E32623CF30952C97AB7C1DA8F73CF140 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\lsdb.js.vir" sh=0742B3A1E0610AC0F7D6F516D1C5EAF80C3C3155 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\Mmvs4RO4XL.js.vir" sh=0D6AEAF9DBBDED91342CE464798143DDDBA41306 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\content.js.vir" sh=2932A4B3E32623CF30952C97AB7C1DA8F73CF140 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\lsdb.js.vir" sh=0742B3A1E0610AC0F7D6F516D1C5EAF80C3C3155 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\Mmvs4RO4XL.js.vir" sh=0A5DE936298503354D4FB872FC4C7D0BC43A47AB ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eaongaogdgldgphnbioefiadjaoljmif\2.14\cYbFcqR.js.vir" sh=0D7492DD9A350855F27FF2373D82145C3EAEDB5B ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oajmcmcpiboagipoflploplebgicaadj\244\inDr4DS.js.vir" sh=0D7492DD9A350855F27FF2373D82145C3EAEDB5B ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\oajmcmcpiboagipoflploplebgicaadj\244\inDr4DS.js.vir" sh=0A5DE936298503354D4FB872FC4C7D0BC43A47AB ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eaongaogdgldgphnbioefiadjaoljmif\2.14\cYbFcqR.js.vir" sh=0D7492DD9A350855F27FF2373D82145C3EAEDB5B ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oajmcmcpiboagipoflploplebgicaadj\244\inDr4DS.js.vir" sh=0D6AEAF9DBBDED91342CE464798143DDDBA41306 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\mmm\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\content.js.vir" sh=2932A4B3E32623CF30952C97AB7C1DA8F73CF140 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\mmm\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\lsdb.js.vir" sh=0742B3A1E0610AC0F7D6F516D1C5EAF80C3C3155 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\mmm\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\Mmvs4RO4XL.js.vir" sh=0D6AEAF9DBBDED91342CE464798143DDDBA41306 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\mmm\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\content.js.vir" sh=2932A4B3E32623CF30952C97AB7C1DA8F73CF140 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.M Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\mmm\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\lsdb.js.vir" sh=0742B3A1E0610AC0F7D6F516D1C5EAF80C3C3155 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\mmm\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gkhabminadpbbbcjekbpbpelgpdbahem\2.14\Mmvs4RO4XL.js.vir" sh=6F339DF7EF61590C7CA38AC684CBA0F287A1D23F ft=1 fh=c71c001198f425ea vn="Win32/InstalleRex.M evtl. unerwünschte Anwendung" ac=I fn="C:\Users\All Users\InstallMate\{849EE2CA-BC4F-451B-A7F0-F46D5F7DC03C}\Custom.dll" sh=87ACA7965ACCB43236DED22E5D8ED1299188BDA0 ft=1 fh=c71c001198f425ea vn="Win32/InstalleRex.M evtl. unerwünschte Anwendung" ac=I fn="C:\Users\All Users\InstallMate\{AF741F22-AC2A-4678-A493-E40874973DD4}\Custom.dll" sh=DF1D3DB3B839BBEFA71C3CC67836EE4FD2683909 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\azita\AppData\Local\Google\Chrome\User Data\Default\Extensions\okadibdjfemgnhjiembecghcbfknbfhg\11818.8373.4127_0\extensionData\plugins\91.js" sh=4DBA30229FFB8587FF9D0A01C3C84738318F99A2 ft=1 fh=96887c64059f99eb vn="Variante von Win32/SoftPulse.F evtl. unerwünschte Anwendung" ac=I fn="C:\Users\azita\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\00\00000001" sh=063C8DF5A00EBFB1774E35C1B8EFCD712E5BF3D0 ft=1 fh=a5c1ffc2059f99eb vn="Variante von Win32/SoftPulse.F evtl. unerwünschte Anwendung" ac=I fn="C:\Users\azita\AppData\Local\Google\Chrome\User Data\Default\File System\001\t\00\00000003" sh=C805FD8704F50E2CB2A471A034E5A44642FDA20F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\azita\AppData\Roaming\Opera Software\Opera Stable\Extensions\kgdaeidiojbdgmnjnpmklilaodjlkbjp\1.26.27_0\extensionData\plugins\91.js" sh=A0178FCDBB41F8C9614D6C62ABE76086FF8DF3EC ft=1 fh=5f1e9858059f99eb vn="Variante von Win32/SoftPulse.F evtl. unerwünschte Anwendung" ac=I fn="C:\Users\azita\Downloads\Java.exe" sh=2C6E8BAEE63357547FCCDA9A0D9EAC9B89B381C0 ft=1 fh=26d53975f5b1b150 vn="Variante von Win32/InstallCore.PK evtl. unerwünschte Anwendung" ac=I fn="C:\Users\azita\Downloads\PerfectFrame_CB-DL-Manager.exe" sh=05E915843AB6FB13703313AEE492CC78274B2AB6 ft=1 fh=8d406387059f99eb vn="Variante von Win32/SoftPulse.F evtl. unerwünschte Anwendung" ac=I fn="C:\Users\azita\Downloads\Player_Setup (1).exe" sh=E4932FB436B28AB81FCA993ED344C07E8F72CFD5 ft=1 fh=eb7435e1059f99eb vn="Variante von Win32/SoftPulse.F evtl. unerwünschte Anwendung" ac=I fn="C:\Users\azita\Downloads\Player_Setup (2).exe" sh=063C8DF5A00EBFB1774E35C1B8EFCD712E5BF3D0 ft=1 fh=a5c1ffc2059f99eb vn="Variante von Win32/SoftPulse.F evtl. unerwünschte Anwendung" ac=I fn="C:\Users\azita\Downloads\Player_Setup (3).exe" sh=04990BD2E174FAD75E053C1B1C41D926272477B2 ft=1 fh=85be3987059f99eb vn="Variante von Win32/SoftPulse.F evtl. unerwünschte Anwendung" ac=I fn="C:\Users\azita\Downloads\Player_Setup.exe" sh=C8E3B3C0717965413EB561FCC866176D0112B6E2 ft=1 fh=4f2415caf0d6aeaf vn="Win32/OutBrowse.Y evtl. unerwünschte Anwendung" ac=I fn="C:\Users\azita\Downloads\setup (1).exe" sh=8E627D4F39933BAD969A15324F496DFC92114FC0 ft=1 fh=03c55b8beecb0eb4 vn="Win32/OutBrowse.Y evtl. unerwünschte Anwendung" ac=I fn="C:\Users\azita\Downloads\setup (10).exe" sh=5038FC490584AE3F5B0B805E89BBC2D77C725AD4 ft=1 fh=6d6fe3ed8cd5c531 vn="Win32/OutBrowse.Y evtl. unerwünschte Anwendung" ac=I fn="C:\Users\azita\Downloads\setup (11).exe" sh=A0F5C1416D31862CB79064E4A71F1D2930D4CA0F ft=1 fh=7718711dc903ea0d vn="Win32/OutBrowse.AA evtl. unerwünschte Anwendung" ac=I fn="C:\Users\azita\Downloads\setup (12).exe" sh=57D3B4D9007F8F3AD2EEADBE719D3A96D48452B0 ft=1 fh=05821bd46e16176b vn="Win32/OutBrowse.AA evtl. unerwünschte Anwendung" ac=I fn="C:\Users\azita\Downloads\setup (13).exe" sh=06A87F9333E67DA404C8C1ECE8787DCD3F371280 ft=1 fh=4eef9b076e039cfc vn="Win32/OutBrowse.AA evtl. unerwünschte Anwendung" ac=I fn="C:\Users\azita\Downloads\setup (14).exe" sh=3E8B3DBF0B5EB1C370D0DA11123CF94EF198FE71 ft=1 fh=1802abf7c4220c4e vn="Win32/OutBrowse.Y evtl. unerwünschte Anwendung" ac=I fn="C:\Users\azita\Downloads\setup (2).exe" sh=B429770BD27726DE9524FB47F64165F893608C8F ft=1 fh=853dabbc8166a0d4 vn="Win32/OutBrowse.Y evtl. unerwünschte Anwendung" ac=I fn="C:\Users\azita\Downloads\setup (3).exe" sh=536DDE5AD040F05F13B7B8A57040AA6D5450A59D ft=1 fh=4ff590269a641eb7 vn="Win32/OutBrowse.Y evtl. unerwünschte Anwendung" ac=I fn="C:\Users\azita\Downloads\setup (4).exe" sh=AD4047E6513E7AB74F38429EA2840DBBD74C9759 ft=1 fh=365588e0d1aebb54 vn="Win32/OutBrowse.Y evtl. unerwünschte Anwendung" ac=I fn="C:\Users\azita\Downloads\setup (5).exe" sh=BD426A2FAEB5B299C15C696D2C930BDE3CF18342 ft=1 fh=c7301b67b40e178b vn="Win32/OutBrowse.Y evtl. unerwünschte Anwendung" ac=I fn="C:\Users\azita\Downloads\setup (6).exe" sh=89F437857F180B8B80DA2F4EB3C1B4A9597ABF95 ft=1 fh=8074bc1c993a32b3 vn="Win32/OutBrowse.Y evtl. unerwünschte Anwendung" ac=I fn="C:\Users\azita\Downloads\setup (7).exe" sh=D126ABF5D007DF958EB01FEA338E196BEF0EAC3A ft=1 fh=ae18a634e49e5df3 vn="Win32/OutBrowse.Y evtl. unerwünschte Anwendung" ac=I fn="C:\Users\azita\Downloads\setup (8).exe" sh=A3F9AAFC27E82E8B8A584936FA4B5D087E650BD8 ft=1 fh=553f4248d3f5df29 vn="Win32/OutBrowse.Y evtl. unerwünschte Anwendung" ac=I fn="C:\Users\azita\Downloads\setup (9).exe" sh=BBD3E43520222552D6C685290029536A341193D8 ft=1 fh=d8aed24a918eed9a vn="Win32/OutBrowse.Y evtl. unerwünschte Anwendung" ac=I fn="C:\Users\azita\Downloads\setup.exe" sh=322BC4CE08C289F7D423878AC2B15FF65460BC14 ft=1 fh=dc9b09d274abd61d vn="Variante von Win32/SoftonicDownloader.G evtl. unerwünschte Anwendung" ac=I fn="C:\Users\azita\Downloads\SoftonicDownloader_for_jpeg-to-pdf.exe" sh=F165BFB58CCCEBA76EFA9E4B2F1CB2A774BB3445 ft=1 fh=a8bb9f0a0afd3e36 vn="Win32/AdWare.EoRezo.AW Anwendung" ac=I fn="C:\Users\azita21.mmm-PC\AppData\Local\fst_de_147\Download\majfst_gentlede.exe" sh=C0E3CC6145D892B8479C11F80E2FB0F334427090 ft=1 fh=369f3d976ac26e30 vn="Variante von Win32/SoftPulse.O evtl. unerwünschte Anwendung" ac=I fn="C:\Users\azita21.mmm-PC\Downloads\Setup.exe" Code:
ATTFilter Results of screen317's Security Check version 0.99.93 Windows Vista Service Pack 1 x86 (UAC is enabled) Out of date service pack!! Internet Explorer 7 Out of date! ``````````````Antivirus/Firewall Check:`````````````` Avira Desktop McAfee VirusScan Antivirus up to date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` McAfee SiteAdvisor Java(TM) 6 Update 11 Java version 32-bit out of Date! Adobe Flash Player 15.0.0.246 Flash Player out of Date! Adobe Reader 9 Adobe Reader out of Date! Google Chrome (39.0.2171.95) ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbam.exe Avira Antivir avgnt.exe Avira Antivir avguard.exe McAfee VIRUSS~1 mcsysmon.exe McAfee VIRUSS~1 mcshield.exe Malwarebytes Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log`````````````````````` FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-12-2014 Ran by azita21 (administrator) on MMM-PC on 02-01-2015 14:04:02 Running from c:\Users\azita21.mmm-PC\Downloads Loaded Profiles: azita21 & (Available profiles: azita & azita21 & mmm) Platform: Microsoft® Windows Vista™ Home Premium Service Pack 1 (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 7 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe (Microsoft Corporation) C:\Windows\System32\SLsvc.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe (ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe (Sony Corporation) C:\Program Files\sony\VAIO Update 5\VAIOUpdt.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apoint.exe (Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jusched.exe (Sony Corporation) C:\Program Files\sony\ISB Utility\ISBMgr.exe (Panda Security) C:\Program Files\Panda USB Vaccine\USBVaccine.exe (Sony Corporation) C:\Program Files\sony\Marketing Tools\MarketingTools.exe (McAfee, Inc.) C:\Program Files\McAfee.com\Agent\mcagent.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Sony Corporation) C:\Program Files\sony\Network Utility\LANUtil.exe (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (McAfee, Inc.) C:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.) C:\Program Files\McAfee\MPF\MpfSrv.exe (McAfee, Inc.) C:\Program Files\McAfee\MSK\msksrver.exe (Sony Corporation) C:\Program Files\sony\Network Utility\NSUService.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (ArcSoft, Inc.) C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (Sony Corporation) C:\Program Files\sony\VAIO Event Service\VESMgr.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Sony Corporation) C:\Program Files\sony\VAIO Power Management\SPMService.exe (Sony Corporation) C:\Program Files\sony\VAIO Event Service\VESMgrSub.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe (Sony Corporation) C:\Program Files\sony\VAIO Power Management\SPMgr.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApMsgFwd.exe (McAfee, Inc.) C:\Program Files\McAfee\MSC\mcmscsvc.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApntEx.exe (ALPS) C:\Program Files\Apoint\Apvfb.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (McAfee, Inc.) C:\Program Files\McAfee\VirusScan\mcsysmon.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\wuauclt.exe (McAfee, Inc.) C:\Program Files\McAfee\VirusScan\Mcshield.exe () C:\Users\azita21.mmm-PC\Downloads\SecurityCheck.exe (Microsoft Corporation) C:\Windows\System32\cmd.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [6703648 2009-01-06] (Realtek Semiconductor) HKLM\...\Run: [Apoint] => C:\Program Files\Apoint\Apoint.exe [155648 2009-04-13] (Alps Electric Co., Ltd.) HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [35184 2008-12-03] (Adobe Systems Incorporated) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Java\jre6\bin\jusched.exe [136600 2009-05-15] (Sun Microsystems, Inc.) HKLM\...\Run: [ISBMgr.exe] => C:\Program Files\Sony\ISB Utility\ISBMgr.exe [317288 2008-12-18] (Sony Corporation) HKLM\...\Run: [StartCCC] => c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2009-02-10] (Advanced Micro Devices, Inc.) HKLM\...\Run: [McENUI] => C:\Program Files\McAfee\MHN\McENUI.exe [1176808 2008-09-12] (McAfee, Inc.) HKLM\...\Run: [MarketingTools] => C:\Program Files\Sony\Marketing Tools\MarketingTools.exe [26624 2014-06-19] (Sony Corporation) HKLM\...\Run: [mcagent_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [645328 2008-12-16] (McAfee, Inc.) HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-04] (Avira Operations GmbH & Co. KG) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.) HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [126200 2014-11-20] (Avira Operations GmbH & Co. KG) Winlogon\Notify\igfxcui: igfxdev.dll [X] Winlogon\Notify\VESWinlogon: C:\Windows\system32\VESWinlogon.dll (Sony Corporation) HKU\S-1-5-21-3996859763-3761385545-3165565353-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-21-3996859763-3761385545-3165565353-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [NSUFloatingUI] => C:\Program Files\Sony\Network Utility\LANUtil.exe [274432 2008-12-21] (Sony Corporation) HKU\S-1-5-21-3996859763-3761385545-3165565353-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GoogleChromeAutoLaunch_780E177AD0174018C2E60739DD3984CA] => C:\Program Files\Google\Chrome\Application\chrome.exe [856904 2014-12-06] (Google Inc.) HKU\S-1-5-21-3996859763-3761385545-3165565353-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [vggopxip] => "c:\users\azita\appdata\local\vggopxip.exe" /r HKU\S-1-5-21-3996859763-3761385545-3165565353-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {c91dfc59-fab0-11e3-8b73-002433e7a6f5} - H:\HTC_Sync_Manager_PC.exe HKU\S-1-5-21-3996859763-3761385545-3165565353-1001\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-21-3996859763-3761385545-3165565353-1001\...\Run: [NSUFloatingUI] => C:\Program Files\Sony\Network Utility\LANUtil.exe [274432 2008-12-21] (Sony Corporation) HKU\S-1-5-21-3996859763-3761385545-3165565353-1001\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation) HKU\S-1-5-21-3996859763-3761385545-3165565353-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-21-3996859763-3761385545-3165565353-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [NSUFloatingUI] => C:\Program Files\Sony\Network Utility\LANUtil.exe [274432 2008-12-21] (Sony Corporation) HKU\S-1-5-21-3996859763-3761385545-3165565353-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation) Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) Startup: C:\Users\azita21.mmm-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) Startup: C:\Users\azita21.mmm-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-3996859763-3761385545-3165565353-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-3996859763-3761385545-3165565353-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SNYT SearchScopes: HKLM -> {EA6E82DD-9489-4B32-8E7B-5A97F7EF3395} URL = hxxp://www.google.de/search?hl=de&q={searchTerms}&meta= SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3996859763-3761385545-3165565353-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SNYT SearchScopes: HKU\S-1-5-21-3996859763-3761385545-3165565353-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {EA6E82DD-9489-4B32-8E7B-5A97F7EF3395} URL = hxxp://www.google.de/search?hl=de&q={searchTerms}&meta= SearchScopes: HKU\S-1-5-21-3996859763-3761385545-3165565353-1001 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SNYT SearchScopes: HKU\S-1-5-21-3996859763-3761385545-3165565353-1001 -> {EA6E82DD-9489-4B32-8E7B-5A97F7EF3395} URL = hxxp://www.google.de/search?hl=de&q={searchTerms}&meta= SearchScopes: HKU\S-1-5-21-3996859763-3761385545-3165565353-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SNYT SearchScopes: HKU\S-1-5-21-3996859763-3761385545-3165565353-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {EA6E82DD-9489-4B32-8E7B-5A97F7EF3395} URL = hxxp://www.google.de/search?hl=de&q={searchTerms}&meta= BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> C:\Program Files\McAfee\MSK\MskAPBho.dll () BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) BHO: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.) BHO: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation) Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation) Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_246.dll () FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-06-20] FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor FF Extension: McAfee SiteAdvisor - C:\Program Files\McAfee\SiteAdvisor [2014-06-19] Chrome: ======= CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter} CHR Profile: C:\Users\azita21.mmm-PC\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\azita21.mmm-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-02] CHR Extension: (Google Wallet) - C:\Users\azita21.mmm-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-02] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [109056 2008-08-01] (ArcSoft Inc.) S3 Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2014-07-01] (Adobe Systems) [File not signed] R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [431920 2014-12-04] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-04] (Avira Operations GmbH & Co. KG) S2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-11-20] (Avira Operations GmbH & Co. KG) R2 EvtEng; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [860160 2008-08-20] (Intel(R) Corporation) [File not signed] R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) R2 McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [131136 2014-12-03] (McAfee, Inc.) R2 mcmscsvc; C:\Program Files\McAfee\MSC\mcmscsvc.exe [797864 2008-12-16] (McAfee, Inc.) R2 McNASvc; c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe [2482848 2008-10-24] (McAfee, Inc.) S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [365072 2008-12-13] (McAfee, Inc.) R2 McProxy; c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe [359952 2008-10-23] (McAfee, Inc.) R2 McShield; C:\Program Files\McAfee\VirusScan\Mcshield.exe [144704 2008-12-19] (McAfee, Inc.) R3 McSysmon; C:\Program Files\McAfee\VirusScan\mcsysmon.exe [606736 2008-12-16] (McAfee, Inc.) R2 MpfService; C:\Program Files\McAfee\MPF\MPFSrv.exe [884360 2008-12-05] (McAfee, Inc.) R2 MSK80Service; C:\Program Files\McAfee\MSK\MskSrver.exe [26640 2008-11-25] (McAfee, Inc.) R2 NSUService; C:\Program Files\sony\Network Utility\NSUService.exe [303104 2008-12-21] (Sony Corporation) [File not signed] S3 PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [114688 2009-01-07] (Sony Corporation) [File not signed] R2 RegSrvc; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [466944 2008-08-20] (Intel(R) Corporation) [File not signed] R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService.exe [109088 2009-01-06] (Realtek Semiconductor) S3 SOHDBSvr; C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [70952 2009-02-05] (Sony Corporation) S3 SOHPlMgr; C:\Program Files\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [91432 2009-02-05] (Sony Corporation) R2 uCamMonitor; C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.) S3 VAIO Entertainment TV Device Arbitration Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe [69632 2009-01-21] (Sony Corporation) [File not signed] R2 VAIO Event Service; C:\Program Files\sony\VAIO Event Service\VESMgr.exe [203624 2009-01-19] (Sony Corporation) R2 VAIO Power Management; C:\Program Files\Sony\VAIO Power Management\SPMService.exe [415592 2008-12-19] (Sony Corporation) S3 VcmIAlzMgr; C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [394536 2009-01-19] (Sony Corporation) R3 Vcsw; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe [313264 2009-01-21] (Sony Corporation) S3 VUAgent; C:\Program Files\sony\VAIO Update 5\VUAgent.exe [722288 2010-04-09] (Sony Corporation) R2 VzCdbSvc; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe [192512 2009-01-21] (Sony Corporation) [File not signed] R2 yksvc; C:\Windows\System32\ykx32mpcoinst.dll [282624 2009-02-10] (Marvell) S2 3f17c95f; "C:\Windows\system32\rundll32.exe" "c:\progra~1\so_boo~1\AssistantSvc.dll",service ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [17920 2008-04-24] (ArcSoft, Inc.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98160 2014-10-07] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-10-07] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2014-08-15] (Avira Operations GmbH & Co. KG) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-01-02] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation) R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [79304 2008-12-19] (McAfee, Inc.) R3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [35272 2008-12-19] (McAfee, Inc.) R1 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [213640 2008-12-19] (McAfee, Inc.) S3 mferkdk; C:\Windows\System32\drivers\mferkdk.sys [34216 2008-12-19] (McAfee, Inc.) R3 mfesmfk; C:\Windows\System32\drivers\mfesmfk.sys [40552 2008-12-19] (McAfee, Inc.) R1 MPFP; C:\Windows\System32\Drivers\Mpfp.sys [130424 2008-10-23] (McAfee, Inc.) R3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtHDMIV.sys [155808 2009-02-23] (Realtek Semiconductor Corp.) R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2014-08-15] (Avira GmbH) U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation) S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 igfx; system32\DRIVERS\igdkmd32.sys [X] S3 IntcHdmiAddService; system32\drivers\IntcHdmi.sys [X] S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] S4 UIUSys; system32\DRIVERS\UIUSYS.SYS [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-02 13:58 - 2015-01-02 13:58 - 00852505 _____ () C:\Users\azita21.mmm-PC\Downloads\SecurityCheck.exe 2015-01-02 00:33 - 2015-01-02 00:33 - 00000000 ____D () C:\Program Files\ESET 2015-01-02 00:32 - 2015-01-02 00:32 - 02347384 _____ (ESET) C:\Users\azita21.mmm-PC\Downloads\esetsmartinstaller_deu.exe 2015-01-02 00:30 - 2015-01-02 00:30 - 00000008 __RSH () C:\ProgramData\ntuser.pol 2015-01-02 00:09 - 2015-01-02 00:09 - 00001963 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2015-01-02 00:09 - 2015-01-02 00:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2015-01-02 00:07 - 2015-01-02 13:12 - 00001100 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-01-02 00:07 - 2015-01-02 00:25 - 00001096 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-01-01 23:41 - 2015-01-01 23:41 - 00880784 _____ (Google Inc.) C:\Users\azita21.mmm-PC\Desktop\ChromeSetup.exe 2015-01-01 22:36 - 2015-01-01 22:39 - 00000000 ____D () C:\Users\azita21.mmm-PC\Desktop\commedesgarcons 2015-01-01 13:57 - 2015-01-01 13:57 - 00001342 _____ () C:\Users\azita21.mmm-PC\Desktop\JRT.txt 2015-01-01 13:50 - 2015-01-01 13:50 - 00001295 _____ () C:\Users\azita21.mmm-PC\Desktop\AdwCleaner[S2].txt 2015-01-01 13:49 - 2015-01-01 13:49 - 00000000 ____D () C:\Windows\ERUNT 2015-01-01 13:48 - 2015-01-01 13:48 - 01707939 _____ (Thisisu) C:\Users\azita21.mmm-PC\Downloads\JRT.exe 2015-01-01 13:30 - 2015-01-01 13:30 - 02173952 _____ () C:\Users\azita21.mmm-PC\Desktop\AdwCleaner_4.106.exe 2015-01-01 13:30 - 2015-01-01 13:30 - 00001717 _____ () C:\Users\azita21.mmm-PC\Desktop\mbam.txt 2015-01-01 13:28 - 2015-01-01 13:28 - 00001002 _____ () C:\Users\Public\Desktop\Avira.lnk 2015-01-01 12:19 - 2015-01-02 13:30 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-01-01 12:19 - 2015-01-01 12:19 - 00000899 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-01-01 12:19 - 2015-01-01 12:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-01-01 12:18 - 2015-01-01 12:19 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2015-01-01 12:18 - 2015-01-01 12:18 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-01-01 12:18 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-01-01 12:18 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-01-01 12:18 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-01-01 12:12 - 2015-01-01 12:12 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\azita21.mmm-PC\Downloads\mbam-setup-2.0.4.1028.exe 2015-01-01 00:08 - 2015-01-01 00:08 - 00031317 _____ () C:\ComboFix.txt 2014-12-31 23:38 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe 2014-12-31 23:38 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe 2014-12-31 23:38 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2014-12-31 23:38 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2014-12-31 23:38 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2014-12-31 23:38 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe 2014-12-31 23:38 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe 2014-12-31 23:38 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe 2014-12-31 23:18 - 2015-01-01 00:08 - 00000000 ____D () C:\Qoobox 2014-12-31 23:17 - 2015-01-01 00:06 - 00000000 ____D () C:\Windows\erdnt 2014-12-31 23:16 - 2014-12-31 23:17 - 00848856 _____ (Panda Security ) C:\Users\azita21.mmm-PC\Downloads\USBVaccineSetup (1).exe 2014-12-31 23:14 - 2014-12-31 23:14 - 05604036 ____R (Swearware) C:\Users\azita21.mmm-PC\Downloads\ComboFix.exe 2014-12-31 23:13 - 2014-12-31 23:13 - 00000000 ____D () C:\ProgramData\Panda Security 2014-12-31 23:13 - 2014-12-31 23:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security 2014-12-31 23:13 - 2014-12-31 23:13 - 00000000 ____D () C:\Program Files\Panda USB Vaccine 2014-12-31 23:12 - 2014-12-31 23:12 - 00848856 _____ (Panda Security ) C:\Users\azita21.mmm-PC\Downloads\USBVaccineSetup.exe 2014-12-31 23:03 - 2014-12-31 23:03 - 00001057 _____ () C:\Users\azita21.mmm-PC\Desktop\Revo Uninstaller.lnk 2014-12-31 23:03 - 2014-12-31 23:03 - 00000000 ____D () C:\Program Files\VS Revo Group 2014-12-31 23:02 - 2014-12-31 23:02 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\azita21.mmm-PC\Downloads\revosetup95.exe 2014-12-31 23:02 - 2014-12-31 23:02 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\azita21.mmm-PC\Downloads\revosetup95 (1).exe 2014-12-31 11:29 - 2014-12-31 11:36 - 00033090 _____ () C:\Users\azita21.mmm-PC\Downloads\Addition.txt 2014-12-31 11:27 - 2015-01-02 14:04 - 00024653 _____ () C:\Users\azita21.mmm-PC\Downloads\FRST.txt 2014-12-31 11:26 - 2015-01-02 14:04 - 00000000 ____D () C:\FRST 2014-12-31 11:25 - 2014-12-31 11:26 - 01114624 _____ (Farbar) C:\Users\azita21.mmm-PC\Downloads\FRST.exe 2014-12-31 11:02 - 2014-11-24 14:04 - 00229000 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2014-12-30 23:50 - 2014-12-31 23:38 - 00001912 _____ () C:\Windows\epplauncher.mif 2014-12-30 23:38 - 2014-12-30 23:39 - 11473216 _____ (Microsoft Corporation) C:\Users\azita21.mmm-PC\Downloads\MSEInstall (1).exe 2014-12-30 23:38 - 2014-12-30 23:38 - 14107296 _____ (Microsoft Corporation) C:\Users\azita21.mmm-PC\Downloads\MSEInstall.exe 2014-12-30 21:17 - 2014-12-30 21:20 - 13947406 _____ () C:\Users\azita21.mmm-PC\Downloads\Install_FD10DXZ_Trial.zip 2014-12-23 00:50 - 2014-12-23 00:51 - 00088641 _____ () C:\Users\azita21.mmm-PC\Downloads\hamburg_alstertanne_weihnacht_tanne_alster_jungfernstieg_michel_3666386309_600x450xcr.jpeg 2014-12-16 01:36 - 2014-12-16 01:36 - 05948992 _____ () C:\Users\azita21.mmm-PC\Downloads\Fragile lyrics - Tech N9ne (Kendall Morgan, Kendrick Lamar & ¡Mayday!).mp4 2014-12-15 21:55 - 2014-12-15 22:03 - 167650716 _____ () C:\Users\azita21.mmm-PC\Downloads\In Fashion- Sir Paul Smith interview.mp4 2014-12-12 02:26 - 2014-12-12 02:28 - 152333158 _____ () C:\Users\azita21.mmm-PC\Downloads\Sensational S'more Cones!! - Camp Food Pt.2.mp4 2014-12-12 02:25 - 2014-12-12 02:28 - 190470924 _____ () C:\Users\azita21.mmm-PC\Downloads\Boys Gone Wild - Camp Food Pt.1.mp4 ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-02 13:13 - 2014-07-07 00:54 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-01-02 12:26 - 2006-11-02 13:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2015-01-02 12:26 - 2006-11-02 13:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2015-01-02 11:03 - 2014-06-19 23:16 - 01813023 _____ () C:\Windows\WindowsUpdate.log 2015-01-02 10:30 - 2014-06-19 23:35 - 00035715 _____ () C:\Windows\system32\Config.MPF 2015-01-02 00:24 - 2008-01-21 03:47 - 00593996 _____ () C:\Windows\PFRO.log 2015-01-02 00:24 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-01-02 00:23 - 2009-05-15 09:57 - 00000012 _____ () C:\Windows\bthservsdp.dat 2015-01-02 00:23 - 2006-11-02 14:01 - 00026906 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2015-01-02 00:21 - 2006-11-02 12:18 - 00000000 ___HD () C:\Windows\system32\GroupPolicy 2015-01-02 00:07 - 2014-06-19 23:29 - 00000000 ____D () C:\Program Files\Google 2015-01-01 13:38 - 2014-07-12 15:55 - 00000000 ____D () C:\AdwCleaner 2015-01-01 13:28 - 2014-08-28 17:32 - 00000000 ____D () C:\ProgramData\Package Cache 2015-01-01 13:28 - 2014-08-28 16:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2015-01-01 13:28 - 2014-08-28 16:36 - 00000000 ____D () C:\Program Files\Avira 2015-01-01 00:59 - 2014-06-19 23:31 - 00000348 _____ () C:\Windows\Tasks\McQcTask.job 2015-01-01 00:08 - 2006-11-02 12:18 - 00000000 __RHD () C:\Users\Default 2015-01-01 00:08 - 2006-11-02 12:18 - 00000000 ___RD () C:\Users\Public 2014-12-31 23:59 - 2006-11-02 11:23 - 00000215 _____ () C:\Windows\system.ini 2014-12-31 00:23 - 2014-08-21 23:00 - 00000000 ____D () C:\Users\azita21.mmm-PC\Desktop\tomo 2014-12-31 00:05 - 2014-06-19 23:30 - 00000000 ____D () C:\Program Files\McAfee 2014-12-30 20:57 - 2008-01-21 08:16 - 01565124 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-12-23 00:51 - 2014-09-03 00:58 - 155762616 _____ () C:\Users\azita21.mmm-PC\Downloads\How to Talk to Your Crush.mp4 2014-12-16 02:22 - 2006-11-02 13:52 - 00107520 _____ () C:\Windows\setupact.log 2014-12-15 01:00 - 2014-06-19 23:31 - 00000372 _____ () C:\Windows\Tasks\McDefragTask.job 2014-12-12 11:33 - 2014-06-19 23:37 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-12-11 01:13 - 2014-07-07 00:54 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-12-11 01:13 - 2014-07-07 00:54 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2014-12-06 18:36 - 2014-09-16 00:39 - 180013387 _____ () C:\Users\azita21.mmm-PC\Downloads\The What If- Game Ft. Daniel Radcliffe (1).mp4 2014-12-06 18:35 - 2014-09-16 00:43 - 46816571 _____ () C:\Users\azita21.mmm-PC\Downloads\Epic Rap Battle- Nerd vs. Geek (1).mp4 2014-12-06 18:35 - 2014-09-16 00:42 - 103218786 _____ () C:\Users\azita21.mmm-PC\Downloads\Daniel Radcliffe Talks About The Friend Zone.mp4 Some content of TEMP: ==================== C:\Users\azita21.mmm-PC\AppData\Local\Temp\avgnt.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-01-02 12:48 ==================== End Of Log ============================ --- --- --- Ich kann immer noch nicht auf die Dateien auf meinem Stick zugreifen.. :/ |
02.01.2015, 15:22 | #10 |
/// the machine /// TB-Ausbilder | USB Dateien als Verknüpfung angezeigt Java, Flash und Adobe updaten. Unbedingt Windows updaten. Da fehlen 5 Jahre an Updates inklusive Servicepack. Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter C:\ProgramData\InstallMate C:\Users\azita\AppData\Local\Google\Chrome\User Data\Default\Extensions\okadibdjfemgnhjiembecghcbfknbfhg\11818.8373.4127_0\extensionData\plugins\91.js C:\Users\azita\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\00\00000001 C:\Users\azita\AppData\Local\Google\Chrome\User Data\Default\File System\001\t\00\00000003 C:\Users\azita\AppData\Roaming\Opera Software\Opera Stable\Extensions\kgdaeidiojbdgmnjnpmklilaodjlkbjp\1.26.27_0\extensionData\plugins\91.js C:\Users\azita\Downloads\Java.exe C:\Users\azita\Downloads\PerfectFrame_CB-DL-Manager.exe C:\Users\azita\Downloads\Player_Setup (1).exe C:\Users\azita\Downloads\Player_Setup (2).exe C:\Users\azita\Downloads\Player_Setup (3).exe C:\Users\azita\Downloads\Player_Setup.exe C:\Users\azita\Downloads\setup (1).exe C:\Users\azita\Downloads\setup (10).exe C:\Users\azita\Downloads\setup (11).exe C:\Users\azita\Downloads\setup (12).exe C:\Users\azita\Downloads\setup (13).exe C:\Users\azita\Downloads\setup (14).exe C:\Users\azita\Downloads\setup (2).exe C:\Users\azita\Downloads\setup (3).exe C:\Users\azita\Downloads\setup (4).exe C:\Users\azita\Downloads\setup (5).exe C:\Users\azita\Downloads\setup (6).exe C:\Users\azita\Downloads\setup (7).exe C:\Users\azita\Downloads\setup (8).exe C:\Users\azita\Downloads\setup (9).exe C:\Users\azita\Downloads\setup.exe C:\Users\azita\Downloads\SoftonicDownloader_for_jpeg-to-pdf.exe C:\Users\azita21.mmm-PC\AppData\Local\fst_de_147\Download\majfst_gentlede.exe C:\Users\azita21.mmm-PC\Downloads\Setup.exe HKU\S-1-5-21-3996859763-3761385545-3165565353-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [vggopxip] => "c:\users\azita\appdata\local\vggopxip.exe" /r c:\users\azita\appdata\local\vggopxip.exe S2 3f17c95f; "C:\Windows\system32\rundll32.exe" "c:\progra~1\so_boo~1\AssistantSvc.dll",service c:\progra~1\so_boo~1 Emptytemp: Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
SO, jetzt ist die Malware runter. Stick anklemmen, im Windows Explorer öffnen, Screenshot davon bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
03.01.2015, 15:04 | #11 |
| USB Dateien als Verknüpfung angezeigt Hab alles gemacht, hier sind die Screenshots. Wenn ich auf Data (D) doppelklicke kommt das (screenshot 2). |
03.01.2015, 16:06 | #12 |
/// the machine /// TB-Ausbilder | USB Dateien als Verknüpfung angezeigt Ist das die einzige Datei auf dem Stick, also auch Original? Das ist ne Verknüpfung zu einem andern Laufwerk. Bitte mal Systemsteuerung > Ordneroptionen > versteckte DAteien anzeigen lassen, Haken raus bei geschützte Dateien ausblenden.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
03.01.2015, 17:10 | #13 |
| USB Dateien als Verknüpfung angezeigt Nein das war nicht die einzige datei.Aber jetzt sehe ich alles wieder Da sind aber noch Kopien vom jeweiligen Original, muss ich die dalassen oder kann ich sie löschen? Ich hab den Stick an einen Mac gesteckt, und dort besteht dasselbe Problem wie vorhin (screenshots)... Was mach ich da?? Ich hab ja auch diverse malware scanner etc auf dem pc runtergeladen, sollten die auf dem pc bleiben? Welchen Virenschutz lass ich am besten aktiv? Vielen Dank für den Support! Geändert von mewmew (03.01.2015 um 17:57 Uhr) |
03.01.2015, 17:56 | #14 |
/// the machine /// TB-Ausbilder | USB Dateien als Verknüpfung angezeigt Zeig jetzt bitte nochmal nen Screen wo man alles sieht, wir müssen da noch was tunen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
03.01.2015, 18:02 | #15 |
| USB Dateien als Verknüpfung angezeigt Auf dem Mac kann ich auf die dateien immer noch nicht zugreifen |