| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Windos 7 + Browser VirenbefallWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
07.01.2015, 16:16
| #1 |
 |  Windos 7 + Browser Virenbefall Hallo liebe Alle! Es geht um Folgendes: Ich habe mich während des letzten halben Jahres leider auf Avira verlassen und hatte seither immer wieder mit Malware zu kämpfen. Seit einer Weile ist mein Laptop extrem langsam - Word, Explorer usw. brauchen eine Ewigkeit bis sie geöffnet werden können, Google Chrome und Internetexplorer sind die reinste Katastrophe. Ich habe mir dann überlegt, mein Notebook komplett neu aufzusetzen, aber 1. habe ich keine CD (hab das Notebook vor drei Jahren über einen Händler gekauft, den ich mittlerweile eher als dubios bezeichnen würde) und 2. kenne ich mich einfach wirklich überhaupt nicht aus. Also hab ich immer wieder Scans mit dem AdW-Cleaner durchgeführt und diesen auch Dateien löschen lassen, die Log-Files poste ich euch nachfolgend in chronologischer Reihenfolge. Heute konnte ich plötzlich weder Google Chrome noch den Internet Explorer öffnen und wenn, dann haben sich die einzelnen Fenster bei jedem Klick dupliziert. Habe dann erneut den AdW-Cleaner laufen lassen und festgestellt, dass meine Browser wohl infiziert sein müssen. Hab die Dateien gelöscht, aber es läuft einfach immer noch alles entweder total zäh oder gar nicht, deshalb hatte ich gehofft, ihr könnt mir vielleicht helfen. Ich würde mich echt freuen, wenn mir jemand helfen könnte! Nachfolgend findet ihr die Logs, die ich nach meinen bisherigen AdW-Scans erhalten habe. Liebe Grüße!AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v4.106 - Bericht erstellt am 07/01/2015 um 15:29:05
# Aktualisiert 21/12/2014 von Xplode
# Database : 2015-01-03.1 [Live]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzername : Laptop - LAPTOP-PC
# Gestartet von : C:\Users\Laptop\Downloads\adwcleaner_4.106.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Datei Gelöscht : C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorage
Datei Gelöscht : C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorage-journal
***** [ Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17496
-\\ Mozilla Firefox v
-\\ Google Chrome v
*************************
AdwCleaner[R0].txt - [6152 octets] - [24/11/2014 23:09:30]
AdwCleaner[R1].txt - [6212 octets] - [24/11/2014 23:13:47]
AdwCleaner[R2].txt - [945 octets] - [24/11/2014 23:25:15]
AdwCleaner[R3].txt - [1855 octets] - [07/01/2015 15:25:30]
AdwCleaner[S0].txt - [5832 octets] - [24/11/2014 23:15:47]
AdwCleaner[S1].txt - [1005 octets] - [24/11/2014 23:27:06]
AdwCleaner[S2].txt - [1776 octets] - [07/01/2015 15:29:05]
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1836 octets] ##########
AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v4.106 - Bericht erstellt am 07/01/2015 um 15:25:30
# Aktualisiert 21/12/2014 von Xplode
# Database : 2015-01-03.1 [Live]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzername : Laptop - LAPTOP-PC
# Gestartet von : C:\Users\Laptop\Downloads\adwcleaner_4.106.exe
# Option : Suchen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Datei Gefunden : C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorage
Datei Gefunden : C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorage-journal
***** [ Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17496
-\\ Mozilla Firefox v
-\\ Google Chrome v
*************************
AdwCleaner[R0].txt - [6152 octets] - [24/11/2014 23:09:30]
AdwCleaner[R1].txt - [6212 octets] - [24/11/2014 23:13:47]
AdwCleaner[R2].txt - [945 octets] - [24/11/2014 23:25:15]
AdwCleaner[R3].txt - [1595 octets] - [07/01/2015 15:25:30]
AdwCleaner[S0].txt - [5832 octets] - [24/11/2014 23:15:47]
AdwCleaner[S1].txt - [1005 octets] - [24/11/2014 23:27:06]
########## EOF - C:\AdwCleaner\AdwCleaner[R3].txt - [1775 octets] ##########
AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v4.102 - Bericht erstellt am 24/11/2014 um 23:27:06
# Aktualisiert 23/11/2014 von Xplode
# Database : 2014-11-24.1 [Live]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzername : Laptop - LAPTOP-PC
# Gestartet von : C:\Users\Gast\Downloads\adwcleaner_4.102.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
***** [ Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17420
-\\ Google Chrome v
*************************
AdwCleaner[R0].txt - [6152 octets] - [24/11/2014 23:09:30]
AdwCleaner[R1].txt - [6212 octets] - [24/11/2014 23:13:47]
AdwCleaner[R2].txt - [945 octets] - [24/11/2014 23:25:15]
AdwCleaner[S0].txt - [5832 octets] - [24/11/2014 23:15:47]
AdwCleaner[S1].txt - [867 octets] - [24/11/2014 23:27:06]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [926 octets] ##########
AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v4.102 - Bericht erstellt am 24/11/2014 um 23:25:15
# Aktualisiert 23/11/2014 von Xplode
# Database : 2014-11-24.1 [Live]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzername : Laptop - LAPTOP-PC
# Gestartet von : C:\Users\Gast\Downloads\adwcleaner_4.102.exe
# Option : Suchen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
***** [ Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17420
-\\ Google Chrome v
*************************
AdwCleaner[R0].txt - [6152 octets] - [24/11/2014 23:09:30]
AdwCleaner[R1].txt - [6212 octets] - [24/11/2014 23:13:47]
AdwCleaner[R2].txt - [747 octets] - [24/11/2014 23:25:15]
AdwCleaner[S0].txt - [5832 octets] - [24/11/2014 23:15:47]
########## EOF - C:\AdwCleaner\AdwCleaner[R2].txt - [866 octets] ##########
AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v4.102 - Bericht erstellt am 24/11/2014 um 23:15:47
# Aktualisiert 23/11/2014 von Xplode
# Database : 2014-11-24.1 [Live]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzername : Laptop - LAPTOP-PC
# Gestartet von : C:\Users\Laptop\Downloads\adwcleaner_4.102.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\apn
Ordner Gelöscht : C:\ProgramData\SecTaskMan
Ordner Gelöscht : C:\Program Files\Conduit
Ordner Gelöscht : C:\Program Files\Common Files\DVDVideoSoft\TB
Ordner Gelöscht : C:\Users\Laptop\AppData\Local\Astromenda
Ordner Gelöscht : C:\Users\Laptop\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\Laptop\AppData\Local\NativeMessaging
Ordner Gelöscht : C:\Users\Laptop\AppData\Local\WhiteListing
Ordner Gelöscht : C:\Users\Laptop\AppData\Local\Temp\apn
Ordner Gelöscht : C:\Users\Laptop\AppData\Local\Temp\OCS
Ordner Gelöscht : C:\Users\Laptop\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Laptop\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Users\Laptop\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\Laptop\AppData\Roaming\wse_astromenda
Ordner Gelöscht : C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhphemoobgnikcoofkgackkaimpfmenm
Ordner Gelöscht : C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Users\Laptop\Favorites\Startfenster.lnk
Datei Gelöscht : C:\Users\Laptop\AppData\Local\Temp\uninstaller.exe
Datei Gelöscht : C:\Users\Laptop\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Startfenster.lnk
Datei Gelöscht : C:\Users\Laptop\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Startfenster.lnk
Datei Gelöscht : C:\Users\Laptop\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Startfenster.lnk
Datei Gelöscht : C:\Users\Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Startfenster.lnk
Datei Gelöscht : C:\Users\Laptop\Desktop\Startfenster.lnk
Datei Gelöscht : C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
Datei Gelöscht : C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal
***** [ Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\bhphemoobgnikcoofkgackkaimpfmenm
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\bhphemoobgnikcoofkgackkaimpfmenm
Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2625848
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF}]
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E213014D-0383-42A0-9F58-37E4EA705C02}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{ED1AE4C6-BDB3-4E5B-B203-5D3DD3DB0D5A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E213014D-0383-42A0-9F58-37E4EA705C02}
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKLM\SOFTWARE\Conduit
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\adobe-photoshop-cs2.softonic.de
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\news.softonic.de
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\softonic.de
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.softonic.de
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17420
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
-\\ Google Chrome v
*************************
AdwCleaner[R0].txt - [6152 octets] - [24/11/2014 23:09:30]
AdwCleaner[R1].txt - [6212 octets] - [24/11/2014 23:13:47]
AdwCleaner[S0].txt - [5692 octets] - [24/11/2014 23:15:47]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5752 octets] ##########
AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v4.102 - Bericht erstellt am 24/11/2014 um 23:13:47
# Aktualisiert 23/11/2014 von Xplode
# Database : 2014-11-24.1 [Live]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzername : Laptop - LAPTOP-PC
# Gestartet von : C:\Users\Laptop\Downloads\adwcleaner_4.102.exe
# Option : Suchen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Datei Gefunden : C:\END
Datei Gefunden : C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
Datei Gefunden : C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal
Datei Gefunden : C:\Users\Laptop\AppData\Local\Temp\uninstaller.exe
Datei Gefunden : C:\Users\Laptop\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Startfenster.lnk
Datei Gefunden : C:\Users\Laptop\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Startfenster.lnk
Datei Gefunden : C:\Users\Laptop\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Startfenster.lnk
Datei Gefunden : C:\Users\Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Startfenster.lnk
Datei Gefunden : C:\Users\Laptop\Desktop\Startfenster.lnk
Datei Gefunden : C:\Users\Laptop\Favorites\Startfenster.lnk
Ordner Gefunden : C:\Program Files\Common Files\DVDVideoSoft\TB
Ordner Gefunden : C:\Program Files\Conduit
Ordner Gefunden : C:\ProgramData\apn
Ordner Gefunden : C:\ProgramData\SecTaskMan
Ordner Gefunden : C:\Users\Laptop\AppData\Local\Astromenda
Ordner Gefunden : C:\Users\Laptop\AppData\Local\Conduit
Ordner Gefunden : C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhphemoobgnikcoofkgackkaimpfmenm
Ordner Gefunden : C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp
Ordner Gefunden : C:\Users\Laptop\AppData\Local\NativeMessaging
Ordner Gefunden : C:\Users\Laptop\AppData\Local\Temp\apn
Ordner Gefunden : C:\Users\Laptop\AppData\Local\Temp\OCS
Ordner Gefunden : C:\Users\Laptop\AppData\Local\WhiteListing
Ordner Gefunden : C:\Users\Laptop\AppData\LocalLow\Conduit
Ordner Gefunden : C:\Users\Laptop\AppData\LocalLow\PriceGong
Ordner Gefunden : C:\Users\Laptop\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gefunden : C:\Users\Laptop\AppData\Roaming\wse_astromenda
***** [ Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Smartbar
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gefunden : HKCU\Software\Conduit
Schlüssel Gefunden : HKCU\Software\Google\Chrome\Extensions\bhphemoobgnikcoofkgackkaimpfmenm
Schlüssel Gefunden : HKCU\Software\Google\Chrome\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp
Schlüssel Gefunden : HKCU\Software\InstallCore
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\adobe-photoshop-cs2.softonic.de
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\news.softonic.de
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\softonic.de
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.softonic.de
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E213014D-0383-42A0-9F58-37E4EA705C02}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{ED1AE4C6-BDB3-4E5B-B203-5D3DD3DB0D5A}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gefunden : HKCU\Software\OCS
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2625848
Schlüssel Gefunden : HKLM\SOFTWARE\Conduit
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\bhphemoobgnikcoofkgackkaimpfmenm
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E213014D-0383-42A0-9F58-37E4EA705C02}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF}]
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF}]
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17420
Einstellung Gefunden : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://astromenda.com/?f=1&a=ast_aw_14_36_ie&cd=2XzuyEtN2Y1L1Qzu0D0CtD0E0AtCtCzzyEzz0C0CyBzyzz0FtN0D0Tzu0SzyyByDtN1L2XzutAtFtBtFtCtFtCtN1L1Czu0S0P0D0YtN1L1G1B1V1N2Y1L1Qzu2SyDzy0FtCyCtC0F0CtGyCzzyDtBtGtAyD0DtAtGzytD0A0DtGtDyE0Dzy0EtDtAtAtC0A0E0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDtAzy0D0D0F0EyBtGtCzytDtBtGyEtDtCyDtG0AtAyBzytG0DyBtAyBtB0F0CtA0Azy0DtD2QtN1B1L1H1Ezu1O2U1M1B&cr=1726226932&ir=
-\\ Google Chrome v
*************************
AdwCleaner[R0].txt - [6152 octets] - [24/11/2014 23:09:30]
AdwCleaner[R1].txt - [6072 octets] - [24/11/2014 23:13:47]
########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [6132 octets] ##########
AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v4.102 - Bericht erstellt am 24/11/2014 um 23:09:30
# Aktualisiert 23/11/2014 von Xplode
# Database : 2014-11-24.1 [Live]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzername : Laptop - LAPTOP-PC
# Gestartet von : C:\Users\Laptop\Downloads\adwcleaner_4.102.exe
# Option : Suchen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Datei Gefunden : C:\END
Datei Gefunden : C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
Datei Gefunden : C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal
Datei Gefunden : C:\Users\Laptop\AppData\Local\Temp\uninstaller.exe
Datei Gefunden : C:\Users\Laptop\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Startfenster.lnk
Datei Gefunden : C:\Users\Laptop\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Startfenster.lnk
Datei Gefunden : C:\Users\Laptop\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Startfenster.lnk
Datei Gefunden : C:\Users\Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Startfenster.lnk
Datei Gefunden : C:\Users\Laptop\Desktop\Startfenster.lnk
Datei Gefunden : C:\Users\Laptop\Favorites\Startfenster.lnk
Ordner Gefunden : C:\Program Files\Common Files\DVDVideoSoft\TB
Ordner Gefunden : C:\Program Files\Conduit
Ordner Gefunden : C:\ProgramData\apn
Ordner Gefunden : C:\ProgramData\SecTaskMan
Ordner Gefunden : C:\Users\Laptop\AppData\Local\Astromenda
Ordner Gefunden : C:\Users\Laptop\AppData\Local\Conduit
Ordner Gefunden : C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhphemoobgnikcoofkgackkaimpfmenm
Ordner Gefunden : C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp
Ordner Gefunden : C:\Users\Laptop\AppData\Local\NativeMessaging
Ordner Gefunden : C:\Users\Laptop\AppData\Local\Temp\apn
Ordner Gefunden : C:\Users\Laptop\AppData\Local\Temp\OCS
Ordner Gefunden : C:\Users\Laptop\AppData\Local\WhiteListing
Ordner Gefunden : C:\Users\Laptop\AppData\LocalLow\Conduit
Ordner Gefunden : C:\Users\Laptop\AppData\LocalLow\PriceGong
Ordner Gefunden : C:\Users\Laptop\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gefunden : C:\Users\Laptop\AppData\Roaming\wse_astromenda
***** [ Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Smartbar
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gefunden : HKCU\Software\Conduit
Schlüssel Gefunden : HKCU\Software\Google\Chrome\Extensions\bhphemoobgnikcoofkgackkaimpfmenm
Schlüssel Gefunden : HKCU\Software\Google\Chrome\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp
Schlüssel Gefunden : HKCU\Software\InstallCore
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\adobe-photoshop-cs2.softonic.de
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\news.softonic.de
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\softonic.de
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.softonic.de
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E213014D-0383-42A0-9F58-37E4EA705C02}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{ED1AE4C6-BDB3-4E5B-B203-5D3DD3DB0D5A}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gefunden : HKCU\Software\OCS
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2625848
Schlüssel Gefunden : HKLM\SOFTWARE\Conduit
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\bhphemoobgnikcoofkgackkaimpfmenm
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E213014D-0383-42A0-9F58-37E4EA705C02}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF}]
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF}]
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17420
Einstellung Gefunden : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://astromenda.com/?f=1&a=ast_aw_14_36_ie&cd=2XzuyEtN2Y1L1Qzu0D0CtD0E0AtCtCzzyEzz0C0CyBzyzz0FtN0D0Tzu0SzyyByDtN1L2XzutAtFtBtFtCtFtCtN1L1Czu0S0P0D0YtN1L1G1B1V1N2Y1L1Qzu2SyDzy0FtCyCtC0F0CtGyCzzyDtBtGtAyD0DtAtGzytD0A0DtGtDyE0Dzy0EtDtAtAtC0A0E0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDtAzy0D0D0F0EyBtGtCzytDtBtGyEtDtCyDtG0AtAyBzytG0DyBtAyBtB0F0CtA0Azy0DtD2QtN1B1L1H1Ezu1O2U1M1B&cr=1726226932&ir=
-\\ Google Chrome v
*************************
AdwCleaner[R0].txt - [6012 octets] - [24/11/2014 23:09:30]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [6072 octets] ##########
Nachtrag: Ansonsten habe ich kein Programm drüberlaufen lassen, außer Avira. Avira findet auch nichts - weder Malware noch Virus, aber darauf ist - wie ich in den letzten Tagen lesen konnte - wohl ohnehin kein Verlass. |
|
07.01.2015, 17:32
| #2 |
| /// the machine /// TB-Ausbilder    | Windos 7 + Browser Virenbefall hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
07.01.2015, 21:14
| #3 |
| | Windos 7 + Browser Virenbefall Hallo und danke erst mal, hier die Logfiles:
__________________FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-01-2015
Ran by Laptop (administrator) on LAPTOP-PC on 07-01-2015 21:08:31
Running from C:\Users\Laptop\Desktop
Loaded Profile: Laptop (Available profiles: Laptop & Gast)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Sony Corporation) C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Sony Corporation) C:\Program Files\Sony\PlayMemories Home\PMBVolumeWatcher.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Spotify Ltd) C:\Users\Laptop\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Dropbox, Inc.) C:\Users\Laptop\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
() C:\Program Files\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Users\Laptop\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Laptop\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Laptop\AppData\Local\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM\...\Run: [PMBVolumeWatcher] => C:\Program Files\Sony\PlayMemories Home\PMBVolumeWatcher.exe [740888 2013-04-24] (Sony Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [974432 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-09] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2014-10-14] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe Creative Cloud] => C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694320 2014-10-15] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKU\S-1-5-21-3893482130-3688408459-2354354221-1000\...\Run: [EPSON Stylus DX7400 Series] => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICDE.EXE [182272 2007-04-12] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3893482130-3688408459-2354354221-1000\...\Run: [EPSON Stylus DX7400 Series (Kopie 1)] => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICDE.EXE [182272 2007-04-12] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3893482130-3688408459-2354354221-1000\...\Run: [msnmsgr] => C:\Program Files\Windows Live\Messenger\msnmsgr.exe [4272624 2013-02-05] (Microsoft Corporation)
HKU\S-1-5-21-3893482130-3688408459-2354354221-1000\...\Run: [Spotify Web Helper] => C:\Users\Laptop\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1514040 2014-11-04] (Spotify Ltd)
HKU\S-1-5-21-3893482130-3688408459-2354354221-1000\...\Run: [Google Update] => C:\Users\Laptop\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-07-12] (Google Inc.)
HKU\S-1-5-21-3893482130-3688408459-2354354221-1000\...\Run: [GoogleChromeAutoLaunch_91B4BC4B9D616919C5D60BDCE2C341BB] => C:\Users\Laptop\AppData\Local\Google\Chrome\Application\chrome.exe [856904 2014-12-06] (Google Inc.)
HKU\S-1-5-21-3893482130-3688408459-2354354221-1000\...\MountPoints2: {0fbcbd33-c168-11e1-b2d8-dc0ea11848cc} - E:\AutoRun.exe
HKU\S-1-5-21-3893482130-3688408459-2354354221-1000\...\MountPoints2: {2755955a-7665-11e1-aa3f-dc0ea11848cc} - E:\AutoRun.exe
HKU\S-1-5-21-3893482130-3688408459-2354354221-1000\...\MountPoints2: {4ac11949-b59c-11e1-a98d-74de2bdcd11d} - E:\AutoRun.exe
HKU\S-1-5-21-3893482130-3688408459-2354354221-1000\...\MountPoints2: {4ac1194b-b59c-11e1-a98d-74de2bdcd11d} - E:\AutoRun.exe
HKU\S-1-5-21-3893482130-3688408459-2354354221-1000\...\MountPoints2: {5b7051dd-73e8-11e1-aa2a-74de2bdcd11d} - E:\AutoRun.exe
HKU\S-1-5-21-3893482130-3688408459-2354354221-1000\...\MountPoints2: {5b7051eb-73e8-11e1-aa2a-74de2bdcd11d} - E:\AutoRun.exe
HKU\S-1-5-21-3893482130-3688408459-2354354221-1000\...\MountPoints2: {6dee92ca-5355-11e3-80b8-74de2bdcd11d} - E:\AutoRun.exe
HKU\S-1-5-21-3893482130-3688408459-2354354221-1000\...\MountPoints2: {6dee92cd-5355-11e3-80b8-74de2bdcd11d} - E:\AutoRun.exe
HKU\S-1-5-21-3893482130-3688408459-2354354221-1000\...\MountPoints2: {6e1ff7ab-7160-11e2-b505-74de2bdcd11d} - E:\AutoRun.exe
HKU\S-1-5-21-3893482130-3688408459-2354354221-1000\...\MountPoints2: {79bfee2b-7161-11e2-b9af-74de2bdcd11d} - E:\AutoRun.exe
HKU\S-1-5-21-3893482130-3688408459-2354354221-1000\...\MountPoints2: {79bfee2e-7161-11e2-b9af-74de2bdcd11d} - E:\AutoRun.exe
HKU\S-1-5-21-3893482130-3688408459-2354354221-1000\...\MountPoints2: {eeae7511-b582-11e1-b029-74de2bdcd11d} - E:\AutoRun.exe
HKU\S-1-5-21-3893482130-3688408459-2354354221-1000\...\MountPoints2: {f693e952-72b1-11e1-8fd9-806e6f6e6963} - D:\DistinguishOS.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Audible Download Manager.lnk
ShortcutTarget: Audible Download Manager.lnk -> C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe (No File)
Startup: C:\Users\Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Laptop\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x86.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x86.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x86.dll ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyEnable: [S-1-5-21-3893482130-3688408459-2354354221-1000] => Internet Explorer proxy is enabled.
HKU\S-1-5-21-3893482130-3688408459-2354354221-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp
HKU\S-1-5-21-3893482130-3688408459-2354354221-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKU\S-1-5-21-3893482130-3688408459-2354354221-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3893482130-3688408459-2354354221-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
SearchScopes: HKU\S-1-5-21-3893482130-3688408459-2354354221-1000 -> {A3B423A0-3B18-4C15-82E3-568397601825} URL = hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q={searchTerms}&src=IE-SearchBox
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
FireFox:
========
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @Skype Technologies S.A..com/Skype Web Plugin -> C:\Program Files\SkypeWebPlugin\3.1.15602.22612\npSkypeWebPlugin.dll (Skype)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKU\S-1-5-21-3893482130-3688408459-2354354221-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Laptop\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-3893482130-3688408459-2354354221-1000: @talk.google.com/O1DPlugin -> C:\Users\Laptop\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-3893482130-3688408459-2354354221-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Laptop\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-3893482130-3688408459-2354354221-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Laptop\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-3893482130-3688408459-2354354221-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101727.dll (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Laptop\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Laptop\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.search.ask.com/?tpid=ORJ-V7-SAT&o=APN11467&pf=V7&trgb=CR&p2=%5EBED%5EOSJ000%5EYY%5EAT&gct=hp&apn_ptnrs=BED&apn_dtid=%5EOSJ000%5EYY%5EAT&apn_dbr=cr_34.0.1847.137&apn_uid=1F5EC43F-A747-4017-A7E0-6CC6726F6BBD&itbv=12.10.6.53&doi=2014-05-19&psv="
CHR Profile: C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-18]
CHR Extension: (Google Wallet) - C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-27]
CHR Profile: C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Docs) - C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2013-02-25]
CHR Extension: (Google Drive) - C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-02-25]
CHR Extension: (DVDVideoSoftTB DE) - C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bhphemoobgnikcoofkgackkaimpfmenm [2013-02-25]
CHR Extension: (YouTube) - C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-02-25]
CHR Extension: (Google-Suche) - C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-02-25]
CHR Extension: (avast! WebRep) - C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda [2013-02-25]
CHR Extension: (DvdVideoSoft Free Youtube Download) - C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp [2013-02-25]
CHR Extension: (Google Mail) - C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-02-25]
CHR Profile: C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Profile 2
CHR Extension: (DVDVideoSoftTB DE) - C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\bhphemoobgnikcoofkgackkaimpfmenm [2013-02-25]
CHR Extension: (avast! WebRep) - C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda [2013-02-25]
CHR Extension: (DvdVideoSoft Free Youtube Download) - C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp [2013-02-25]
CHR Extension: (Google Wallet) - C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-29]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [431920 2014-12-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-09] (Avira Operations GmbH & Co. KG)
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation)
R2 PMBDeviceInfoProvider; C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [483864 2013-04-24] (Sony Corporation)
S3 McComponentHostService; "C:\Program Files\McAfee Security Scan\3.0.285\McCHSvc.exe" [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98160 2014-10-23] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-10-23] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2014-10-23] (Avira Operations GmbH & Co. KG)
S3 hwdatacard; C:\Windows\System32\DRIVERS\ewusbmdm.sys [101504 2012-03-22] (Huawei Technologies Co., Ltd.) [File not signed]
S3 MBAMSwissArmy; C:\Windows\system32\drivers\mbamswissarmy.sys [40776 2014-05-23] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2014-10-23] (Avira GmbH)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-07 21:08 - 2015-01-07 21:09 - 00020234 _____ () C:\Users\Laptop\Desktop\FRST.txt
2015-01-07 21:08 - 2015-01-07 21:08 - 00000000 ____D () C:\FRST
2015-01-07 21:06 - 2015-01-07 21:06 - 01115648 _____ (Farbar) C:\Users\Laptop\Desktop\FRST.exe
2015-01-07 15:22 - 2015-01-07 15:24 - 02173952 _____ () C:\Users\Laptop\Downloads\adwcleaner_4.106 (1).exe
2015-01-05 12:19 - 2015-01-05 12:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2015-01-05 12:10 - 2015-01-05 12:10 - 00000000 ____D () C:\Program Files\Free Codec Pack
2015-01-05 12:09 - 2015-01-05 12:47 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft
2015-01-05 12:09 - 2015-01-05 12:20 - 00000000 ____D () C:\Program Files\DVDVideoSoft
2015-01-05 11:38 - 2015-01-05 11:58 - 03534368 _____ (DVDVideoSoft Ltd. ) C:\Users\Laptop\Downloads\FreeStudio641.exe
2015-01-04 23:59 - 2015-01-04 23:59 - 00001068 _____ () C:\Users\Public\Desktop\Picasa 3.lnk
2015-01-04 23:58 - 2015-01-04 23:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
2015-01-04 23:50 - 2015-01-04 23:53 - 17385800 _____ (Google Inc.) C:\Users\Laptop\Downloads\picasa39-setup.exe
2015-01-04 21:05 - 2015-01-05 01:06 - 00000000 ____D () C:\Users\Laptop\Desktop\101MSDCF
2014-12-30 00:42 - 2014-12-30 00:42 - 00000000 ____D () C:\Users\Laptop\Documents\Fax
2014-12-20 12:30 - 2014-12-20 12:30 - 00001753 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-12-20 12:30 - 2014-12-20 12:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-12-20 12:30 - 2012-10-03 16:14 - 00026840 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2014-12-20 12:29 - 2014-12-20 12:30 - 00000000 ____D () C:\ProgramData\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
2014-12-20 12:29 - 2014-12-20 12:30 - 00000000 ____D () C:\Program Files\iTunes
2014-12-20 12:29 - 2014-12-20 12:29 - 00000000 ____D () C:\Program Files\iPod
2014-12-20 11:58 - 2014-12-20 12:05 - 109829936 _____ (Apple Inc.) C:\Users\Laptop\Downloads\iTunesSetup.exe
2014-12-18 09:26 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-13 12:35 - 2014-12-13 12:38 - 05784826 _____ () C:\Users\Laptop\Downloads\Los Reyes Magos (1).zip
2014-12-12 01:05 - 2014-12-12 01:05 - 00000000 ____D () C:\Users\Laptop\.android
2014-12-12 00:54 - 2014-12-12 00:54 - 00001067 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Content Viewer.lnk
2014-12-12 00:54 - 2014-12-12 00:54 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2014-12-12 00:54 - 2014-12-12 00:54 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2014-12-12 00:54 - 2014-12-12 00:54 - 00000000 ____D () C:\Program Files\Common Files\Adobe AIR
2014-12-12 00:46 - 2014-12-12 00:46 - 00001248 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe InDesign CC 2014 (32-bit).lnk
2014-12-12 00:11 - 2014-12-12 00:11 - 00000000 ___RD () C:\Users\Laptop\Creative Cloud Files
2014-12-12 00:08 - 2014-12-12 00:08 - 00001283 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2014-12-12 00:08 - 2014-12-12 00:08 - 00001271 _____ () C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2014-12-12 00:06 - 2014-12-12 00:06 - 00000000 ____D () C:\ProgramData\Package Cache
2014-12-11 23:44 - 2014-12-11 23:44 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-11 23:41 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-11 23:41 - 2014-07-07 02:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-12-11 23:41 - 2014-07-07 02:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-12-11 23:41 - 2014-07-07 02:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-12-11 23:41 - 2014-07-07 02:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-12-11 23:28 - 2014-12-11 23:28 - 00672432 _____ (Adobe Systems Incorporated) C:\Users\Laptop\Downloads\CreativeCloudSet-Up (1).exe
2014-12-11 23:26 - 2014-12-11 23:27 - 00672432 _____ (Adobe Systems Incorporated) C:\Users\Laptop\Downloads\CreativeCloudSet-Up.exe
2014-12-11 23:13 - 2014-12-11 23:15 - 09823773 _____ () C:\Users\Laptop\Downloads\NEU_Plakat III _ Fotowettbewerb2015.eps
2014-12-10 18:16 - 2014-12-04 05:38 - 00728576 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-10 18:16 - 2014-12-04 05:38 - 00610304 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-10 18:16 - 2014-12-04 05:38 - 00337920 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-10 18:16 - 2014-12-04 05:38 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-10 18:16 - 2014-12-04 05:38 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-10 18:16 - 2014-12-04 05:38 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-10 18:16 - 2014-12-04 05:34 - 00873984 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-10 18:16 - 2014-12-02 00:28 - 01160872 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2014-12-10 18:14 - 2014-11-22 03:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-10 18:14 - 2014-11-22 02:55 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-10 18:14 - 2014-11-22 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-10 18:13 - 2014-11-27 02:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-10 18:13 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-10 18:13 - 2014-11-22 03:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-10 18:13 - 2014-11-22 03:20 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-10 18:13 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-10 18:13 - 2014-11-22 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-10 18:13 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-10 18:13 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-10 18:13 - 2014-11-22 02:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-10 18:13 - 2014-11-22 02:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-10 18:13 - 2014-11-22 02:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-10 18:13 - 2014-11-22 02:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-10 18:13 - 2014-11-22 02:48 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-10 18:13 - 2014-11-22 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-10 18:13 - 2014-11-22 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-10 18:13 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-10 18:13 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-10 18:13 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-10 18:13 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-10 18:13 - 2014-11-22 02:23 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-10 18:13 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-10 18:13 - 2014-11-22 02:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-10 18:13 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-10 18:13 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-10 18:13 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-10 18:13 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-10 18:02 - 2014-11-11 02:32 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-10 17:57 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-10 17:38 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-10 17:26 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-10 17:25 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-10 17:25 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-10 17:25 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-10 17:25 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-10 17:25 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-09 10:54 - 2014-12-09 10:54 - 00259126 _____ () C:\Users\Laptop\Downloads\Forschungsorientierung_09.12.14.pptx
2014-12-08 13:52 - 2014-12-08 13:52 - 00000000 ____D () C:\Users\Laptop\AppData\Roaming\No Company Name
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-07 20:59 - 2012-08-06 18:33 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3893482130-3688408459-2354354221-1000UA.job
2015-01-07 20:59 - 2012-03-24 18:22 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-07 20:58 - 2012-05-05 11:17 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-07 15:58 - 2012-03-20 18:30 - 01394648 _____ () C:\Windows\WindowsUpdate.log
2015-01-07 15:39 - 2009-07-14 05:34 - 00028464 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-07 15:39 - 2009-07-14 05:34 - 00028464 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-07 15:37 - 2013-07-04 21:39 - 00000000 ___RD () C:\Users\Laptop\Dropbox
2015-01-07 15:37 - 2013-07-04 21:35 - 00000000 ____D () C:\Users\Laptop\AppData\Roaming\Dropbox
2015-01-07 15:34 - 2014-05-27 11:31 - 00000000 ____D () C:\Users\Laptop\Tracing
2015-01-07 15:34 - 2012-03-20 12:02 - 00000000 ____D () C:\Users\Laptop\AppData\Local\Adobe
2015-01-07 15:32 - 2013-12-04 17:18 - 00000374 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2015-01-07 15:31 - 2013-12-03 11:06 - 00561636 _____ () C:\Windows\PFRO.log
2015-01-07 15:31 - 2013-11-03 01:00 - 00006686 _____ () C:\Windows\setupact.log
2015-01-07 15:31 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-07 15:29 - 2014-11-24 23:08 - 00000000 ____D () C:\AdwCleaner
2015-01-07 14:59 - 2012-10-15 19:08 - 00000000 ____D () C:\Users\Laptop\AppData\Roaming\Spotify
2015-01-07 14:38 - 2012-08-06 18:33 - 00001072 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3893482130-3688408459-2354354221-1000Core.job
2015-01-05 12:19 - 2012-04-06 13:35 - 00000000 ____D () C:\Users\Laptop\AppData\Roaming\DVDVideoSoft
2015-01-04 23:59 - 2012-03-24 18:22 - 00000000 ____D () C:\Users\Laptop\AppData\Local\Google
2015-01-04 23:57 - 2012-03-24 18:22 - 00000000 ____D () C:\Program Files\Google
2015-01-04 20:47 - 2013-07-04 21:39 - 00001021 _____ () C:\Users\Laptop\Desktop\Dropbox.lnk
2015-01-04 20:47 - 2013-07-04 21:36 - 00000000 ____D () C:\Users\Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-12-31 12:13 - 2012-03-20 12:20 - 00249488 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-12-30 13:55 - 2014-10-30 09:25 - 00000000 ____D () C:\Users\Laptop\Desktop\Nov. und Dez. 2014 ungeordnet + Weihnachten!!
2014-12-20 12:29 - 2012-04-29 10:32 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-12-20 12:22 - 2012-04-29 10:32 - 00000000 ____D () C:\ProgramData\Apple
2014-12-15 23:01 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-12-13 19:38 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache
2014-12-13 02:05 - 2012-03-20 11:51 - 00000000 ____D () C:\Users\Laptop\AppData\Local\Microsoft Help
2014-12-12 23:59 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-12-12 11:48 - 2012-08-06 18:36 - 00002366 _____ () C:\Users\Laptop\Desktop\Google Chrome.lnk
2014-12-12 01:05 - 2012-03-20 11:33 - 00000000 ____D () C:\Users\Laptop
2014-12-12 01:04 - 2012-03-20 12:06 - 00000000 ____D () C:\Users\Laptop\AppData\Roaming\Adobe
2014-12-12 01:01 - 2014-04-13 15:11 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2014-12-12 00:54 - 2012-03-20 16:05 - 00000000 ____D () C:\Program Files\Adobe
2014-12-12 00:46 - 2012-03-20 12:03 - 00000000 ____D () C:\ProgramData\Adobe
2014-12-12 00:39 - 2012-03-20 12:03 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-12-11 23:44 - 2014-05-09 17:28 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-11 23:44 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\AppCompat
2014-12-11 23:43 - 2012-03-20 11:51 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-11 23:37 - 2013-07-19 23:39 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-11 23:08 - 2012-03-20 12:31 - 109818608 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-11 23:00 - 2012-05-05 11:17 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-12-11 23:00 - 2012-03-24 18:22 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-12-08 14:01 - 2012-03-20 11:47 - 00110360 _____ () C:\Users\Laptop\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-08 14:00 - 2009-07-14 05:33 - 00501032 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-12-08 13:44 - 2014-11-01 20:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2014-12-08 13:35 - 2014-09-26 18:02 - 00000000 ___RD () C:\Program Files\Skype
2014-12-08 13:35 - 2013-03-17 10:06 - 00000000 ____D () C:\ProgramData\Skype
Some content of TEMP:
====================
C:\Users\Laptop\AppData\Local\Temp\77322uninstall.exe
C:\Users\Laptop\AppData\Local\Temp\APNSetup.exe
C:\Users\Laptop\AppData\Local\Temp\AudibleDM_iTunesSetup.exe
C:\Users\Laptop\AppData\Local\Temp\avgnt.exe
C:\Users\Laptop\AppData\Local\Temp\bdfilters.dll
C:\Users\Laptop\AppData\Local\Temp\Creative Cloud Helper.exe
C:\Users\Laptop\AppData\Local\Temp\DataCard_Setup.exe
C:\Users\Laptop\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfhbsis.dll
C:\Users\Laptop\AppData\Local\Temp\install_flashplayer15x32_mssa_aaa_aih.exe
C:\Users\Laptop\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Laptop\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Laptop\AppData\Local\Temp\PrefJsonCpp.exe
C:\Users\Laptop\AppData\Local\Temp\Quarantine.exe
C:\Users\Laptop\AppData\Local\Temp\readSTILog.dll
C:\Users\Laptop\AppData\Local\Temp\ResetDevice.exe
C:\Users\Laptop\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Laptop\AppData\Local\Temp\SpotifyUninstall.exe
C:\Users\Laptop\AppData\Local\Temp\sqlite3.dll
C:\Users\Laptop\AppData\Local\Temp\sqlite3.exe
C:\Users\Laptop\AppData\Local\Temp\tmd_34011883.exe
C:\Users\Laptop\AppData\Local\Temp\tmd_34012075.exe
C:\Users\Laptop\AppData\Local\Temp\tmd_34016925.exe
C:\Users\Laptop\AppData\Local\Temp\tmd_34018202.exe
C:\Users\Laptop\AppData\Local\Temp\UninstallerGer.dll
C:\Users\Laptop\AppData\Local\Temp\WtgDriverInstallX.dll
C:\Users\Laptop\AppData\Local\Temp\{397F530C-E3C7-4D0C-85D3-E43EF07EE369}-GoogleUpdateSetup.exe
C:\Users\Laptop\AppData\Local\Temp\{F06AC49D-3EC0-4338-9C66-4AD8FD6D1E3A}-GoogleUpdateSetup.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-01-05 18:56
==================== End Of Log ============================
FRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 07-01-2015
Ran by Laptop at 2015-01-07 21:10:34
Running from C:\Users\Laptop\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 14.0.0.178 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM\...\Adobe Creative Cloud) (Version: 2.8.1.451 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe InDesign CC 2014 (32-bit) (HKLM\...\{37BEE0A4-72B9-1014-A77C-C46F3F2C3207}) (Version: 10.1.0.070 - Adobe Systems Incorporated)
Adobe Reader 9.5.1 - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-A95000000001}) (Version: 9.5.1 - Adobe Systems Incorporated)
Adobe® Content Viewer (HKLM\...\com.adobe.dmp.contentviewer) (Version: 3.4.3 - Adobe Systems, Incorporated)
Amazon MP3-Downloader 1.0.17 (HKLM\...\Amazon MP3-Downloader) (Version: 1.0.17 - Amazon Services LLC)
Apple Application Support (HKLM\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{235EBB33-3DA1-46DF-AADE-9955123409CB}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKU\S-1-5-21-3893482130-3688408459-2354354221-1000\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
EPSON-Drucker-Software (HKLM\...\EPSON Printer and Utilities) (Version: - SEIKO EPSON Corporation)
Fotogalerie (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Free Studio version 6.4.1.1215 (HKLM\...\Free Studio_is1) (Version: 6.4.1.1215 - DVDVideoSoft Ltd.)
Google Chrome (HKU\S-1-5-21-3893482130-3688408459-2354354221-1000\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Talk Plugin (HKLM\...\{0C5C1177-94C5-3EFB-A8BE-3F6AF1AF887F}) (Version: 5.38.6.0 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Intel(R) Graphics Media Accelerator Driver (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2182 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.2.1001 - Intel Corporation)
iTunes (HKLM\...\{5D928931-D1D2-4A93-A82D-BF60D0E7CFA5}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 71 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.710 - Oracle)
Junk Mail filter update (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.0.285.6 - McAfee, Inc.)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM\...\{95140000-007A-0407-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-3893482130-3688408459-2354354221-1000\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Movie Maker (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
PhotoFiltre 7 (HKU\S-1-5-21-3893482130-3688408459-2354354221-1000\...\PhotoFiltre 7) (Version: - )
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PlayMemories Home (HKLM\...\{0657DE52-8F5C-4073-B70C-ED4F3F7FA076}) (Version: 7.0.03.04240 - Sony Corporation)
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek USB 2.0 Card Reader (HKLM\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30124 - Realtek Semiconductor Corp.)
Skype Click to Call (HKLM\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype Web Plugin (HKLM\...\{69F300CB-D6BF-41DD-B7CC-983BAFF4EE15}) (Version: 3.1.15602.22612 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-3893482130-3688408459-2354354221-1000\...\Spotify) (Version: 0.9.14.13.gba5645ad - Spotify AB)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-3893482130-3688408459-2354354221-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Laptop\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3893482130-3688408459-2354354221-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Laptop\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3893482130-3688408459-2354354221-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\Laptop\AppData\Local\Google\Update\1.3.21.135\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3893482130-3688408459-2354354221-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Laptop\AppData\Local\Google\Update\1.3.25.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3893482130-3688408459-2354354221-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Laptop\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3893482130-3688408459-2354354221-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Laptop\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3893482130-3688408459-2354354221-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Laptop\AppData\Local\Google\Update\1.3.23.9\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3893482130-3688408459-2354354221-1000_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Users\Laptop\AppData\Local\Google\Google Talk Plugin\googletalkax.dll (Google)
CustomCLSID: HKU\S-1-5-21-3893482130-3688408459-2354354221-1000_Classes\CLSID\{3f04dadf-6ea4-44d1-a507-03cad176f443}\InprocServer32 -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101727.dll (Amazon.com, Inc.)
CustomCLSID: HKU\S-1-5-21-3893482130-3688408459-2354354221-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Laptop\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3893482130-3688408459-2354354221-1000_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Users\Laptop\AppData\Local\Google\Chrome\Application\39.0.2171.95\delegate_execute.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3893482130-3688408459-2354354221-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\Laptop\AppData\Local\Google\Update\1.3.21.145\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3893482130-3688408459-2354354221-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\Laptop\AppData\Local\Google\Update\1.3.21.123\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3893482130-3688408459-2354354221-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\Laptop\AppData\Local\Google\Update\1.3.21.153\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3893482130-3688408459-2354354221-1000_Classes\CLSID\{7B37E4E2-C62F-4914-9620-8FB5062718CC}\localserver32 -> C:\Users\Laptop\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3893482130-3688408459-2354354221-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Laptop\AppData\Local\Google\Update\1.3.24.15\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3893482130-3688408459-2354354221-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Laptop\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3893482130-3688408459-2354354221-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\Laptop\AppData\Local\Google\Update\1.3.22.3\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3893482130-3688408459-2354354221-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\Laptop\AppData\Local\Google\Update\1.3.21.165\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3893482130-3688408459-2354354221-1000_Classes\CLSID\{AB807329-7324-431B-8B36-DBD581F56E0B}\localserver32 -> C:\Users\Laptop\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3893482130-3688408459-2354354221-1000_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Users\Laptop\AppData\Local\Google\Google Talk Plugin\o1dax.dll (Google)
CustomCLSID: HKU\S-1-5-21-3893482130-3688408459-2354354221-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Laptop\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3893482130-3688408459-2354354221-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Laptop\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3893482130-3688408459-2354354221-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Laptop\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3893482130-3688408459-2354354221-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Laptop\AppData\Local\Google\Update\1.3.25.11\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3893482130-3688408459-2354354221-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Laptop\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3893482130-3688408459-2354354221-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Laptop\AppData\Local\Google\Update\1.3.25.11\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3893482130-3688408459-2354354221-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\Laptop\AppData\Local\Google\Update\1.3.22.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3893482130-3688408459-2354354221-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Laptop\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3893482130-3688408459-2354354221-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Laptop\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\FileSyncApi.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3893482130-3688408459-2354354221-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Laptop\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3893482130-3688408459-2354354221-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Laptop\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3893482130-3688408459-2354354221-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Laptop\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3893482130-3688408459-2354354221-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Laptop\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3893482130-3688408459-2354354221-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Laptop\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3893482130-3688408459-2354354221-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Laptop\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3893482130-3688408459-2354354221-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Laptop\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3893482130-3688408459-2354354221-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Laptop\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3893482130-3688408459-2354354221-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Laptop\AppData\Local\Google\Update\1.3.24.7\psuser.dll No File
==================== Restore Points =========================
30-12-2014 10:54:40 Geplanter Prüfpunkt
04-01-2015 20:47:51 Windows-Sicherung
04-01-2015 21:05:01 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {2376358C-C50A-429A-A9AF-82DC0EA22016} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3893482130-3688408459-2354354221-1000Core => C:\Users\Laptop\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-12] (Google Inc.)
Task: {2EAC066D-4C1A-4CFF-A141-C35D314DDC75} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-11] (Adobe Systems Incorporated)
Task: {392FFC4D-012E-4C08-BD42-29D165C64289} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-02] (Adobe Systems Incorporated)
Task: {4671E1B0-8BBB-4747-8F7E-8968868BFF40} - System32\Tasks\{62D08DA5-E0CA-421C-99D5-A2F142DA0837} => C:\Program Files\3DataManager\3DataManager.exe
Task: {59433050-7D0D-4930-AE64-0711A504E86D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-23] (Google Inc.)
Task: {6B5E1BC7-15B3-4414-95BA-09A7A1E433C7} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {822F067F-EDCB-41A7-8CE6-20CB88C7989D} - System32\Tasks\{A787AE09-332C-4CD9-B443-6B5B36A8E98A} => C:\Program Files\3DataManager\3DataManager.exe
Task: {92491CE8-44AC-49AF-809F-97CC1643AFEC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-23] (Google Inc.)
Task: {9B83EBB0-C1BD-449C-9FBD-7016ED2FC6AD} - System32\Tasks\Google Updater and Installer => C:\Users\Laptop\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-12] (Google Inc.)
Task: {A525192F-CF0D-41B5-B88C-D8B8DAFE8112} - System32\Tasks\{CE627215-22F1-4342-941B-17BD5DB8EBC7} => C:\Program Files\3DataManager\3DataManager.exe
Task: {A9F96322-B33D-409C-A225-317BEF3CE7B9} - System32\Tasks\AdobeAAMUpdater-1.0-Laptop-PC-Laptop => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-10-14] (Adobe Systems Incorporated)
Task: {E0860CA5-5468-43F0-8F2B-A942F5186402} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3893482130-3688408459-2354354221-1000UA => C:\Users\Laptop\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-12] (Google Inc.)
Task: {E497FD07-229A-4547-AF43-792B2402729D} - System32\Tasks\{D453343B-9E71-471F-BDA8-81EAB42C78F1} => C:\Program Files\3DataManager\3DataManager.exe
Task: {EA52BF32-1F52-47D5-81FC-9B37D5D56AA6} - System32\Tasks\{763E57A6-2FE4-496A-A803-23F052CB8F9C} => C:\Program Files\3DataManager\3DataManager.exe
Task: {F61F8C3D-A393-4C0F-83B5-2B3F5914BBEE} - System32\Tasks\{D4693B0A-52D5-4D9D-B34D-DF6DC7E56FE4} => C:\Program Files\3DataManager\3DataManager.exe
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3893482130-3688408459-2354354221-1000Core.job => C:\Users\Laptop\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3893482130-3688408459-2354354221-1000UA.job => C:\Users\Laptop\AppData\Local\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2014-10-11 13:06 - 2014-10-11 13:06 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-10-17 20:17 - 2014-10-17 20:17 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\89753abff3827095ec7f3d3fb79f744a\IsdiInterop.ni.dll
2012-03-20 11:45 - 2010-04-13 09:52 - 00058880 _____ () C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2014-09-26 14:40 - 2014-09-26 14:40 - 01029280 _____ () C:\Program Files\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x86.dll
2012-01-10 21:12 - 2012-01-10 21:12 - 00094208 _____ () C:\Windows\System32\IccLibDll.dll
2014-09-28 21:01 - 2014-09-28 21:01 - 36730032 _____ () C:\Program Files\Adobe\Adobe Creative Cloud\CEF\libcef.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00750080 _____ () C:\Users\Laptop\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-01-07 15:35 - 2015-01-07 15:35 - 00043008 _____ () c:\users\laptop\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfhbsis.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00047616 _____ () C:\Users\Laptop\AppData\Roaming\Dropbox\bin\libEGL.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00863744 _____ () C:\Users\Laptop\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00200704 _____ () C:\Users\Laptop\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2014-09-26 14:40 - 2014-09-26 14:40 - 06237856 _____ () C:\Program Files\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
2014-09-28 21:01 - 2014-09-28 21:01 - 00746160 _____ () C:\Program Files\Adobe\Adobe Creative Cloud\CEF\libglesv2.dll
2014-09-28 21:01 - 2014-09-28 21:01 - 00136368 _____ () C:\Program Files\Adobe\Adobe Creative Cloud\CEF\libegl.dll
2014-12-12 11:46 - 2014-12-06 02:50 - 01077064 _____ () C:\Users\Laptop\AppData\Local\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
2014-12-12 11:46 - 2014-12-06 02:50 - 00211272 _____ () C:\Users\Laptop\AppData\Local\Google\Chrome\Application\39.0.2171.95\libegl.dll
2014-12-12 11:46 - 2014-12-06 02:50 - 09009480 _____ () C:\Users\Laptop\AppData\Local\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-12 11:46 - 2014-12-06 02:50 - 01677128 _____ () C:\Users\Laptop\AppData\Local\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
========================= Accounts: ==========================
Administrator (S-1-5-21-3893482130-3688408459-2354354221-500 - Administrator - Disabled)
Gast (S-1-5-21-3893482130-3688408459-2354354221-501 - Limited - Enabled) => C:\Users\Gast
HomeGroupUser$ (S-1-5-21-3893482130-3688408459-2354354221-1003 - Limited - Enabled)
Laptop (S-1-5-21-3893482130-3688408459-2354354221-1000 - Administrator - Enabled) => C:\Users\Laptop
==================== Faulty Device Manager Devices =============
Name: Lexmark X422
Description: Lexmark X422
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Lexmark
Service: usbscan
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (01/07/2015 08:58:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15421182
Error: (01/07/2015 08:58:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15421182
Error: (01/07/2015 08:58:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (01/07/2015 08:58:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15420168
Error: (01/07/2015 08:58:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15420168
Error: (01/07/2015 08:58:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (01/07/2015 08:58:11 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15418827
Error: (01/07/2015 08:58:11 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15418827
Error: (01/07/2015 08:58:11 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (01/07/2015 08:58:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15417797
System errors:
=============
Error: (01/07/2015 08:58:21 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0
Error: (01/07/2015 03:36:49 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Windows Search" wurde nicht richtig gestartet.
Error: (01/07/2015 03:30:30 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error: (01/07/2015 07:54:21 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst ShellHWDetection erreicht.
Error: (01/06/2015 02:40:20 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "LAPTOP-PC :0" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.1.103
registriert werden. Der Computer mit IP-Adresse 192.168.1.101 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.
Error: (01/06/2015 02:40:20 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "LAPTOP-PC :20" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.1.103
registriert werden. Der Computer mit IP-Adresse 192.168.1.101 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.
Error: (01/06/2015 02:40:19 PM) (Source: Server) (EventID: 2505) (User: )
Description: Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht \Device\NetBT_Tcpip_{3CA0A622-3CA5-466D-A47F-61008B0BBDB0} vom Serverdienst nicht gebunden werden. Der Serverdienst konnte nicht gestartet werden.
Error: (01/06/2015 02:40:17 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "LAPTOP-PC :20" konnte nicht auf der Schnittstelle mit IP-Adresse 169.254.153.100
registriert werden. Der Computer mit IP-Adresse 192.168.1.101 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.
Error: (01/06/2015 02:40:17 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "LAPTOP-PC :0" konnte nicht auf der Schnittstelle mit IP-Adresse 169.254.153.100
registriert werden. Der Computer mit IP-Adresse 192.168.1.101 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.
Error: (01/06/2015 02:40:17 PM) (Source: Server) (EventID: 2505) (User: )
Description: Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht \Device\NetBT_Tcpip_{3CA0A622-3CA5-466D-A47F-61008B0BBDB0} vom Serverdienst nicht gebunden werden. Der Serverdienst konnte nicht gestartet werden.
Microsoft Office Sessions:
=========================
Error: (01/17/2014 03:37:07 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6690.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 4028 seconds with 600 seconds of active time. This session ended with a crash.
Error: (11/08/2013 00:27:57 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 252724 seconds with 540 seconds of active time. This session ended with a crash.
Error: (04/28/2013 10:47:57 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 782581 seconds with 5400 seconds of active time. This session ended with a crash.
Error: (11/19/2012 01:57:51 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 92228 seconds with 6960 seconds of active time. This session ended with a crash.
==================== Memory info ===========================
Processor: Intel(R) Pentium(R) CPU P6200 @ 2.13GHz
Percentage of memory in use: 61%
Total physical RAM: 1782.7 MB
Available physical RAM: 679.39 MB
Total Pagefile: 3565.41 MB
Available Pagefile: 1641 MB
Total Virtual: 2047.88 MB
Available Virtual: 1890.56 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:465.66 GB) (Free:229.67 GB) NTFS
Drive f: () (Removable) (Total:14.63 GB) (Free:12.46 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 1F2E31D4)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 14.6 GB) (Disk ID: 00000000)
Partition: GPT Partition Type.
==================== End Of Log ============================
|
|
08.01.2015, 07:47
| #4 |
| /// the machine /// TB-Ausbilder | Windos 7 + Browser Virenbefall hi, Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
08.01.2015, 23:22
| #5 |
| | Windos 7 + Browser Virenbefall Hallo schrauber, als ich combofix das erste Mal öffnen wollte, wurde die Datei zwar entpackt, aber kein Scan durchgeführt. Erst als ich es nochmal probiert habe, wurde mir angezeigt, dass ich vergessen hatte, die Microsoft Security Essentials zu deaktivieren.  Habs dann nochmal versucht und es lief alles reibungslos. Hier das Logfile:Combofix Logfile: Code:
ATTFilter ComboFix 15-01-08.01 - Laptop 08.01.2015 22:58:28.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.43.1031.18.1783.779 [GMT 1:00]
ausgeführt von:: c:\users\Laptop\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Microsoft Security Essentials *Disabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Microsoft Security Essentials *Disabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Public\sdelevURL.tmp
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-12-08 bis 2015-01-08 ))))))))))))))))))))))))))))))
.
.
2015-01-08 22:11 . 2015-01-08 22:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-01-08 22:11 . 2015-01-08 22:11 -------- d-----w- c:\users\Gast\AppData\Local\temp
2015-01-08 21:48 . 2014-12-02 11:01 9054624 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EA878BDA-FC14-493B-9AF8-E17DC0E1579B}\mpengine.dll
2015-01-07 20:08 . 2015-01-07 20:11 -------- d-----w- C:\FRST
2015-01-07 14:56 . 2014-09-16 16:36 908840 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{03DD4E30-53F4-45C1-A4A4-8334BEFC3F8B}\gapaengine.dll
2015-01-07 14:49 . 2014-12-02 11:01 9054624 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-01-05 11:10 . 2015-01-05 11:10 -------- d-----w- c:\program files\Free Codec Pack
2015-01-05 11:09 . 2015-01-05 11:47 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2015-01-05 11:09 . 2015-01-05 11:20 -------- d-----w- c:\program files\DVDVideoSoft
2015-01-04 20:08 . 2014-09-16 16:36 908840 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EFC18458-FBCD-40B5-A22F-F0CCED44A45C}\gapaengine.dll
2014-12-20 11:30 . 2012-10-03 15:14 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2014-12-20 11:29 . 2014-12-20 11:29 -------- d-----w- c:\program files\iPod
2014-12-20 11:29 . 2014-12-20 11:30 -------- d-----w- c:\programdata\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
2014-12-20 11:29 . 2014-12-20 11:30 -------- d-----w- c:\program files\iTunes
2014-12-18 08:26 . 2014-12-13 03:33 115712 ----a-w- c:\windows\system32\ieUnatt.exe
2014-12-12 00:05 . 2014-12-12 00:05 -------- d-----w- c:\users\Laptop\.android
2014-12-11 23:54 . 2014-12-11 23:54 -------- d-----w- c:\program files\Common Files\Adobe AIR
2014-12-11 23:11 . 2014-12-11 23:11 -------- d-----r- c:\users\Laptop\Creative Cloud Files
2014-12-11 23:06 . 2014-12-11 23:06 -------- d-----w- c:\programdata\Package Cache
2014-12-11 22:44 . 2014-12-11 22:44 -------- d-----w- c:\windows\system32\appraiser
2014-12-11 22:41 . 2014-10-18 01:33 3209728 ----a-w- c:\windows\system32\mf.dll
2014-12-11 22:41 . 2014-07-07 01:40 103424 ----a-w- c:\windows\system32\mfps.dll
2014-12-11 22:41 . 2014-07-07 01:39 23040 ----a-w- c:\windows\system32\mfpmp.exe
2014-12-11 22:41 . 2014-07-07 01:37 2048 ----a-w- c:\windows\system32\mferror.dll
2014-12-11 22:41 . 2014-07-07 01:39 50176 ----a-w- c:\windows\system32\rrinstaller.exe
2014-12-10 17:16 . 2014-12-01 23:28 1160872 ----a-w- c:\windows\system32\aitstatic.exe
2014-12-10 17:16 . 2014-12-04 04:38 610304 ----a-w- c:\windows\system32\invagent.dll
2014-12-10 17:16 . 2014-12-04 04:38 159744 ----a-w- c:\windows\system32\aepic.dll
2014-12-10 17:16 . 2014-12-04 04:34 873984 ----a-w- c:\windows\system32\aeinv.dll
2014-12-10 17:16 . 2014-12-04 04:38 337920 ----a-w- c:\windows\system32\generaltel.dll
2014-12-10 17:16 . 2014-12-04 04:38 315392 ----a-w- c:\windows\system32\devinv.dll
2014-12-10 17:16 . 2014-12-04 04:38 202752 ----a-w- c:\windows\system32\aepdu.dll
2014-12-10 17:14 . 2014-11-22 02:12 37888 ----a-w- c:\program files\Internet Explorer\DiagnosticsHub_is.dll
2014-12-10 17:14 . 2014-11-22 02:06 47616 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-12-10 17:14 . 2014-11-22 01:58 124416 ----a-w- c:\program files\Internet Explorer\Timeline_is.dll
2014-12-10 17:14 . 2014-11-22 01:55 102912 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-12-10 17:14 . 2014-11-22 01:43 174080 ----a-w- c:\program files\Internet Explorer\DiagnosticsTap.dll
2014-12-10 17:14 . 2014-11-22 01:42 230400 ----a-w- c:\program files\Internet Explorer\DiagnosticsHub.ScriptedSandboxPlugin.dll
2014-12-10 17:14 . 2014-11-22 01:40 60416 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-12-10 17:14 . 2014-11-22 01:38 153600 ----a-w- c:\program files\Internet Explorer\Timeline.dll
2014-12-10 17:02 . 2014-11-11 01:32 74752 ----a-w- c:\windows\system32\drivers\tdx.sys
2014-12-10 16:57 . 2014-11-11 02:44 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-12-10 16:38 . 2014-11-08 02:45 2048 ----a-w- c:\windows\system32\tzres.dll
2014-12-10 16:26 . 2014-10-30 01:45 155136 ----a-w- c:\windows\system32\charmap.exe
2014-12-10 16:25 . 2014-10-03 01:45 1177088 ----a-w- c:\windows\system32\WsmSvc.dll
2014-12-10 16:25 . 2014-10-03 01:45 248832 ----a-w- c:\windows\system32\WSManMigrationPlugin.dll
2014-12-10 16:25 . 2014-10-03 01:45 214016 ----a-w- c:\windows\system32\WsmWmiPl.dll
2014-12-10 16:25 . 2014-10-03 01:45 145920 ----a-w- c:\windows\system32\WsmAuto.dll
2014-12-10 16:25 . 2014-10-03 01:44 198656 ----a-w- c:\windows\system32\WSManHTTPConfig.exe
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-12-31 11:13 . 2012-03-20 11:20 249488 ------w- c:\windows\system32\MpSigStub.exe
2014-12-11 22:00 . 2012-05-05 10:17 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-12-11 22:00 . 2012-03-24 17:22 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-11-24 22:52 . 2014-11-24 22:57 37384 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2014-11-18 13:56 . 2014-11-18 13:56 1202848 ----a-w- c:\windows\system32\FM20.DLL
2014-11-11 02:44 . 2014-11-19 13:40 186880 ----a-w- c:\windows\system32\pku2u.dll
2014-11-11 02:44 . 2014-11-19 13:40 550912 ----a-w- c:\windows\system32\kerberos.dll
2014-10-25 01:32 . 2014-11-13 07:32 67584 ----a-w- c:\windows\system32\packager.dll
2014-10-23 13:02 . 2014-11-24 22:49 37352 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2014-10-23 13:01 . 2014-11-24 22:49 136216 ----a-w- c:\windows\system32\drivers\avipbb.sys
2014-10-23 13:01 . 2014-11-24 22:49 98160 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2014-10-18 01:33 . 2014-11-13 07:36 571904 ----a-w- c:\windows\system32\oleaut32.dll
2014-10-14 01:56 . 2014-11-13 07:31 136632 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2014-10-14 01:50 . 2014-11-13 07:31 523776 ----a-w- c:\windows\system32\termsrv.dll
2014-10-14 01:50 . 2014-11-13 07:36 2363904 ----a-w- c:\windows\system32\msi.dll
2014-10-14 01:50 . 2014-11-13 07:31 1059840 ----a-w- c:\windows\system32\lsasrv.dll
2014-10-14 01:47 . 2014-11-13 07:31 146432 ----a-w- c:\windows\system32\msaudite.dll
2014-10-14 01:46 . 2014-11-13 07:32 681984 ----a-w- c:\windows\system32\adtschema.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco1]
@="{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}"
[HKEY_CLASSES_ROOT\CLSID\{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}]
2014-09-26 13:40 1029280 ----a-w- c:\program files\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x86.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco2]
@="{853B7E05-C47D-4985-909A-D0DC5C6D7303}"
[HKEY_CLASSES_ROOT\CLSID\{853B7E05-C47D-4985-909A-D0DC5C6D7303}]
2014-09-26 13:40 1029280 ----a-w- c:\program files\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x86.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco3]
@="{42D38F2E-98E9-4382-B546-E24E4D6D04BB}"
[HKEY_CLASSES_ROOT\CLSID\{42D38F2E-98E9-4382-B546-E24E4D6D04BB}]
2014-09-26 13:40 1029280 ----a-w- c:\program files\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x86.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-08-21 12:11 220632 ----a-w- c:\users\Laptop\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-08-21 12:11 220632 ----a-w- c:\users\Laptop\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-08-21 12:11 220632 ----a-w- c:\users\Laptop\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08 131480 ----a-w- c:\users\Laptop\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08 131480 ----a-w- c:\users\Laptop\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08 131480 ----a-w- c:\users\Laptop\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"Spotify Web Helper"="c:\users\Laptop\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2014-11-04 1514040]
"GoogleChromeAutoLaunch_91B4BC4B9D616919C5D60BDCE2C341BB"="c:\users\Laptop\AppData\Local\Google\Chrome\Application\chrome.exe" [2014-12-06 856904]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-04-13 284696]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-10 142616]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-01-10 177432]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-01-10 177944]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-10-11 60712]
"PMBVolumeWatcher"="c:\program files\Sony\PlayMemories Home\PMBVolumeWatcher.exe" [2013-04-24 740888]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-08-22 974432]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2014-01-17 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2014-09-26 271744]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2014-12-09 702768]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2014-10-14 557768]
"Adobe Creative Cloud"="c:\program files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" [2014-10-15 2694320]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2014-10-15 157480]
.
c:\users\Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Laptop\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-12-9 39207112]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Google Update"="c:\users\Laptop\AppData\Local\Google\Update\GoogleUpdate.exe" /c
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
.
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-11-22 102912]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2014-05-23 40776]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.285\McCHSvc.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2014-07-17 95920]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [2014-08-22 288120]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2013-11-15 1343400]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2014-10-23 37352]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2014-12-09 431920]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-07-14 1390176]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-07-14 1767520]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-04-13 13336]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [2013-04-24 483864]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-18 2320920]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 132480]
S3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2011-01-17 350248]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-09-22 190464]
.
.
Inhalt des "geplante Tasks" Ordners
.
2015-01-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 22:00]
.
2014-11-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-03-24 20:39]
.
2015-01-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-03-24 20:39]
.
2015-01-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3893482130-3688408459-2354354221-1000Core.job
- c:\users\Laptop\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-06 11:36]
.
2015-01-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3893482130-3688408459-2354354221-1000UA.job
- c:\users\Laptop\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-06 11:36]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Audible Download Manager.lnk - c:\program files\Audible\Bin\AudibleDownloadHelper.exe /Startup
AddRemove-McAfee Security Scan - c:\program files\McAfee Security Scan\uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_246_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_246_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2015-01-08 23:14:50
ComboFix-quarantined-files.txt 2015-01-08 22:14
.
Vor Suchlauf: 9 Verzeichnis(se), 264.151.822.336 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 267.017.510.912 Bytes frei
.
- - End Of File - - 160DDF7A239D3F6A0128732D144F3C5A
A36C5E4F47E84449FF07ED3517B43A31 |
|
09.01.2015, 09:15
| #6 |
| /// the machine /// TB-Ausbilder | Windos 7 + Browser Virenbefall Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ --> Windos 7 + Browser Virenbefall |
|
11.01.2015, 00:24
| #7 |
| | Windos 7 + Browser Virenbefall Hallo schrauber, sorry hat ein bisschen gedauert, also hier die files: AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v4.107 - Bericht erstellt am 10/01/2015 um 23:53:17
# Aktualisiert 07/01/2015 von Xplode
# Database : 2015-01-03.1 [Live]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzername : Laptop - LAPTOP-PC
# Gestartet von : C:\Users\Laptop\Desktop\AdwCleaner_4.107.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
***** [ Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17496
-\\ Mozilla Firefox v
-\\ Google Chrome v
*************************
AdwCleaner[R0].txt - [6152 octets] - [24/11/2014 23:09:30]
AdwCleaner[R1].txt - [6212 octets] - [24/11/2014 23:13:47]
AdwCleaner[R2].txt - [945 octets] - [24/11/2014 23:25:15]
AdwCleaner[R3].txt - [1855 octets] - [07/01/2015 15:25:30]
AdwCleaner[R4].txt - [1212 octets] - [10/01/2015 23:47:57]
AdwCleaner[S0].txt - [5832 octets] - [24/11/2014 23:15:47]
AdwCleaner[S1].txt - [1005 octets] - [24/11/2014 23:27:06]
AdwCleaner[S2].txt - [1916 octets] - [07/01/2015 15:29:05]
AdwCleaner[S3].txt - [1134 octets] - [10/01/2015 23:53:17]
########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [1194 octets] ##########
FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-01-2015
Ran by Laptop (administrator) on LAPTOP-PC on 11-01-2015 00:19:18
Running from C:\Users\Laptop\Desktop
Loaded Profile: Laptop (Available profiles: Laptop & Gast)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Sony Corporation) C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Sony Corporation) C:\Program Files\Sony\PlayMemories Home\PMBVolumeWatcher.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Spotify Ltd) C:\Users\Laptop\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Dropbox, Inc.) C:\Users\Laptop\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Program Files\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Users\Laptop\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Laptop\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Laptop\AppData\Local\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM\...\Run: [PMBVolumeWatcher] => C:\Program Files\Sony\PlayMemories Home\PMBVolumeWatcher.exe [740888 2013-04-24] (Sony Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [974432 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-09] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2014-10-14] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe Creative Cloud] => C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694320 2014-10-15] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKU\S-1-5-21-3893482130-3688408459-2354354221-1000\...\Run: [Spotify Web Helper] => C:\Users\Laptop\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1514040 2014-11-04] (Spotify Ltd)
HKU\S-1-5-21-3893482130-3688408459-2354354221-1000\...\Run: [GoogleChromeAutoLaunch_91B4BC4B9D616919C5D60BDCE2C341BB] => C:\Users\Laptop\AppData\Local\Google\Chrome\Application\chrome.exe [856904 2014-12-06] (Google Inc.)
Startup: C:\Users\Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Laptop\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x86.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x86.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x86.dll ()
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-3893482130-3688408459-2354354221-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3893482130-3688408459-2354354221-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3893482130-3688408459-2354354221-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3893482130-3688408459-2354354221-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
SearchScopes: HKU\S-1-5-21-3893482130-3688408459-2354354221-1000 -> {A3B423A0-3B18-4C15-82E3-568397601825} URL = hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q={searchTerms}&src=IE-SearchBox
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
FireFox:
========
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @Skype Technologies S.A..com/Skype Web Plugin -> C:\Program Files\SkypeWebPlugin\3.1.15602.22612\npSkypeWebPlugin.dll (Skype)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKU\S-1-5-21-3893482130-3688408459-2354354221-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Laptop\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-3893482130-3688408459-2354354221-1000: @talk.google.com/O1DPlugin -> C:\Users\Laptop\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-3893482130-3688408459-2354354221-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Laptop\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-3893482130-3688408459-2354354221-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Laptop\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-3893482130-3688408459-2354354221-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101727.dll (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Laptop\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Laptop\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.search.ask.com/?tpid=ORJ-V7-SAT&o=APN11467&pf=V7&trgb=CR&p2=%5EBED%5EOSJ000%5EYY%5EAT&gct=hp&apn_ptnrs=BED&apn_dtid=%5EOSJ000%5EYY%5EAT&apn_dbr=cr_34.0.1847.137&apn_uid=1F5EC43F-A747-4017-A7E0-6CC6726F6BBD&itbv=12.10.6.53&doi=2014-05-19&psv="
CHR Profile: C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-18]
CHR Extension: (Google Wallet) - C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-27]
CHR Profile: C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Docs) - C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2013-02-25]
CHR Extension: (Google Drive) - C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-02-25]
CHR Extension: (DVDVideoSoftTB DE) - C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bhphemoobgnikcoofkgackkaimpfmenm [2013-02-25]
CHR Extension: (YouTube) - C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-02-25]
CHR Extension: (Google-Suche) - C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-02-25]
CHR Extension: (avast! WebRep) - C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda [2013-02-25]
CHR Extension: (DvdVideoSoft Free Youtube Download) - C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp [2013-02-25]
CHR Extension: (Google Mail) - C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-02-25]
CHR Profile: C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Profile 2
CHR Extension: (DVDVideoSoftTB DE) - C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\bhphemoobgnikcoofkgackkaimpfmenm [2013-02-25]
CHR Extension: (avast! WebRep) - C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda [2013-02-25]
CHR Extension: (DvdVideoSoft Free Youtube Download) - C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp [2013-02-25]
CHR Extension: (Google Wallet) - C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-29]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [431920 2014-12-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-09] (Avira Operations GmbH & Co. KG)
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S2 MBAMScheduler; C:\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; C:\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation)
R2 PMBDeviceInfoProvider; C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [483864 2013-04-24] (Sony Corporation)
S3 McComponentHostService; "C:\Program Files\McAfee Security Scan\3.0.285\McCHSvc.exe" [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98160 2014-10-23] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-10-23] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2014-10-23] (Avira Operations GmbH & Co. KG)
S3 hwdatacard; C:\Windows\System32\DRIVERS\ewusbmdm.sys [101504 2012-03-22] (Huawei Technologies Co., Ltd.) [File not signed]
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2014-10-23] (Avira GmbH)
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Laptop\AppData\Local\Temp\catchme.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-11 00:17 - 2015-01-11 00:17 - 00008415 _____ () C:\Users\Laptop\Desktop\JRT.txt
2015-01-11 00:15 - 2015-01-11 00:15 - 00000000 ____D () C:\Windows\ERUNT
2015-01-11 00:13 - 2015-01-11 00:13 - 01707939 _____ (Thisisu) C:\Users\Laptop\Desktop\JRT.exe
2015-01-10 23:46 - 2015-01-10 23:46 - 02191360 _____ () C:\Users\Laptop\Desktop\AdwCleaner_4.107.exe
2015-01-10 23:43 - 2015-01-10 23:43 - 00001313 _____ () C:\Users\Laptop\Desktop\mbam.txt
2015-01-10 23:11 - 2015-01-10 23:11 - 00000701 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-01-10 23:11 - 2015-01-10 23:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-01-10 23:11 - 2015-01-10 23:11 - 00000000 ____D () C:\ Malwarebytes Anti-Malware
2015-01-10 23:11 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-10 23:11 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-10 23:11 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-10 23:06 - 2015-01-10 23:07 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Laptop\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-08 23:14 - 2015-01-08 23:14 - 00020017 _____ () C:\ComboFix.txt
2015-01-08 22:56 - 2015-01-08 23:14 - 00000000 ____D () C:\ComboFix
2015-01-08 22:56 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-01-08 22:56 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-01-08 22:56 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-01-08 22:56 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-01-08 22:56 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-01-08 22:56 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-01-08 22:56 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-01-08 22:56 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-01-08 22:49 - 2015-01-08 23:14 - 00000000 ____D () C:\Qoobox
2015-01-08 22:47 - 2015-01-08 23:13 - 00000000 ____D () C:\Windows\erdnt
2015-01-08 22:42 - 2015-01-08 22:44 - 05609736 ____R (Swearware) C:\Users\Laptop\Desktop\ComboFix.exe
2015-01-07 21:10 - 2015-01-07 21:11 - 00031738 _____ () C:\Users\Laptop\Desktop\Addition.txt
2015-01-07 21:08 - 2015-01-11 00:19 - 00017954 _____ () C:\Users\Laptop\Desktop\FRST.txt
2015-01-07 21:08 - 2015-01-11 00:19 - 00000000 ____D () C:\FRST
2015-01-07 21:06 - 2015-01-07 21:06 - 01115648 _____ (Farbar) C:\Users\Laptop\Desktop\FRST.exe
2015-01-07 15:22 - 2015-01-07 15:24 - 02173952 _____ () C:\Users\Laptop\Downloads\adwcleaner_4.106 (1).exe
2015-01-05 12:19 - 2015-01-05 12:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2015-01-05 12:10 - 2015-01-05 12:10 - 00000000 ____D () C:\Program Files\Free Codec Pack
2015-01-05 12:09 - 2015-01-05 12:47 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft
2015-01-05 12:09 - 2015-01-05 12:20 - 00000000 ____D () C:\Program Files\DVDVideoSoft
2015-01-05 11:38 - 2015-01-05 11:58 - 03534368 _____ (DVDVideoSoft Ltd. ) C:\Users\Laptop\Downloads\FreeStudio641.exe
2015-01-04 23:59 - 2015-01-04 23:59 - 00001068 _____ () C:\Users\Public\Desktop\Picasa 3.lnk
2015-01-04 23:58 - 2015-01-04 23:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
2015-01-04 23:50 - 2015-01-04 23:53 - 17385800 _____ (Google Inc.) C:\Users\Laptop\Downloads\picasa39-setup.exe
2015-01-04 21:05 - 2015-01-05 01:06 - 00000000 ____D () C:\Users\Laptop\Desktop\101MSDCF
2014-12-30 00:42 - 2014-12-30 00:42 - 00000000 ____D () C:\Users\Laptop\Documents\Fax
2014-12-20 12:30 - 2014-12-20 12:30 - 00001753 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-12-20 12:30 - 2014-12-20 12:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-12-20 12:30 - 2012-10-03 16:14 - 00026840 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2014-12-20 12:29 - 2014-12-20 12:30 - 00000000 ____D () C:\ProgramData\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
2014-12-20 12:29 - 2014-12-20 12:30 - 00000000 ____D () C:\Program Files\iTunes
2014-12-20 12:29 - 2014-12-20 12:29 - 00000000 ____D () C:\Program Files\iPod
2014-12-20 11:58 - 2014-12-20 12:05 - 109829936 _____ (Apple Inc.) C:\Users\Laptop\Downloads\iTunesSetup.exe
2014-12-18 09:26 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-13 12:35 - 2014-12-13 12:38 - 05784826 _____ () C:\Users\Laptop\Downloads\Los Reyes Magos (1).zip
2014-12-12 01:05 - 2014-12-12 01:05 - 00000000 ____D () C:\Users\Laptop\.android
2014-12-12 00:54 - 2014-12-12 00:54 - 00001067 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Content Viewer.lnk
2014-12-12 00:54 - 2014-12-12 00:54 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2014-12-12 00:54 - 2014-12-12 00:54 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2014-12-12 00:54 - 2014-12-12 00:54 - 00000000 ____D () C:\Program Files\Common Files\Adobe AIR
2014-12-12 00:46 - 2014-12-12 00:46 - 00001248 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe InDesign CC 2014 (32-bit).lnk
2014-12-12 00:11 - 2014-12-12 00:11 - 00000000 ___RD () C:\Users\Laptop\Creative Cloud Files
2014-12-12 00:08 - 2014-12-12 00:08 - 00001283 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2014-12-12 00:08 - 2014-12-12 00:08 - 00001271 _____ () C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2014-12-12 00:06 - 2014-12-12 00:06 - 00000000 ____D () C:\ProgramData\Package Cache
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-11 00:05 - 2009-07-14 05:34 - 00028464 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-11 00:05 - 2009-07-14 05:34 - 00028464 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-11 00:00 - 2014-05-23 14:21 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2015-01-10 23:59 - 2013-12-04 17:18 - 00000374 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2015-01-10 23:57 - 2013-07-04 21:39 - 00000000 ___RD () C:\Users\Laptop\Dropbox
2015-01-10 23:57 - 2013-07-04 21:35 - 00000000 ____D () C:\Users\Laptop\AppData\Roaming\Dropbox
2015-01-10 23:56 - 2012-03-20 12:02 - 00000000 ____D () C:\Users\Laptop\AppData\Local\Adobe
2015-01-10 23:55 - 2012-08-06 18:33 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3893482130-3688408459-2354354221-1000UA.job
2015-01-10 23:54 - 2013-12-03 11:06 - 00562626 _____ () C:\Windows\PFRO.log
2015-01-10 23:54 - 2013-11-03 01:00 - 00006742 _____ () C:\Windows\setupact.log
2015-01-10 23:54 - 2012-03-24 18:22 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-10 23:54 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-10 23:53 - 2014-11-24 23:08 - 00000000 ____D () C:\AdwCleaner
2015-01-10 23:53 - 2012-03-20 18:30 - 01489018 _____ () C:\Windows\WindowsUpdate.log
2015-01-10 23:43 - 2012-09-22 10:54 - 00000000 ____D () C:\Users\Laptop\AppData\Local\CRE
2015-01-10 23:35 - 2012-05-05 11:17 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-10 23:11 - 2013-12-08 10:47 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-10 22:57 - 2012-08-06 18:33 - 00001072 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3893482130-3688408459-2354354221-1000Core.job
2015-01-08 23:14 - 2009-07-14 03:37 - 00000000 __RHD () C:\Users\Default
2015-01-08 23:14 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Public
2015-01-08 23:11 - 2009-07-14 03:04 - 00000215 _____ () C:\Windows\system.ini
2015-01-07 15:34 - 2014-05-27 11:31 - 00000000 ____D () C:\Users\Laptop\Tracing
2015-01-07 14:59 - 2012-10-15 19:08 - 00000000 ____D () C:\Users\Laptop\AppData\Roaming\Spotify
2015-01-05 12:19 - 2012-04-06 13:35 - 00000000 ____D () C:\Users\Laptop\AppData\Roaming\DVDVideoSoft
2015-01-04 23:59 - 2012-03-24 18:22 - 00000000 ____D () C:\Users\Laptop\AppData\Local\Google
2015-01-04 23:57 - 2012-03-24 18:22 - 00000000 ____D () C:\Program Files\Google
2015-01-04 20:47 - 2013-07-04 21:39 - 00001021 _____ () C:\Users\Laptop\Desktop\Dropbox.lnk
2015-01-04 20:47 - 2013-07-04 21:36 - 00000000 ____D () C:\Users\Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-12-31 12:13 - 2012-03-20 12:20 - 00249488 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-12-30 13:55 - 2014-10-30 09:25 - 00000000 ____D () C:\Users\Laptop\Desktop\Nov. und Dez. 2014 ungeordnet + Weihnachten!!
2014-12-20 12:29 - 2012-04-29 10:32 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-12-20 12:22 - 2012-04-29 10:32 - 00000000 ____D () C:\ProgramData\Apple
2014-12-15 23:01 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-12-13 19:38 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache
2014-12-13 02:05 - 2012-03-20 11:51 - 00000000 ____D () C:\Users\Laptop\AppData\Local\Microsoft Help
2014-12-12 23:59 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-12-12 11:48 - 2012-08-06 18:36 - 00002366 _____ () C:\Users\Laptop\Desktop\Google Chrome.lnk
2014-12-12 01:05 - 2012-03-20 11:33 - 00000000 ____D () C:\Users\Laptop
2014-12-12 01:04 - 2012-03-20 12:06 - 00000000 ____D () C:\Users\Laptop\AppData\Roaming\Adobe
2014-12-12 01:01 - 2014-04-13 15:11 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2014-12-12 00:54 - 2012-03-20 16:05 - 00000000 ____D () C:\Program Files\Adobe
2014-12-12 00:46 - 2012-03-20 12:03 - 00000000 ____D () C:\ProgramData\Adobe
2014-12-12 00:39 - 2012-03-20 12:03 - 00000000 ____D () C:\Program Files\Common Files\Adobe
Some content of TEMP:
====================
C:\Users\Laptop\AppData\Local\Temp\avgnt.exe
C:\Users\Laptop\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpqsbvqx.dll
C:\Users\Laptop\AppData\Local\Temp\Quarantine.exe
C:\Users\Laptop\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-01-05 18:56
==================== End Of Log ============================
--- --- --- --- --- --- Danke und lieben Gruß! Geändert von Pfirsich (11.01.2015 um 00:34 Uhr) |
|
11.01.2015, 00:32
| #8 |
| | Windos 7 + Browser Virenbefall sorry, der letzte eintrag war ein versehen. |
|
11.01.2015, 08:30
| #9 |
| /// the machine /// TB-Ausbilder | Windos 7 + Browser Virenbefall Hi, Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen. Ich kann auf Arbeit keine Anhänge öffnen, danke.  So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
18.01.2015, 18:21
| #10 |
| | Windos 7 + Browser Virenbefall Hi Schrauber, tut mir leid - in Zukunft werde ich das mit den Anhängen berücksichtigen!! Hier das Logfile von ESET. Was ich nicht ganz verstehe: Die infizierten Dateien sind doch jetzt trotzdem noch da, weil ich die Funktion "Infizierte Dateien entfernen" laut Anleitung deaktivieren sollte. Oder? Liebe Grüße und danke für deine Mühe! PS: Kann ich ComboFix, JRT, Malwarebytes usw. wieder deainstallieren? Hab immer noch Probleme mit den Browsern, öffnen und neue Tabs herstellen usw. dauert einfach sehr lange ... Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=1519c124f596174583badcbb5b3e502b
# engine=22022
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-01-18 02:40:24
# local_time=2015-01-18 03:40:24 (+0100, Mitteleuropäische Zeit)
# country="Austria"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 99 10564 7522709 0 0
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 11230281 44572418 0 0
# scanned=136035
# found=10
# cleaned=0
# scan_time=5651
sh=8992F72873D09212597E582A16F8D9BC60E6A22A ft=1 fh=e21391a34e842ffc vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Common Files\DVDVideoSoft\TB\ConduitInstaller.exe.vir"
sh=97BCCD25561F44E9B13F05F6EEF083C9CE9BA529 ft=1 fh=641f1fb3d2e699c4 vn="Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Conduit\Community Alerts\Alert.dll.vir"
sh=2B9A1340BEC2FE2694C333ACD77F0E12EF9550D1 ft=1 fh=fcbeb3ad261a92d1 vn="Variante von Win32/Conduit.SearchProtect.P evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhphemoobgnikcoofkgackkaimpfmenm\10.31.4.510_0\APISupport\APISupport.dll.vir"
sh=675526C1B3CB27C6635233B62EDB8ECEEBFE1556 ft=1 fh=8382eeac10eb278f vn="Variante von Win32/Toolbar.Conduit.AH evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhphemoobgnikcoofkgackkaimpfmenm\10.31.4.510_0\nativeMessaging\TBMessagingHost.exe.vir"
sh=C0114483C9E2C1271B0D594AB6A6BF1E4F383D63 ft=1 fh=e2607344a0894545 vn="Variante von Win32/Conduit.SearchProtect.N evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhphemoobgnikcoofkgackkaimpfmenm\10.31.4.510_0\plugins\ChromeApiPlugin.dll.vir"
sh=848C686280EAA04B172FCCFFBD312132A0C46172 ft=1 fh=7764b0effb0b9556 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Laptop\AppData\Local\Temp\OCS\ocs_v7f.exe.vir"
sh=5AB1585DBF835EFF18531295DF0632E20C349C5E ft=1 fh=11d92d7d893ac4b2 vn="Variante von Win32/Toolbar.Conduit.AL evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bhphemoobgnikcoofkgackkaimpfmenm\10.13.1.89_0\plugins\ConduitChromeApiPlugin.dll"
sh=7FE8D5A128ADB5FD2A64F0007BDE50CAC7A47D2A ft=1 fh=87c2ef1442b79444 vn="Variante von Win32/Toolbar.Conduit.AH evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\bhphemoobgnikcoofkgackkaimpfmenm\10.22.5.510_0\nativeMessaging\TBMessagingHost.exe"
sh=C78286C00360EAADA991A3898674CF2B795AC982 ft=1 fh=60907a1d271b3b67 vn="Variante von Win32/Toolbar.Conduit.AL evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\bhphemoobgnikcoofkgackkaimpfmenm\10.22.5.510_0\plugins\ConduitChromeApiPlugin.dll"
sh=F205AF462E34D6980666FA8D8CCA69AE4650BDA2 ft=1 fh=b87f4d75e98f69a0 vn="Variante von Win32/Toolbar.Conduit.AA evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\bhphemoobgnikcoofkgackkaimpfmenm\10.22.5.510_0\TBHostSupport\TBHostSupport.dll"
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=1519c124f596174583badcbb5b3e502b
# engine=22025
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-01-18 05:11:39
# local_time=2015-01-18 06:11:39 (+0100, Mitteleuropäische Zeit)
# country="Austria"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 99 16039 7531784 0 0
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 11239356 44581493 0 0
# scanned=243891
# found=14
# cleaned=0
# scan_time=8796
sh=8992F72873D09212597E582A16F8D9BC60E6A22A ft=1 fh=e21391a34e842ffc vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Common Files\DVDVideoSoft\TB\ConduitInstaller.exe.vir"
sh=97BCCD25561F44E9B13F05F6EEF083C9CE9BA529 ft=1 fh=641f1fb3d2e699c4 vn="Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Conduit\Community Alerts\Alert.dll.vir"
sh=2B9A1340BEC2FE2694C333ACD77F0E12EF9550D1 ft=1 fh=fcbeb3ad261a92d1 vn="Variante von Win32/Conduit.SearchProtect.P evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhphemoobgnikcoofkgackkaimpfmenm\10.31.4.510_0\APISupport\APISupport.dll.vir"
sh=675526C1B3CB27C6635233B62EDB8ECEEBFE1556 ft=1 fh=8382eeac10eb278f vn="Variante von Win32/Toolbar.Conduit.AH evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhphemoobgnikcoofkgackkaimpfmenm\10.31.4.510_0\nativeMessaging\TBMessagingHost.exe.vir"
sh=C0114483C9E2C1271B0D594AB6A6BF1E4F383D63 ft=1 fh=e2607344a0894545 vn="Variante von Win32/Conduit.SearchProtect.N evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhphemoobgnikcoofkgackkaimpfmenm\10.31.4.510_0\plugins\ChromeApiPlugin.dll.vir"
sh=848C686280EAA04B172FCCFFBD312132A0C46172 ft=1 fh=7764b0effb0b9556 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Laptop\AppData\Local\Temp\OCS\ocs_v7f.exe.vir"
sh=5AB1585DBF835EFF18531295DF0632E20C349C5E ft=1 fh=11d92d7d893ac4b2 vn="Variante von Win32/Toolbar.Conduit.AL evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bhphemoobgnikcoofkgackkaimpfmenm\10.13.1.89_0\plugins\ConduitChromeApiPlugin.dll"
sh=7FE8D5A128ADB5FD2A64F0007BDE50CAC7A47D2A ft=1 fh=87c2ef1442b79444 vn="Variante von Win32/Toolbar.Conduit.AH evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\bhphemoobgnikcoofkgackkaimpfmenm\10.22.5.510_0\nativeMessaging\TBMessagingHost.exe"
sh=C78286C00360EAADA991A3898674CF2B795AC982 ft=1 fh=60907a1d271b3b67 vn="Variante von Win32/Toolbar.Conduit.AL evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\bhphemoobgnikcoofkgackkaimpfmenm\10.22.5.510_0\plugins\ConduitChromeApiPlugin.dll"
sh=F205AF462E34D6980666FA8D8CCA69AE4650BDA2 ft=1 fh=b87f4d75e98f69a0 vn="Variante von Win32/Toolbar.Conduit.AA evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\bhphemoobgnikcoofkgackkaimpfmenm\10.22.5.510_0\TBHostSupport\TBHostSupport.dll"
sh=ED9C2F514D797FE40B897C23456631453C263CCE ft=1 fh=7dcb11e95afa4b32 vn="Variante von Win32/InstallCore.QW evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Laptop\Downloads\bdcamsetup_CB-DL-Manager.exe"
sh=846D95D63EDE9508EFC7CEEE1D145D7CE62988C3 ft=1 fh=ec23a4ae3310ce50 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Laptop\Downloads\FreeYouTubeToMP3Converter.exe"
sh=250AD920C538EBAC63102E368FB642EE33AD0593 ft=1 fh=8e020e8f8829bf65 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Laptop\Downloads\FreeYouTubeToMP3Converter_3.11.17 (1).exe"
sh=DE0F453AD7E45914C2F6E2A6BC782AFB6DB94B9D ft=1 fh=1f461786edf5f19c vn="NSIS/StartPage.CC Trojaner" ac=I fn="C:\Users\Laptop\Downloads\vlc-2.1.3-win32.exe"
Code:
ATTFilter Results of screen317's Security Check version 0.99.93 Windows 7 Service Pack 1 x86 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Avira Desktop Microsoft Security Essentials Antivirus up to date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` Java 7 Update 71 Adobe Reader 9 Adobe Reader out of Date! Google Chrome (39.0.2171.71) Google Chrome (39.0.2171.95) ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbam.exe Avira Antivir avgnt.exe Avira Antivir avguard.exe mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` Results of screen317's Security Check version 0.99.93 Windows 7 Service Pack 1 x86 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Avira Desktop Microsoft Security Essentials Antivirus up to date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` Java 7 Update 71 Adobe Reader 9 Adobe Reader out of Date! Google Chrome (39.0.2171.71) Google Chrome (39.0.2171.95) ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbam.exe Avira Antivir avgnt.exe Avira Antivir avguard.exe mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 18-01-2015 01 Ran by Laptop (administrator) on LAPTOP-PC on 18-01-2015 18:32:11 Running from C:\Users\Laptop\Desktop Loaded Profiles: Laptop & (Available profiles: Laptop & Gast) Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Malwarebytes Corporation) C:\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\ Malwarebytes Anti-Malware \mbamservice.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe (Sony Corporation) C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Malwarebytes Corporation) C:\ Malwarebytes Anti-Malware \mbam.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Sony Corporation) C:\Program Files\Sony\PlayMemories Home\PMBVolumeWatcher.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Spotify Ltd) C:\Users\Laptop\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Dropbox, Inc.) C:\Users\Laptop\AppData\Roaming\Dropbox\bin\Dropbox.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe () C:\Program Files\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe (Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe (Google Inc.) C:\Users\Laptop\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Laptop\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Laptop\AppData\Local\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\WINWORD.EXE (Google Inc.) C:\Users\Laptop\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Laptop\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Laptop\AppData\Local\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\prevhost.exe (Google Inc.) C:\Users\Laptop\AppData\Local\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation) HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.) HKLM\...\Run: [PMBVolumeWatcher] => C:\Program Files\Sony\PlayMemories Home\PMBVolumeWatcher.exe [740888 2013-04-24] (Sony Corporation) HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [974432 2014-08-22] (Microsoft Corporation) HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation) HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-09] (Avira Operations GmbH & Co. KG) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2014-10-14] (Adobe Systems Incorporated) HKLM\...\Run: [Adobe Creative Cloud] => C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694320 2014-10-15] (Adobe Systems Incorporated) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.) HKU\S-1-5-21-3893482130-3688408459-2354354221-1000\...\Run: [Spotify Web Helper] => C:\Users\Laptop\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1514040 2014-11-04] (Spotify Ltd) HKU\S-1-5-21-3893482130-3688408459-2354354221-1000\...\Run: [GoogleChromeAutoLaunch_91B4BC4B9D616919C5D60BDCE2C341BB] => C:\Users\Laptop\AppData\Local\Google\Chrome\Application\chrome.exe [856904 2014-12-06] (Google Inc.) HKU\S-1-5-21-3893482130-3688408459-2354354221-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Spotify Web Helper] => C:\Users\Laptop\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1514040 2014-11-04] (Spotify Ltd) HKU\S-1-5-21-3893482130-3688408459-2354354221-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GoogleChromeAutoLaunch_91B4BC4B9D616919C5D60BDCE2C341BB] => C:\Users\Laptop\AppData\Local\Google\Chrome\Application\chrome.exe [856904 2014-12-06] (Google Inc.) Startup: C:\Users\Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Laptop\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x86.dll () ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x86.dll () ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x86.dll () ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-3893482130-3688408459-2354354221-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-3893482130-3688408459-2354354221-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-3893482130-3688408459-2354354221-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-3893482130-3688408459-2354354221-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie HKU\S-1-5-21-3893482130-3688408459-2354354221-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-3893482130-3688408459-2354354221-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie HKU\S-1-5-21-3893482130-3688408459-2354354221-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-at/?ocid=iehp SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3893482130-3688408459-2354354221-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear SearchScopes: HKU\S-1-5-21-3893482130-3688408459-2354354221-1000 -> {A3B423A0-3B18-4C15-82E3-568397601825} URL = hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q={searchTerms}&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-3893482130-3688408459-2354354221-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear SearchScopes: HKU\S-1-5-21-3893482130-3688408459-2354354221-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {A3B423A0-3B18-4C15-82E3-568397601825} URL = hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q={searchTerms}&src=IE-SearchBox BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1 FireFox: ======== FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @Skype Technologies S.A..com/Skype Web Plugin -> C:\Program Files\SkypeWebPlugin\3.1.15602.22612\npSkypeWebPlugin.dll (Skype) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems) FF Plugin HKU\S-1-5-21-3893482130-3688408459-2354354221-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Laptop\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF Plugin HKU\S-1-5-21-3893482130-3688408459-2354354221-1000: @talk.google.com/O1DPlugin -> C:\Users\Laptop\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google) FF Plugin HKU\S-1-5-21-3893482130-3688408459-2354354221-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Laptop\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKU\S-1-5-21-3893482130-3688408459-2354354221-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Laptop\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKU\S-1-5-21-3893482130-3688408459-2354354221-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101727.dll (Amazon.com, Inc.) FF Plugin HKU\S-1-5-21-3893482130-3688408459-2354354221-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @talk.google.com/GoogleTalkPlugin -> C:\Users\Laptop\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF Plugin HKU\S-1-5-21-3893482130-3688408459-2354354221-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @talk.google.com/O1DPlugin -> C:\Users\Laptop\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google) FF Plugin HKU\S-1-5-21-3893482130-3688408459-2354354221-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @tools.google.com/Google Update;version=3 -> C:\Users\Laptop\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKU\S-1-5-21-3893482130-3688408459-2354354221-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @tools.google.com/Google Update;version=9 -> C:\Users\Laptop\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKU\S-1-5-21-3893482130-3688408459-2354354221-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101727.dll (Amazon.com, Inc.) FF Plugin ProgramFiles/Appdata: C:\Users\Laptop\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google) FF Plugin ProgramFiles/Appdata: C:\Users\Laptop\AppData\Roaming\mozilla\plugins\npo1d.dll (Google) Chrome: ======= CHR StartupUrls: Default -> "hxxp://www.search.ask.com/?tpid=ORJ-V7-SAT&o=APN11467&pf=V7&trgb=CR&p2=%5EBED%5EOSJ000%5EYY%5EAT&gct=hp&apn_ptnrs=BED&apn_dtid=%5EOSJ000%5EYY%5EAT&apn_dbr=cr_34.0.1847.137&apn_uid=1F5EC43F-A747-4017-A7E0-6CC6726F6BBD&itbv=12.10.6.53&doi=2014-05-19&psv=" CHR Profile: C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-18] CHR Extension: (Google Wallet) - C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-27] CHR Profile: C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Profile 1 CHR Extension: (Docs) - C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2013-02-25] CHR Extension: (Google Drive) - C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-02-25] CHR Extension: (DVDVideoSoftTB DE) - C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bhphemoobgnikcoofkgackkaimpfmenm [2013-02-25] CHR Extension: (YouTube) - C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-02-25] CHR Extension: (Google-Suche) - C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-02-25] CHR Extension: (avast! WebRep) - C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda [2013-02-25] CHR Extension: (DvdVideoSoft Free Youtube Download) - C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp [2013-02-25] CHR Extension: (Google Mail) - C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-02-25] CHR Profile: C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Profile 2 CHR Extension: (DVDVideoSoftTB DE) - C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\bhphemoobgnikcoofkgackkaimpfmenm [2013-02-25] CHR Extension: (avast! WebRep) - C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda [2013-02-25] CHR Extension: (DvdVideoSoft Free Youtube Download) - C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp [2013-02-25] CHR Extension: (Google Wallet) - C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-29] CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [431920 2014-12-09] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-09] (Avira Operations GmbH & Co. KG) R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation) R2 MBAMScheduler; C:\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) R2 MBAMService; C:\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed] R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation) S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation) R2 PMBDeviceInfoProvider; C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [483864 2013-04-24] (Sony Corporation) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation) S3 McComponentHostService; "C:\Program Files\McAfee Security Scan\3.0.285\McCHSvc.exe" [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98160 2014-10-23] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-10-23] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2014-10-23] (Avira Operations GmbH & Co. KG) S3 hwdatacard; C:\Windows\System32\DRIVERS\ewusbmdm.sys [101504 2012-03-22] (Huawei Technologies Co., Ltd.) [File not signed] R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-01-18] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation) R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2014-10-23] (Avira GmbH) U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation) S3 catchme; \??\C:\Users\Laptop\AppData\Local\Temp\catchme.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-18 18:32 - 2015-01-18 18:32 - 00000000 ____D () C:\Users\Laptop\Desktop\FRST-OlderVersion 2015-01-18 18:22 - 2015-01-18 18:22 - 00852504 _____ () C:\Users\Laptop\Desktop\SecurityCheck.exe 2015-01-18 14:02 - 2015-01-18 14:02 - 00000000 ____D () C:\Program Files\ESET 2015-01-18 14:01 - 2015-01-18 14:01 - 02347384 _____ (ESET) C:\Users\Laptop\Downloads\esetsmartinstaller_deu.exe 2015-01-13 22:37 - 2015-01-13 22:37 - 00011213 _____ () C:\Users\Laptop\Downloads\stichproben_berechnung.xlsx 2015-01-13 22:18 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe 2015-01-13 22:18 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-01-13 22:18 - 2014-12-11 18:47 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe 2015-01-13 22:17 - 2014-12-19 03:43 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll 2015-01-13 22:17 - 2014-12-19 02:34 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys 2015-01-13 22:17 - 2014-12-06 04:50 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll 2015-01-11 00:17 - 2015-01-11 00:17 - 00008415 _____ () C:\Users\Laptop\Desktop\JRT.txt 2015-01-11 00:15 - 2015-01-11 00:15 - 00000000 ____D () C:\Windows\ERUNT 2015-01-11 00:13 - 2015-01-11 00:13 - 01707939 _____ (Thisisu) C:\Users\Laptop\Desktop\JRT.exe 2015-01-10 23:46 - 2015-01-10 23:46 - 02191360 _____ () C:\Users\Laptop\Desktop\AdwCleaner_4.107.exe 2015-01-10 23:43 - 2015-01-10 23:43 - 00001313 _____ () C:\Users\Laptop\Desktop\mbam.txt 2015-01-10 23:11 - 2015-01-10 23:11 - 00000701 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-01-10 23:11 - 2015-01-10 23:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-01-10 23:11 - 2015-01-10 23:11 - 00000000 ____D () C:\ Malwarebytes Anti-Malware 2015-01-10 23:11 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-01-10 23:11 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-01-10 23:11 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-01-10 23:06 - 2015-01-10 23:07 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Laptop\Downloads\mbam-setup-2.0.4.1028.exe 2015-01-08 23:14 - 2015-01-08 23:14 - 00020017 _____ () C:\ComboFix.txt 2015-01-08 22:56 - 2015-01-08 23:14 - 00000000 ____D () C:\ComboFix 2015-01-08 22:56 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe 2015-01-08 22:56 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe 2015-01-08 22:56 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2015-01-08 22:56 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2015-01-08 22:56 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2015-01-08 22:56 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe 2015-01-08 22:56 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe 2015-01-08 22:56 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe 2015-01-08 22:49 - 2015-01-08 23:14 - 00000000 ____D () C:\Qoobox 2015-01-08 22:47 - 2015-01-08 23:13 - 00000000 ____D () C:\Windows\erdnt 2015-01-08 22:42 - 2015-01-08 22:44 - 05609736 ____R (Swearware) C:\Users\Laptop\Desktop\ComboFix.exe 2015-01-07 21:10 - 2015-01-07 21:11 - 00031738 _____ () C:\Users\Laptop\Desktop\Addition.txt 2015-01-07 21:08 - 2015-01-18 18:32 - 00021989 _____ () C:\Users\Laptop\Desktop\FRST.txt 2015-01-07 21:08 - 2015-01-18 18:32 - 00000000 ____D () C:\FRST 2015-01-07 21:06 - 2015-01-18 18:32 - 01118208 _____ (Farbar) C:\Users\Laptop\Desktop\FRST.exe 2015-01-07 15:22 - 2015-01-07 15:24 - 02173952 _____ () C:\Users\Laptop\Downloads\adwcleaner_4.106 (1).exe 2015-01-05 12:19 - 2015-01-05 12:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft 2015-01-05 12:10 - 2015-01-05 12:10 - 00000000 ____D () C:\Program Files\Free Codec Pack 2015-01-05 12:09 - 2015-01-05 12:47 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft 2015-01-05 12:09 - 2015-01-05 12:20 - 00000000 ____D () C:\Program Files\DVDVideoSoft 2015-01-05 11:38 - 2015-01-05 11:58 - 03534368 _____ (DVDVideoSoft Ltd. ) C:\Users\Laptop\Downloads\FreeStudio641.exe 2015-01-04 23:59 - 2015-01-04 23:59 - 00001068 _____ () C:\Users\Public\Desktop\Picasa 3.lnk 2015-01-04 23:58 - 2015-01-04 23:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3 2015-01-04 23:50 - 2015-01-04 23:53 - 17385800 _____ (Google Inc.) C:\Users\Laptop\Downloads\picasa39-setup.exe 2015-01-04 21:05 - 2015-01-05 01:06 - 00000000 ____D () C:\Users\Laptop\Desktop\101MSDCF 2014-12-30 00:42 - 2014-12-30 00:42 - 00000000 ____D () C:\Users\Laptop\Documents\Fax 2014-12-20 12:30 - 2014-12-20 12:30 - 00001753 _____ () C:\Users\Public\Desktop\iTunes.lnk 2014-12-20 12:30 - 2014-12-20 12:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2014-12-20 12:30 - 2012-10-03 16:14 - 00026840 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys 2014-12-20 12:29 - 2014-12-20 12:30 - 00000000 ____D () C:\ProgramData\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB 2014-12-20 12:29 - 2014-12-20 12:30 - 00000000 ____D () C:\Program Files\iTunes 2014-12-20 12:29 - 2014-12-20 12:29 - 00000000 ____D () C:\Program Files\iPod 2014-12-20 11:58 - 2014-12-20 12:05 - 109829936 _____ (Apple Inc.) C:\Users\Laptop\Downloads\iTunesSetup.exe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-18 17:55 - 2012-08-06 18:33 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3893482130-3688408459-2354354221-1000UA.job 2015-01-18 17:54 - 2012-03-24 18:22 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-01-18 17:40 - 2012-03-20 18:30 - 01803250 _____ () C:\Windows\WindowsUpdate.log 2015-01-18 17:35 - 2012-05-05 11:17 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-01-18 15:00 - 2014-05-23 14:21 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys 2015-01-18 13:47 - 2012-08-06 18:33 - 00001072 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3893482130-3688408459-2354354221-1000Core.job 2015-01-14 09:46 - 2009-07-14 05:34 - 00028464 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-01-14 09:46 - 2009-07-14 05:34 - 00028464 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-01-14 09:40 - 2013-07-04 21:39 - 00000000 ___RD () C:\Users\Laptop\Dropbox 2015-01-14 09:39 - 2013-07-04 21:35 - 00000000 ____D () C:\Users\Laptop\AppData\Roaming\Dropbox 2015-01-14 09:37 - 2013-12-04 17:18 - 00000374 _____ () C:\Windows\system32\Drivers\etc\hosts.ics 2015-01-14 09:35 - 2013-11-03 01:00 - 00006854 _____ () C:\Windows\setupact.log 2015-01-14 09:35 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-01-14 09:12 - 2012-03-20 12:02 - 00000000 ____D () C:\Users\Laptop\AppData\Local\Adobe 2015-01-13 23:50 - 2013-07-19 23:39 - 00000000 ____D () C:\Windows\system32\MRT 2015-01-13 23:36 - 2012-03-20 12:31 - 110348472 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-01-13 20:17 - 2012-05-05 11:17 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2015-01-13 20:17 - 2012-03-24 18:22 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2015-01-10 23:54 - 2013-12-03 11:06 - 00562626 _____ () C:\Windows\PFRO.log 2015-01-10 23:53 - 2014-11-24 23:08 - 00000000 ____D () C:\AdwCleaner 2015-01-10 23:43 - 2012-09-22 10:54 - 00000000 ____D () C:\Users\Laptop\AppData\Local\CRE 2015-01-10 23:11 - 2013-12-08 10:47 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-01-08 23:14 - 2009-07-14 03:37 - 00000000 __RHD () C:\Users\Default 2015-01-08 23:14 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Public 2015-01-08 23:11 - 2009-07-14 03:04 - 00000215 _____ () C:\Windows\system.ini 2015-01-07 15:34 - 2014-05-27 11:31 - 00000000 ____D () C:\Users\Laptop\Tracing 2015-01-07 14:59 - 2012-10-15 19:08 - 00000000 ____D () C:\Users\Laptop\AppData\Roaming\Spotify 2015-01-05 12:19 - 2012-04-06 13:35 - 00000000 ____D () C:\Users\Laptop\AppData\Roaming\DVDVideoSoft 2015-01-04 23:59 - 2012-03-24 18:22 - 00000000 ____D () C:\Users\Laptop\AppData\Local\Google 2015-01-04 23:57 - 2012-03-24 18:22 - 00000000 ____D () C:\Program Files\Google 2015-01-04 20:47 - 2013-07-04 21:39 - 00001021 _____ () C:\Users\Laptop\Desktop\Dropbox.lnk 2015-01-04 20:47 - 2013-07-04 21:36 - 00000000 ____D () C:\Users\Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-12-31 12:13 - 2012-03-20 12:20 - 00249488 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2014-12-30 13:55 - 2014-10-30 09:25 - 00000000 ____D () C:\Users\Laptop\Desktop\Nov. und Dez. 2014 ungeordnet + Weihnachten!! 2014-12-20 12:29 - 2012-04-29 10:32 - 00000000 ____D () C:\Program Files\Common Files\Apple 2014-12-20 12:22 - 2012-04-29 10:32 - 00000000 ____D () C:\ProgramData\Apple ==================== Files in the root of some directories ======= 2014-09-02 08:51 - 2014-11-24 22:39 - 0000097 _____ () C:\Users\Laptop\AppData\Roaming\WB.CFG 2012-10-03 22:09 - 2013-11-17 23:51 - 0007605 _____ () C:\Users\Laptop\AppData\Local\Resmon.ResmonCfg Some content of TEMP: ==================== C:\Users\Laptop\AppData\Local\Temp\avgnt.exe C:\Users\Laptop\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpq33wii.dll C:\Users\Laptop\AppData\Local\Temp\Quarantine.exe C:\Users\Laptop\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-01-05 18:56 ==================== End Of Log ============================ --- --- --- Geändert von Pfirsich (18.01.2015 um 18:37 Uhr) |
|
18.01.2015, 20:03
| #11 |
| /// the machine /// TB-Ausbilder | Windos 7 + Browser Virenbefall Mit welchem Browser?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
18.01.2015, 20:06
| #12 |
| | Windos 7 + Browser Virenbefall Google Chrome! Lg |
|
18.01.2015, 21:42
| #13 |
| /// the machine /// TB-Ausbilder | Windos 7 + Browser Virenbefall Revo Uninstaller - Download - Filepony damit Chrome deinstallieren, keine Daten behalten, Reste entfernen lassen, neu installieren. Dann: https://support.google.com/chrome/answer/3296214?hl=de
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
18.01.2015, 21:56
| #14 |
| | Windos 7 + Browser Virenbefall Mache ich sofort, danke. Was war jetzt der Sinn des ESET-Scans, die 10 Funde sind ja jetzt noch da oder?? Die Funktion die Funde zu löschen habe ich ja anleitungsgemäß deaktiviert. :confused Lieben Gruß: |
|
19.01.2015, 11:23
| #15 |
| /// the machine /// TB-Ausbilder | Windos 7 + Browser Virenbefall Wir wollen die Funde immer erst sehen bevor wir was entfernen. Wenn Du das mit Chrome gemacht hast und das funktioniert, entfernen wir die Funde und die übrigen Reste in einem Rutsch
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Windos 7 + Browser Virenbefall |
| adw-cleaner, askbar, avira, browser, dateien, desktop, explorer, festgestellt, firefox, gelöscht, google, helper, home, infiziert, internet explorer, langsam, launch, löschen, malware, microsoft, mozilla, neu, notebook, ordner, software, suche, temp, virenbefal, virus, windows |
Linear-Darstellung
