|
Plagegeister aller Art und deren Bekämpfung: zu viele pup's gefundenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
27.01.2015, 18:46 | #1 |
| zu viele pup's gefunden Guten Abend, mein Sohn hat mir seinen Laptop gebracht und ich hab mich gewundert wie langsam der läuft. Ich hab dann mal Malwarebytes durchlaufen lassen und einige PUP's gefunden. Ich vermute mal, dass die daran schuld sind. Hier ist die txt file von MWB. Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 27.01.2015 Suchlauf-Zeit: 18:06:53 Logdatei: Malwarebytes2701.txt Administrator: Ja Version: 2.00.4.1028 Malware Datenbank: v2015.01.27.07 Rootkit Datenbank: v2015.01.14.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Undertaker Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 427460 Verstrichene Zeit: 32 Min, 20 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente erkannt) Module: 0 (Keine schädliche Elemente erkannt) Registrierungsschlüssel: 10 PUP.Optional.SearchProtect.A, HKU\S-1-5-21-1335839233-2991384071-368375801-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}, , [f96a8a721475ab8b8b1249abbd45c23e], PUP.Optional.Sanbreel.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{e63d9559-e4c3-499e-867a-a3c9d0a21400}Gw64, , [f76c5f9d6d1c092defc1683059aada26], PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\GLOBALUPDATE\UPDATE, , [c79ceb11711848ee7d742476a0630df3], PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLAPLUGINS\@staging.google.com/globalUpdate Update;version=10, , [c59eb04c6128989e03c2f5051be954ac], PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLAPLUGINS\@staging.google.com/globalUpdate Update;version=4, , [83e0fffda8e14aecfcca14e662a2df21], PUP.Optional.OfferMosquito.A, HKU\S-1-5-21-1335839233-2991384071-368375801-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\OfferMosquito, , [bba86e8e4e3b300693681be2d0348977], PUP.Optional.Somoto.A, HKU\S-1-5-21-1335839233-2991384071-368375801-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Somoto, , [471ca05cd7b2db5b2c82286691724eb2], PUP.Optional.BlockAndSurf.A, HKU\S-1-5-21-1335839233-2991384071-368375801-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\BlockAndSurf, , [491a7e7e1475d75fc31e574019ea758b], PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE, , [e77ca75594f5db5b850f1645eb188f71], PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE, , [e77ca75594f5db5b850f1645eb188f71], Registrierungswerte: 2 PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\GLOBALUPDATE\UPDATE|path, C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe, , [c79ceb11711848ee7d742476a0630df3] PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|PopularScreensavers EPM Support, "C:\PROGRA~2\POPULA~2\bar\1.bin\7imedint.exe" T8EPMSUP.DLL,S, , [6102f8047c0dd462cc6cd2b5ad569e62] Registrierungsdaten: 0 (Keine schädliche Elemente erkannt) Ordner: 8 PUP.Optional.MindSpark.A, C:\Users\Undertaker\AppData\LocalLow\PopularScreensavers_7i, , [1152ab51e1a880b6bc1cada5c83bef11], PUP.Optional.MindSpark.A, C:\Users\Undertaker\AppData\LocalLow\PopularScreensavers_7i\bar, , [1152ab51e1a880b6bc1cada5c83bef11], PUP.Optional.MindSpark.A, C:\Users\Undertaker\AppData\LocalLow\PopularScreensavers_7i\bar\Cache, , [1152ab51e1a880b6bc1cada5c83bef11], PUP.Optional.MindSpark.A, C:\Users\Undertaker\AppData\LocalLow\PopularScreensavers_7i\bar\History, , [1152ab51e1a880b6bc1cada5c83bef11], PUP.Optional.MindSpark.A, C:\Users\Undertaker\AppData\LocalLow\PopularScreensavers_7i\bar\Settings, , [1152ab51e1a880b6bc1cada5c83bef11], PUP.Optional.Extutil.A, C:\Users\Undertaker\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B, , [ee7578842f5a58de0c8ab9a0f50e758b], PUP.Optional.Managera.A, C:\Users\Undertaker\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42, , [c1a28577f39668ce3d5a0d4c996ab848], PUP.Optional.GlobalUpdate.A, C:\Users\Undertaker\AppData\Local\Temp\comh.23670, , [e77ca75594f5db5b850f1645eb188f71], Dateien: 42 PUP.Optional.AdvancedSystemProtector, C:\Windows\System32\sasnative64.exe, , [105303f9a4e58da97078239e1ee306fa], PUP.Optional.Conduit.A, C:\Users\Undertaker\AppData\Local\Temp\nsbAC51.exe, , [d2919c60e7a2c96db892456252afc13f], PUP.Optional.Conduit.A, C:\Users\Undertaker\AppData\Local\Temp\nsc8D10.exe, , [362df7054841191dc5854e59758c9967], PUP.Optional.Conduit.A, C:\Users\Undertaker\AppData\Local\Temp\nsg9B0.exe, , [f370c03ca1e89f974cfefdaa5ea320e0], PUP.Optional.Conduit.A, C:\Users\Undertaker\AppData\Local\Temp\nsqB8DF.exe, , [d98a2dcfc0c9cf6750fa4c5b15ecca36], PUP.Optional.Conduit.A, C:\Users\Undertaker\AppData\Local\Temp\nsr122A.exe, , [84df36c60b7e81b5c684cadd22df9967], PUP.Optional.SearchProtect.A, C:\Users\Undertaker\AppData\Local\Temp\nsv619A\SpSetup.exe, , [9ac9c735f693979fd7913879d22fc937], PUP.Optional.SkyTech.A, C:\Users\Undertaker\AppData\Local\Temp\fullpackage_temp1388606446\QQBrowserFrame.dll, , [243f1fdda6e33ff7acadd822e0216a96], PUP.Optional.DomaIQ, C:\Users\Undertaker\Downloads\New player.exe, , [491a619b17721e182c6c2f9cf908639d], PUP.Optional.Sanbreel.A, C:\Windows\System32\drivers\{e63d9559-e4c3-499e-867a-a3c9d0a21400}Gw64.sys, , [f76c5f9d6d1c092defc1683059aada26], PUP.Optional.BetterDeals.A, C:\Users\Undertaker\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.betterdeals00.betterdeals.co_0.localstorage, , [adb6b3495732cb6bd938960f7d863cc4], PUP.Optional.BetterDeals.A, C:\Users\Undertaker\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.betterdeals00.betterdeals.co_0.localstorage-journal, , [085bb943f792c76fb65b6f36b053b34d], PUP.Optional.MindSpark.A, C:\Users\Undertaker\AppData\LocalLow\PopularScreensavers_7i\bar\Cache\24ACB809, , [1152ab51e1a880b6bc1cada5c83bef11], PUP.Optional.MindSpark.A, C:\Users\Undertaker\AppData\LocalLow\PopularScreensavers_7i\bar\Cache\24ACBCAA, , [1152ab51e1a880b6bc1cada5c83bef11], PUP.Optional.MindSpark.A, C:\Users\Undertaker\AppData\LocalLow\PopularScreensavers_7i\bar\Cache\24ACBF78.bmp, , [1152ab51e1a880b6bc1cada5c83bef11], PUP.Optional.MindSpark.A, C:\Users\Undertaker\AppData\LocalLow\PopularScreensavers_7i\bar\Cache\24ACC0A0.bmp, , [1152ab51e1a880b6bc1cada5c83bef11], PUP.Optional.MindSpark.A, C:\Users\Undertaker\AppData\LocalLow\PopularScreensavers_7i\bar\Cache\24ACC11D.bmp, , [1152ab51e1a880b6bc1cada5c83bef11], PUP.Optional.MindSpark.A, C:\Users\Undertaker\AppData\LocalLow\PopularScreensavers_7i\bar\Cache\24ACC19A.bmp, , [1152ab51e1a880b6bc1cada5c83bef11], PUP.Optional.MindSpark.A, C:\Users\Undertaker\AppData\LocalLow\PopularScreensavers_7i\bar\Cache\24ACC207.bmp, , [1152ab51e1a880b6bc1cada5c83bef11], PUP.Optional.MindSpark.A, C:\Users\Undertaker\AppData\LocalLow\PopularScreensavers_7i\bar\Cache\24ACC2D2.bmp, , [1152ab51e1a880b6bc1cada5c83bef11], PUP.Optional.MindSpark.A, C:\Users\Undertaker\AppData\LocalLow\PopularScreensavers_7i\bar\Cache\24ACC32F.cab, , [1152ab51e1a880b6bc1cada5c83bef11], PUP.Optional.MindSpark.A, C:\Users\Undertaker\AppData\LocalLow\PopularScreensavers_7i\bar\Cache\24ACC523.bmp, , [1152ab51e1a880b6bc1cada5c83bef11], PUP.Optional.MindSpark.A, C:\Users\Undertaker\AppData\LocalLow\PopularScreensavers_7i\bar\Cache\24ACC59F.bmp, , [1152ab51e1a880b6bc1cada5c83bef11], PUP.Optional.MindSpark.A, C:\Users\Undertaker\AppData\LocalLow\PopularScreensavers_7i\bar\Cache\25596A3B, , [1152ab51e1a880b6bc1cada5c83bef11], PUP.Optional.MindSpark.A, C:\Users\Undertaker\AppData\LocalLow\PopularScreensavers_7i\bar\Cache\files.ini, , [1152ab51e1a880b6bc1cada5c83bef11], PUP.Optional.MindSpark.A, C:\Users\Undertaker\AppData\LocalLow\PopularScreensavers_7i\bar\History\search3, , [1152ab51e1a880b6bc1cada5c83bef11], PUP.Optional.MindSpark.A, C:\Users\Undertaker\AppData\LocalLow\PopularScreensavers_7i\bar\Settings\prevcfg2.htm, , [1152ab51e1a880b6bc1cada5c83bef11], PUP.Optional.Extutil.A, C:\Users\Undertaker\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B\bk.js, , [ee7578842f5a58de0c8ab9a0f50e758b], PUP.Optional.Extutil.A, C:\Users\Undertaker\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B\cs.js, , [ee7578842f5a58de0c8ab9a0f50e758b], PUP.Optional.Extutil.A, C:\Users\Undertaker\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B\manifest.json, , [ee7578842f5a58de0c8ab9a0f50e758b], PUP.Optional.Managera.A, C:\Users\Undertaker\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42\cs.js, , [c1a28577f39668ce3d5a0d4c996ab848], PUP.Optional.Managera.A, C:\Users\Undertaker\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42\manifest.json, , [c1a28577f39668ce3d5a0d4c996ab848], PUP.Optional.GlobalUpdate.A, C:\Users\Undertaker\AppData\Local\Temp\comh.23670\GoogleCrashHandler.exe, , [e77ca75594f5db5b850f1645eb188f71], PUP.Optional.GlobalUpdate.A, C:\Users\Undertaker\AppData\Local\Temp\comh.23670\GoogleUpdate.exe, , [e77ca75594f5db5b850f1645eb188f71], PUP.Optional.GlobalUpdate.A, C:\Users\Undertaker\AppData\Local\Temp\comh.23670\GoogleUpdateBroker.exe, , [e77ca75594f5db5b850f1645eb188f71], PUP.Optional.GlobalUpdate.A, C:\Users\Undertaker\AppData\Local\Temp\comh.23670\GoogleUpdateHelper.msi, , [e77ca75594f5db5b850f1645eb188f71], PUP.Optional.GlobalUpdate.A, C:\Users\Undertaker\AppData\Local\Temp\comh.23670\GoogleUpdateOnDemand.exe, , [e77ca75594f5db5b850f1645eb188f71], PUP.Optional.GlobalUpdate.A, C:\Users\Undertaker\AppData\Local\Temp\comh.23670\goopdate.dll, , [e77ca75594f5db5b850f1645eb188f71], PUP.Optional.GlobalUpdate.A, C:\Users\Undertaker\AppData\Local\Temp\comh.23670\goopdateres_en.dll, , [e77ca75594f5db5b850f1645eb188f71], PUP.Optional.GlobalUpdate.A, C:\Users\Undertaker\AppData\Local\Temp\comh.23670\npGoogleUpdate4.dll, , [e77ca75594f5db5b850f1645eb188f71], PUP.Optional.GlobalUpdate.A, C:\Users\Undertaker\AppData\Local\Temp\comh.23670\psmachine.dll, , [e77ca75594f5db5b850f1645eb188f71], PUP.Optional.GlobalUpdate.A, C:\Users\Undertaker\AppData\Local\Temp\comh.23670\psuser.dll, , [e77ca75594f5db5b850f1645eb188f71], Physische Sektoren: 0 (Keine schädliche Elemente erkannt) (end) LG Ani |
27.01.2015, 19:01 | #2 |
/// the machine /// TB-Ausbilder | zu viele pup's gefunden hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
27.01.2015, 19:38 | #3 |
| zu viele pup's gefunden Hier ist der log
__________________Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-01-2015 01 Ran by Undertaker at 2015-01-27 19:33:14 Running from C:\Users\Undertaker\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859} AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) „Windows Live Essentials“ (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden „Windows Live Mail“ (x32 Version: 15.4.3502.0922 - „Microsoft Corporation“) Hidden „Windows Live Messenger“ (x32 Version: 15.4.3538.0513 - „Microsoft Corporation“) Hidden „Windows Live“ fotogalerija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.296 - Adobe Systems Incorporated) Adobe Reader XI (11.0.04) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.04 - Adobe Systems Incorporated) Agatha Christie - Death on the Nile (x32 Version: 2.2.0.82 - WildTangent) Hidden Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 9.0 - Atheros) ATI Catalyst Install Manager (HKLM\...\{2E26B067-B10A-683A-7E84-5813500EE3B0}) (Version: 3.0.820.0 - ATI Technologies, Inc.) aTube Catcher (HKLM-x32\...\aTube Catcher) (Version: 2.9.1390 - DsNET Corp) Avira (HKLM-x32\...\{e7c7c227-b742-4878-9425-f09bbf9951db}) (Version: 1.1.27.25527 - Avira Operations & Co. KG) Avira (x32 Version: 1.1.27.25527 - Avira Operations & Co. KG) Hidden Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira) BatteryLifeExtender (HKLM-x32\...\{FFD0E594-823B-4E2B-B680-720B3C852588}) (Version: 1.0.11 - Samsung) Battlefield Heroes (HKU\S-1-5-21-1335839233-2991384071-368375801-1000\...\{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}) (Version: - EA Digital illusions) Battlefield Heroes (HKU\S-1-5-21-1335839233-2991384071-368375801-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}) (Version: - EA Digital illusions) Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 5.60.48.55 - Broadcom Corporation) Build-a-lot (x32 Version: 2.2.0.82 - WildTangent) Hidden Camtasia Studio 8 (HKLM-x32\...\{8F6F7194-0734-4CDA-8C04-6B766F2241A6}) (Version: 8.0.4.1060 - TechSmith Corporation) Chuzzle Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden CyberLink Media Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2227 - CyberLink Corp.) CyberLink Media+ Player10 (HKLM-x32\...\InstallShield_{34FBC7C4-CD31-4D93-A428-0E524EAC4586}) (Version: 10.0.1110.00 - CyberLink Corp.) CyberLink MediaShow (HKLM-x32\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 5.0.1130a - CyberLink Corp.) CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3802 - CyberLink Corp.) CyberLink PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3306 - CyberLink Corp.) CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.3509 - CyberLink Corp.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Das gelobte Land (HKLM-x32\...\Das gelobte Land) (Version: 1.0.0.0 - INTENIUM GmbH) DEUTSCHLAND SPIELT GAME CENTER (HKLM-x32\...\DSGPlayer) (Version: 1.0.0.46 - INTENIUM GmbH) Die Siedler 7 (HKLM-x32\...\{63860309-DA8A-4BAE-9EAE-CE1D6D79340C}) (Version: 1.12.1396 - Ubisoft) Die Siedler III Gold Edition (HKLM-x32\...\S3) (Version: - ) Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.82 - WildTangent) Hidden Dropbox (HKU\S-1-5-21-1335839233-2991384071-368375801-1000\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.) Dropbox (HKU\S-1-5-21-1335839233-2991384071-368375801-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.) Easy Content Share (HKLM-x32\...\{2DDC70C1-C77A-4D08-89D2-9AB648504533}) (Version: 1.0 - Samsung Electronics Co., LTD) Easy Display Manager (HKLM-x32\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 3.2 - Samsung Electronics Co., Ltd.) Easy Migration (HKLM-x32\...\{AD86049C-3D9C-43E1-BE73-643F57D83D50}) (Version: 1.0 - Samsung Electronics Co., Ltd.) Easy Network Manager (HKLM-x32\...\{8732818E-CA78-4ACB-B077-22311BF4C0E4}) (Version: 4.4.7 - Samsung) Easy SpeedUp Manager (HKLM-x32\...\{EF367AA4-070B-493C-9575-85BE59D789C9}) (Version: 2.1.1.1 - Samsung Electronics Co.,Ltd.) EasyBatteryManager (HKLM-x32\...\{4A331D24-A9E8-484F-835E-1BA7B139689C}) (Version: 4.0.0.4 - Samsung) EasyFileShare (HKLM-x32\...\{16880765-677F-440B-B16A-BFD9B9C00012}) (Version: 1.0.12 - Samsung) ETDWare PS/2-X64 8.0.7.2_WHQL (HKLM\...\Elantech) (Version: 8.0.7.2 - ELAN Microelectronic Corp.) Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited) Farm Frenzy (x32 Version: 2.2.0.82 - WildTangent) Hidden Fast Start (HKLM-x32\...\{77F45ECD-FAFC-45A8-8896-CFFB139DAAA3}) (Version: 2.2.0.1 - SAMSUNG) FilesFrog Update Checker (HKLM-x32\...\FilesFrog Update Checker) (Version: - ) <==== ATTENTION Firebird SQL Server - MAGIX Edition (HKLM-x32\...\{39AB2E37-1A55-4292-A5D3-971E9F70D0F8}) (Version: 2.1.32.0 - MAGIX AG) Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Google Chrome (HKU\S-1-5-21-1335839233-2991384071-368375801-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Google Chrome) (Version: 40.0.2214.93 - Google Inc.) Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Insaniquarium Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden inSSIDer Home (HKLM-x32\...\{9E54E4AE-B67A-4925-8E92-0E1F9817FD73}) (Version: 3.1.2.1 - MetaGeek, LLC) iTunes (HKLM\...\{427174C0-096E-40D9-9684-9C109BEE2CBF}) (Version: 11.0.5.5 - Apple Inc.) Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle) John Deere Drive Green (x32 Version: 2.2.0.82 - WildTangent) Hidden Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.227 - LogMeIn, Inc.) LogMeIn Hamachi (x32 Version: 2.2.0.227 - LogMeIn, Inc.) Hidden MAGIX Speed burnR (MSI) (HKLM-x32\...\MAGIX_{6C855B1C-FC55-4A00-9CCB-5ED6DB8770BF}) (Version: 7.0.2.6 - MAGIX AG) MAGIX Speed burnR (MSI) (Version: 7.0.2.6 - MAGIX AG) Hidden MAGIX Video deluxe 2014 Plus (HKLM-x32\...\MX.{9E2FEB28-7407-4009-9DC4-203EF2EF6BB7}) (Version: 13.0.0.28 - MAGIX AG) MAGIX Video deluxe 2014 Plus (Version: 13.0.0.28 - MAGIX AG) Hidden Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation) Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Movie Color Enhancer (HKLM-x32\...\{7F6F62F0-7884-4CFB-B86C-597A4A6D9C4D}) (Version: 1.0 - Samsung Electronics Co., Ltd.) MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) Multimedia POP (HKLM-x32\...\{331ECF61-69AF-4F57-AC35-AFED610231C3}) (Version: 1.0 - ) NAVIGON Fresh 3.4.1 (HKLM-x32\...\NAVIGON Fresh) (Version: 3.4.1 - NAVIGON) Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation) PaintTool SAI Ver.1 (HKLM-x32\...\PaintToolSAI) (Version: - ) Peggle (x32 Version: 2.2.0.82 - WildTangent) Hidden Penguins! (x32 Version: 2.2.0.82 - WildTangent) Hidden PhoneShare (HKLM-x32\...\{3F50512F-53DF-46B1-8CCB-6C7E638CADD6}) (Version: 9.1.4 - Samsung) Plants vs. Zombies (x32 Version: 2.2.0.82 - WildTangent) Hidden Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Polar Golfer (x32 Version: 2.2.0.82 - WildTangent) Hidden PopularScreensavers Internet Explorer Toolbar (HKLM-x32\...\PopularScreensavers_7ibar Uninstall Internet Explorer) (Version: - Mindspark Interactive Network) <==== ATTENTION Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.990 - Even Balance, Inc.) Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.40.126.2011 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6400 - Realtek Semiconductor Corp.) Samsung AnyWeb Print (HKLM-x32\...\{318DBE01-1E6B-4243-84B0-210391FE789A}) (Version: 2.0.67.1 - Samsung Electronics Co., Ltd.) Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.2.13021_10 - Samsung Electronics Co., Ltd.) Samsung Kies (x32 Version: 2.5.2.13021_10 - Samsung Electronics Co., Ltd.) Hidden Samsung Printer Live Update (HKLM-x32\...\Samsung Printer Live Update) (Version: - Samsung Electronics Co., Ltd.) Samsung Recovery Solution 5 (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 5.0.0.10 - Samsung) Samsung Support Center 1.0 (HKLM-x32\...\{F687E657-F636-44DF-8125-9FEEA2C362F5}) (Version: 1.1.38 - Samsung) Samsung Universal Print Driver (HKLM-x32\...\Samsung Universal Print Driver) (Version: 2.02.05.00:27 - Samsung Electronics Co., Ltd.) Samsung Universal Scan Driver (HKLM-x32\...\Samsung Universal Scan Driver) (Version: 1.2.5.0 - Samsung Electronics Co., Ltd.) Samsung Update Plus (HKLM-x32\...\{142D8CA7-2C6F-45A7-83E3-099AAFD99133}) (Version: 3.0.0.17 - Samsung Electronics Co., Ltd.) SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.27.0 - SAMSUNG Electronics Co., Ltd.) simplitec simplicheck (HKLM-x32\...\{EC3825A1-02C6-4A83-8CA4-3F97A25CD37B}) (Version: 1.2.6.0 - simplitec GmbH) Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.) Solars Abenteuer (HKLM-x32\...\Solars Abenteuer) (Version: 1.0.0.0 - INTENIUM GmbH) Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT) Unity Web Player (HKU\S-1-5-21-1335839233-2991384071-368375801-1000\...\UnityWebPlayer) (Version: 4.6.1f1 - Unity Technologies ApS) Unity Web Player (HKU\S-1-5-21-1335839233-2991384071-368375801-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\UnityWebPlayer) (Version: 4.6.1f1 - Unity Technologies ApS) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft) Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft) Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft) Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft) Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden User Guide (HKLM-x32\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.7 - ) WEB.DE Desktop Icons (HKLM-x32\...\1&1 Mail & Media GmbH 1und1DesktopIconsInstaller) (Version: 3.0.5.0 - 1&1 Mail & Media GmbH) WEB.DE MailCheck für Internet Explorer (HKLM-x32\...\1&1 Mail & Media GmbH Toolbar IE8) (Version: 2.6.0.4 - 1&1 Mail & Media GmbH) WEB.DE Softwareaktualisierung (HKLM-x32\...\1&1 Mail & Media GmbH 1und1Softwareaktualisierung) (Version: 3.0.1.0 - 1&1 Mail & Media GmbH) WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.1.5 - WildTangent) WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-samsung) (Version: 4.0.11.14 - WildTangent) WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-wildgames) (Version: 4.0.10.5 - WildTangent) Windows Live 程式集 (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation) WordCaptureX Pro (HKLM-x32\...\{139C1D95-9037-3AB3-F5F4-4A79BF6831EC}) (Version: 4.0.0 - Deskperience) Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-1335839233-2991384071-368375801-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Undertaker\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1335839233-2991384071-368375801-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Undertaker\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1335839233-2991384071-368375801-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Undertaker\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1335839233-2991384071-368375801-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Undertaker\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1335839233-2991384071-368375801-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Undertaker\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1335839233-2991384071-368375801-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Undertaker\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1335839233-2991384071-368375801-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Undertaker\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1335839233-2991384071-368375801-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Undertaker\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1335839233-2991384071-368375801-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Undertaker\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) ==================== Restore Points ========================= 19-01-2015 20:40:10 Windows Update 20-01-2015 20:34:45 Windows Update 22-01-2015 16:27:28 Windows Update 22-01-2015 20:37:33 Windows Update 23-01-2015 15:00:13 Windows Update 24-01-2015 15:00:18 Windows Update 25-01-2015 00:38:33 Windows Update 25-01-2015 15:00:25 Windows Update 25-01-2015 19:00:19 Windows-Sicherung 26-01-2015 15:00:17 Windows Update 26-01-2015 20:29:36 Windows Update 27-01-2015 18:22:18 Entfernt Samsung Story Album Viewer 27-01-2015 18:24:54 Konfiguriert YouCam 27-01-2015 19:18:29 Removed Façade 27-01-2015 19:24:01 Removed Apple Mobile Device Support 27-01-2015 19:26:28 Removed Apple Application Support 27-01-2015 19:27:49 Removed Apple Software Update 27-01-2015 19:28:50 Removed Facebook Messenger 2.1.4814.0 27-01-2015 19:29:22 Removed Facebook Video Calling 3.1.0.521 ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {0524867D-A169-481C-9A0C-198C6518875D} - System32\Tasks\WifiManager => C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe [2011-01-04] (Samsung Electronics Co., Ltd.) Task: {078FFB22-9015-49A6-B981-89BC1A8126BA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-23] (Google Inc.) Task: {166F9492-3248-4C5D-9700-715D41260AEC} - \SomotoUpdateCheckerAutoStart No Task File <==== ATTENTION Task: {198FFBDE-2CD4-47BE-918C-ECA32FBA7DC5} - System32\Tasks\OMESupervisor => C:\Users\Undertaker\AppData\Local\omesuperv.exe <==== ATTENTION Task: {2443A135-D5CD-40DA-8868-F6E3EBB6680D} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc Task: {28360D83-1927-4A54-B96B-F6005B7B2491} - \Advanced System Protector_startup No Task File <==== ATTENTION Task: {35F727AF-6CBD-408F-8B6F-61894FA10258} - \RegClean Pro_UPDATES No Task File <==== ATTENTION Task: {38165492-870E-47A9-890D-C2B300A0BD5E} - \RegClean Pro_DEFAULT No Task File <==== ATTENTION Task: {39BCE7A0-D484-495A-B44E-E60340DE59F1} - System32\Tasks\{97BF6DCC-9FA9-46AE-AB8A-6B23DCEE672D} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.2.59.106/de/abandoninstall?page=tsProgressBar Task: {3AA157AE-E63B-4DD8-9183-42E1DD9C144E} - \Desk 365 RunAsStdUser No Task File <==== ATTENTION Task: {3CEE0580-87F3-496C-9395-7FBB3BD9D937} - System32\Tasks\Registration 1und1 Task => C:\Program Files (x86)\1und1Softwareaktualisierung\cdsupdclient.exe [2014-03-31] (1&1 Mail & Media GmbH) Task: {4F235196-2FB6-4427-8CD7-E97414AF1BC6} - System32\Tasks\MovieColorEnhancer => C:\Program Files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe [2010-11-29] (Samsung Electronics Co., Ltd.) Task: {5698F9C1-AB3B-43DC-B9DF-85285797AE4E} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1335839233-2991384071-368375801-1000Core => C:\Users\Undertaker\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-05-25] (Facebook Inc.) Task: {5B23A2EB-32F1-4969-BBA0-7C130F2B082D} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1335839233-2991384071-368375801-1000UA => C:\Users\Undertaker\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-05-25] (Facebook Inc.) Task: {5B72C455-596E-4729-B316-34EFC238E15C} - \globalUpdateUpdateTaskMachineCore No Task File <==== ATTENTION Task: {5C2A08F4-45A8-4038-A631-14C64CBD25CC} - System32\Tasks\{CFD54570-C1FD-4FD8-A2A8-5AC5940FC6A2} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.3.59.107/de/abandoninstall?page=tsProgressBar Task: {60E7AEEC-79DE-4EB1-ACC0-E26ACD74A5AC} - System32\Tasks\Games\UpdateCheck_S-1-5-21-1335839233-2991384071-368375801-1000 Task: {6681E283-1040-428E-A69C-D57A35C8396C} - System32\Tasks\SUPBackground => C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe [2010-08-27] (Samsung Electronics) Task: {6781603E-58F0-4C02-A068-E46ACA760AEC} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2010-11-10] (CyberLink) Task: {702C8509-0379-4DA2-AB52-66B5F1D28721} - System32\Tasks\EasyPartitionManager => C:\Windows\MSetup\BA46-12225A02\EPM.exe Task: {73342CF0-5CBD-469B-AC04-69212D369AED} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-25] (Adobe Systems Incorporated) Task: {82C66057-B32C-448C-967C-5A0D0518D2DC} - System32\Tasks\EasyBatteryManager => C:\Program Files (x86)\Samsung\EasyBatteryManager\EasyBatteryMgr4.exe [2010-07-20] (SAMSUNG Electronics co., LTD.) Task: {8C242EB3-EB48-4342-ADA0-D0F5064F0D68} - \globalUpdateUpdateTaskMachineUA No Task File <==== ATTENTION Task: {961ACA20-0E01-4988-98AC-14A6FCECFC92} - System32\Tasks\EasySpeedUpManager => C:\Program Files (x86)\Samsung\EasySpeedUpManager\EasySpeedUpManager2.exe [2010-12-23] (Samsung Electronics) Task: {B791B3EC-D781-4CA0-8243-799BDE45381D} - \RegClean Pro No Task File <==== ATTENTION Task: {B849DBD8-E301-4A41-A5B4-59104FA39CC8} - System32\Tasks\SamsungSupportCenter => C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe [2011-09-04] (SAMSUNG Electronics) Task: {B9EC978F-E5F4-4913-8C14-555536BC0FED} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-23] (Google Inc.) Task: {BABA9B97-7BE3-468C-A9A5-48890FF536AC} - System32\Tasks\{3675E0E0-9D70-4AFD-BB54-ED930B6B0AC7} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.1.0.129.272/de/abandoninstall?page=tsProgressBar Task: {BC3C1300-E210-4769-A107-D0321179077A} - System32\Tasks\Fifth => C:\Users\Undertaker\AppData\Roaming\Fifth\Fifth.exe [2014-05-07] () <==== ATTENTION Task: {BFE3F5FD-FF42-44D4-96A9-63B74E0C6185} - System32\Tasks\EasyDisplayMgr => C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe [2010-12-23] (Samsung Electronics Co., Ltd.) Task: {D6C18B2E-F7D3-41CF-9121-0F9F08632AFF} - System32\Tasks\SmartRestarter => C:\Program Files\Samsung\SamsungFastStart\SmartRestarter.exe [2010-08-05] (Samsung Electronics Co., Ltd.) Task: {DEE6CBD1-045A-46CB-97B6-C85EEC4331DF} - System32\Tasks\{3B277F02-A186-4B0D-ADE2-DB67C0D2B029} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.6.0.106/de/abandoninstall?page=tsPlugin Task: {E28C6E1A-A2E7-4705-B9E7-203E113D75D6} - System32\Tasks\advSRS5 => C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe [2010-11-17] (SEC) Task: {EA29D57E-8D8E-4584-81A6-53C32CD1DF32} - System32\Tasks\BatteryLifeExtender => C:\Program Files (x86)\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe [2010-12-18] (Samsung Electronics. Co. Ltd.) Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1335839233-2991384071-368375801-1000Core.job => C:\Users\Undertaker\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1335839233-2991384071-368375801-1000UA.job => C:\Users\Undertaker\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2011-10-19 23:34 - 2008-06-05 00:53 - 00027648 _____ () C:\windows\System32\spd__l.dll 2011-03-22 22:23 - 2011-03-22 22:23 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll 2013-03-11 17:10 - 2013-03-11 17:10 - 00075136 _____ () C:\windows\SysWOW64\PnkBstrA.exe 2013-03-11 17:11 - 2013-03-11 17:11 - 00189248 _____ () C:\windows\SysWOW64\PnkBstrB.exe 2011-10-19 09:15 - 2009-12-01 08:21 - 00244904 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe 2011-03-22 22:23 - 2011-03-22 22:23 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll 2011-03-17 12:54 - 2011-03-17 12:54 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll 2011-03-22 22:14 - 2011-03-22 22:14 - 00243712 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll 2011-10-19 23:34 - 2010-10-21 19:22 - 00709632 _____ () C:\windows\system32\SnMinDrv.dll 2011-10-19 09:32 - 2010-07-05 11:42 - 00203776 _____ () C:\Program Files (x86)\Samsung\Movie Color Enhancer\WinCRT.dll 2014-10-22 01:22 - 2014-10-22 01:22 - 00750080 _____ () C:\Users\Undertaker\AppData\Roaming\Dropbox\bin\libGLESv2.dll 2015-01-27 17:29 - 2015-01-27 17:29 - 00043008 _____ () c:\Users\Undertaker\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpqd1yx9.dll 2014-10-22 01:22 - 2014-10-22 01:22 - 00047616 _____ () C:\Users\Undertaker\AppData\Roaming\Dropbox\bin\libEGL.dll 2014-10-22 01:22 - 2014-10-22 01:22 - 00863744 _____ () C:\Users\Undertaker\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll 2014-10-22 01:22 - 2014-10-22 01:22 - 00200704 _____ () C:\Users\Undertaker\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll 2011-10-19 09:29 - 2006-08-12 04:48 - 00049152 _____ () C:\Program Files (x86)\Samsung\Easy Display Manager\HookDllPS2.dll 2011-10-19 09:37 - 2010-05-07 15:22 - 01636864 _____ () C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\Resdll.dll 2009-11-02 06:20 - 2009-11-02 06:20 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll 2009-11-02 06:23 - 2009-11-02 06:23 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\startupfolder: C:^Users^Undertaker^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Facebook Messenger.lnk => C:\windows\pss\Facebook Messenger.lnk.Startup MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe" MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun ========================= Accounts: ========================== Administrator (S-1-5-21-1335839233-2991384071-368375801-500 - Administrator - Disabled) Gast (S-1-5-21-1335839233-2991384071-368375801-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-1335839233-2991384071-368375801-1005 - Limited - Enabled) Shari (S-1-5-21-1335839233-2991384071-368375801-1001 - Limited - Enabled) => C:\Users\Shari Undertaker (S-1-5-21-1335839233-2991384071-368375801-1000 - Administrator - Enabled) => C:\Users\Undertaker ==================== Faulty Device Manager Devices ============= Name: Teredo Tunneling Pseudo-Interface Description: Microsoft-Teredo-Tunneling-Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (01/27/2015 05:28:50 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/27/2015 04:17:52 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/26/2015 04:52:59 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 12901 Error: (01/26/2015 04:52:59 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 12901 Error: (01/26/2015 04:52:59 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (01/26/2015 04:52:56 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 10249 Error: (01/26/2015 04:52:56 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 10249 Error: (01/26/2015 04:52:56 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (01/26/2015 04:52:53 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 7191 Error: (01/26/2015 04:52:53 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 7191 System errors: ============= Error: (01/27/2015 07:24:27 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Apple Mobile Device" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts. Error: (01/27/2015 05:25:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet: %%1275 Error: (01/27/2015 05:25:30 PM) (Source: Application Popup) (EventID: 875) (User: ) Description: Treiber atksgt.sys konnte nicht geladen werden. Error: (01/27/2015 05:25:15 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: Das System wurde zuvor am 27.01.2015 um 17:19:59 unerwartet heruntergefahren. Error: (01/27/2015 04:17:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet: %%1275 Error: (01/27/2015 04:17:39 PM) (Source: Application Popup) (EventID: 875) (User: ) Description: Treiber atksgt.sys konnte nicht geladen werden. Error: (01/26/2015 02:36:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet: %%1275 Error: (01/26/2015 02:36:57 PM) (Source: Application Popup) (EventID: 875) (User: ) Description: Treiber atksgt.sys konnte nicht geladen werden. Error: (01/25/2015 09:33:46 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet: %%1275 Error: (01/25/2015 09:33:46 AM) (Source: Application Popup) (EventID: 875) (User: ) Description: Treiber atksgt.sys konnte nicht geladen werden. Microsoft Office Sessions: ========================= ==================== Memory info =========================== Processor: AMD E-450 APU with Radeon(tm) HD Graphics Percentage of memory in use: 32% Total physical RAM: 8171.93 MB Available physical RAM: 5505.77 MB Total Pagefile: 16342.03 MB Available Pagefile: 13009.96 MB Total Virtual: 8192 MB Available Virtual: 8191.85 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:365 GB) (Free:114.14 GB) NTFS Drive d: () (Fixed) (Total:544.44 GB) (Free:0 GB) NTFS Drive e: (Klasse4a 2013/14) (CDROM) (Total:0.83 GB) (Free:0 GB) CDFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 931.5 GB) (Disk ID: DBCA14F4) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=365 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=544.4 GB) - (Type=OF Extended) Partition 4: (Not Active) - (Size=22 GB) - (Type=27) ==================== End Of Log ============================ |
28.01.2015, 08:19 | #4 |
/// the machine /// TB-Ausbilder | zu viele pup's gefunden Fehlt noch die FRST.txt.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
28.01.2015, 15:28 | #5 |
| zu viele pup's gefunden ups sorry Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2015 01 Ran by Undertaker (administrator) on UNDERTAKER-PC on 28-01-2015 15:25:35 Running from C:\Users\Undertaker\Desktop Loaded Profiles: Undertaker & Shari & (Available profiles: Undertaker & Shari) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe () C:\Windows\SysWOW64\PnkBstrA.exe () C:\Windows\SysWOW64\PnkBstrB.exe () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe (Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Dropbox, Inc.) C:\Users\Undertaker\AppData\Roaming\Dropbox\bin\Dropbox.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (1und1 Mail und Media GmbH) C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe (SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe (Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\SamsungFastStart\SmartRestarter.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe (SAMSUNG Electronics) C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (Samsung Electronics) C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe (MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_16_0_0_296_ActiveX.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\update.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\updrgui.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11895400 2011-06-25] (Realtek Semiconductor) HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2588968 2010-11-12] (ELAN Microelectronics Corp.) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\qttask.exe [421888 2012-11-18] (Apple Inc.) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-16] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-03-22] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-10-28] (Samsung Electronics Co., Ltd.) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-08-16] (Apple Inc.) HKLM-x32\...\Run: [PopularScreensavers EPM Support] => "C:\PROGRA~2\POPULA~2\bar\1.bin\7imedint.exe" T8EPMSUP.DLL,S HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3816784 2014-07-21] (LogMeIn Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation) HKLM-x32\...\Run: [MailCheck IE Broker] => C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe [2135104 2014-11-17] (1und1 Mail und Media GmbH) HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126200 2014-11-20] (Avira Operations GmbH & Co. KG) HKU\S-1-5-21-1335839233-2991384071-368375801-1000\...\Run: [Facebook Update] => C:\Users\Undertaker\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-05-25] (Facebook Inc.) HKU\S-1-5-21-1335839233-2991384071-368375801-1000\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564528 2013-10-28] (Samsung) HKU\S-1-5-21-1335839233-2991384071-368375801-1000\...\Run: [KiesAirMessage] => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup HKU\S-1-5-21-1335839233-2991384071-368375801-1000\...\Run: [] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845168 2013-10-28] (Samsung) HKU\S-1-5-21-1335839233-2991384071-368375801-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.) HKU\S-1-5-21-1335839233-2991384071-368375801-1000\...\Run: [SCheck] => "C:\Users\Undertaker\AppData\Roaming\SCheck\SCheck.exe" check HKU\S-1-5-21-1335839233-2991384071-368375801-1000\...\Run: [Snoozer] => "C:\Users\Undertaker\AppData\Roaming\Snz\Snz.exe" HKU\S-1-5-21-1335839233-2991384071-368375801-1000\...\Policies\system: [LogonHoursAction] 2 HKU\S-1-5-21-1335839233-2991384071-368375801-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 HKU\S-1-5-21-1335839233-2991384071-368375801-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Facebook Update] => C:\Users\Undertaker\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-05-25] (Facebook Inc.) HKU\S-1-5-21-1335839233-2991384071-368375801-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564528 2013-10-28] (Samsung) HKU\S-1-5-21-1335839233-2991384071-368375801-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [KiesAirMessage] => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup HKU\S-1-5-21-1335839233-2991384071-368375801-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845168 2013-10-28] (Samsung) HKU\S-1-5-21-1335839233-2991384071-368375801-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.) HKU\S-1-5-21-1335839233-2991384071-368375801-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [SCheck] => "C:\Users\Undertaker\AppData\Roaming\SCheck\SCheck.exe" check HKU\S-1-5-21-1335839233-2991384071-368375801-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Snoozer] => "C:\Users\Undertaker\AppData\Roaming\Snz\Snz.exe" HKU\S-1-5-21-1335839233-2991384071-368375801-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Google Update] => "C:\Users\Undertaker\AppData\Local\Google\Update\GoogleUpdate.exe" /c HKU\S-1-5-21-1335839233-2991384071-368375801-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [LogonHoursAction] 2 HKU\S-1-5-21-1335839233-2991384071-368375801-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 HKU\S-1-5-21-1335839233-2991384071-368375801-1001\...\Policies\system: [LogonHoursAction] 2 HKU\S-1-5-21-1335839233-2991384071-368375801-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 HKU\S-1-5-21-1335839233-2991384071-368375801-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [LogonHoursAction] 2 HKU\S-1-5-21-1335839233-2991384071-368375801-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 Startup: C:\Users\Undertaker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Undertaker\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\Undertaker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\simplicheck.lnk ShortcutTarget: simplicheck.lnk -> C:\Program Files (x86)\simplitec\simplicheck\simplicheck.exe (simplitec) GroupPolicy: Group Policy on Chrome detected <======= ATTENTION GroupPolicyUsers\S-1-5-21-1335839233-2991384071-368375801-1001\User: Group Policy restriction detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-1335839233-2991384071-368375801-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-1335839233-2991384071-368375801-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKU\S-1-5-21-1335839233-2991384071-368375801-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/ HKU\S-1-5-21-1335839233-2991384071-368375801-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/ SearchScopes: HKLM-x32 -> {46197f3d-30e7-4905-a14b-02bee3aaeb58} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^ZR^xpt375^YYA^de&si=installldownload&ptb=0E8920FA-4A8E-4D05-AEC7-24878D0A957B&ind=2014012411&n=780b63fb&psa=&st=sb&searchfor={searchTerms} SearchScopes: HKU\S-1-5-21-1335839233-2991384071-368375801-1000 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3320324&octid=EB_ORIGINAL_CTID&ISID=MB0298338-80AB-4314-8F5D-6B6D269AC11C&SearchSource=58&CUI=&UM=5&UP=SPEF6BECDB-4BBA-4236-A5DB-962AD73DFA79&q={searchTerms}&SSPV= SearchScopes: HKU\S-1-5-21-1335839233-2991384071-368375801-1000 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3320324&octid=EB_ORIGINAL_CTID&ISID=MB0298338-80AB-4314-8F5D-6B6D269AC11C&SearchSource=58&CUI=&UM=5&UP=SPEF6BECDB-4BBA-4236-A5DB-962AD73DFA79&q={searchTerms}&SSPV= SearchScopes: HKU\S-1-5-21-1335839233-2991384071-368375801-1000 -> {0EB8452D-5CC8-4EC9-A8EB-2C88D21E35F4} URL = hxxp://go.web.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8 SearchScopes: HKU\S-1-5-21-1335839233-2991384071-368375801-1000 -> {1A508217-8DC1-40F6-9D15-8A0EC64BF6A2} URL = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie SearchScopes: HKU\S-1-5-21-1335839233-2991384071-368375801-1000 -> {1EC8755B-73D5-4C21-ADD0-099B6E4567B6} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms} SearchScopes: HKU\S-1-5-21-1335839233-2991384071-368375801-1000 -> {46197f3d-30e7-4905-a14b-02bee3aaeb58} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^ZR^xpt375^YYA^de&si=installldownload&ptb=0E8920FA-4A8E-4D05-AEC7-24878D0A957B&ind=2014012411&n=780b63fb&psa=&st=sb&searchfor={searchTerms} SearchScopes: HKU\S-1-5-21-1335839233-2991384071-368375801-1000 -> {622B93BA-9CAD-4BAE-88A5-B71A271A02DC} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=protegere SearchScopes: HKU\S-1-5-21-1335839233-2991384071-368375801-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = https://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-1335839233-2991384071-368375801-1000 -> {8060BA75-525E-4046-B850-748E8FD0310F} URL = hxxp://go.gmx.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8 SearchScopes: HKU\S-1-5-21-1335839233-2991384071-368375801-1000 -> {9D1BC582-268A-4954-B09A-E237CF70CDD5} URL = hxxp://go.mail.com/tb/en-us/ie_searchplugin/?q={searchTerms}&enc=UTF-8 SearchScopes: HKU\S-1-5-21-1335839233-2991384071-368375801-1000 -> {A94AC31E-7810-432A-A47B-9C437A2B1847} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8 SearchScopes: HKU\S-1-5-21-1335839233-2991384071-368375801-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3320324&octid=EB_ORIGINAL_CTID&ISID=MB0298338-80AB-4314-8F5D-6B6D269AC11C&SearchSource=58&CUI=&UM=5&UP=SPEF6BECDB-4BBA-4236-A5DB-962AD73DFA79&q={searchTerms}&SSPV= SearchScopes: HKU\S-1-5-21-1335839233-2991384071-368375801-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3320324&octid=EB_ORIGINAL_CTID&ISID=MB0298338-80AB-4314-8F5D-6B6D269AC11C&SearchSource=58&CUI=&UM=5&UP=SPEF6BECDB-4BBA-4236-A5DB-962AD73DFA79&q={searchTerms}&SSPV= SearchScopes: HKU\S-1-5-21-1335839233-2991384071-368375801-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {0EB8452D-5CC8-4EC9-A8EB-2C88D21E35F4} URL = hxxp://go.web.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8 SearchScopes: HKU\S-1-5-21-1335839233-2991384071-368375801-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {1A508217-8DC1-40F6-9D15-8A0EC64BF6A2} URL = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie SearchScopes: HKU\S-1-5-21-1335839233-2991384071-368375801-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {1EC8755B-73D5-4C21-ADD0-099B6E4567B6} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms} SearchScopes: HKU\S-1-5-21-1335839233-2991384071-368375801-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {46197f3d-30e7-4905-a14b-02bee3aaeb58} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^ZR^xpt375^YYA^de&si=installldownload&ptb=0E8920FA-4A8E-4D05-AEC7-24878D0A957B&ind=2014012411&n=780b63fb&psa=&st=sb&searchfor={searchTerms} SearchScopes: HKU\S-1-5-21-1335839233-2991384071-368375801-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {622B93BA-9CAD-4BAE-88A5-B71A271A02DC} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=protegere SearchScopes: HKU\S-1-5-21-1335839233-2991384071-368375801-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = https://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-1335839233-2991384071-368375801-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {8060BA75-525E-4046-B850-748E8FD0310F} URL = hxxp://go.gmx.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8 SearchScopes: HKU\S-1-5-21-1335839233-2991384071-368375801-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {9D1BC582-268A-4954-B09A-E237CF70CDD5} URL = hxxp://go.mail.com/tb/en-us/ie_searchplugin/?q={searchTerms}&enc=UTF-8 SearchScopes: HKU\S-1-5-21-1335839233-2991384071-368375801-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {A94AC31E-7810-432A-A47B-9C437A2B1847} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8 BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: WEB.DE MailCheck BHO -> {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} -> C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Samsung BHO Class -> {AA609D72-8482-4076-8991-8CDAE5B93BCB} -> C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll () BHO-x32: WEB.DE MailCheck BHO -> {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} -> C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - WEB.DE MailCheck - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH) Toolbar: HKLM-x32 - WEB.DE MailCheck - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH) Toolbar: HKU\S-1-5-21-1335839233-2991384071-368375801-1000 -> No Name - {4F524A2D-5637-006A-76A7-7A786E7484D7} - No File Toolbar: HKU\S-1-5-21-1335839233-2991384071-368375801-1000 -> No Name - {4F524A2D-5637-4300-76A7-7A786E7484D7} - No File Toolbar: HKU\S-1-5-21-1335839233-2991384071-368375801-1000 -> WEB.DE MailCheck - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH) Toolbar: HKU\S-1-5-21-1335839233-2991384071-368375801-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {4F524A2D-5637-006A-76A7-7A786E7484D7} - No File Toolbar: HKU\S-1-5-21-1335839233-2991384071-368375801-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {4F524A2D-5637-4300-76A7-7A786E7484D7} - No File Toolbar: HKU\S-1-5-21-1335839233-2991384071-368375801-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> WEB.DE MailCheck - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH) Toolbar: HKU\S-1-5-21-1335839233-2991384071-368375801-1001 -> WEB.DE MailCheck - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH) Toolbar: HKU\S-1-5-21-1335839233-2991384071-368375801-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Toolbar: HKU\S-1-5-21-1335839233-2991384071-368375801-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> WEB.DE MailCheck - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH) Toolbar: HKU\S-1-5-21-1335839233-2991384071-368375801-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File DPF: HKLM {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab DPF: HKLM {784797A8-342D-4072-9486-03C8D0F2F0A1} hxxp://www.battlefieldheroes.com/static/updater/BFHUpdater_x64_5.0.199.0.cab Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Handler: webde - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH) Handler-x32: webde - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH) FireFox: ======== FF Plugin: @java.com/DTPlugin,version=10.9.2 -> C:\windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @popularscreensavers.com/Plugin -> C:\Program Files (x86)\PopularScreensavers\NPp5Stub.dll No File FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\5\NP_wtapp.dll () FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-1335839233-2991384071-368375801-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Undertaker\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF Plugin HKU\S-1-5-21-1335839233-2991384071-368375801-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Undertaker\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF Plugin HKU\S-1-5-21-1335839233-2991384071-368375801-1000: bebomedia.com/OfferMosquitoIEHelper -> C:\Users\Undertaker\AppData\Local\ext_offermosquito\npOfferMosquitoIEHelper.dll No File FF Plugin HKU\S-1-5-21-1335839233-2991384071-368375801-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll () FF Plugin HKU\S-1-5-21-1335839233-2991384071-368375801-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Undertaker\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF Plugin HKU\S-1-5-21-1335839233-2991384071-368375801-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @tools.google.com/Google Update;version=3 -> C:\Users\Undertaker\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll No File FF Plugin HKU\S-1-5-21-1335839233-2991384071-368375801-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @tools.google.com/Google Update;version=9 -> C:\Users\Undertaker\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll No File FF Plugin HKU\S-1-5-21-1335839233-2991384071-368375801-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Undertaker\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF Plugin HKU\S-1-5-21-1335839233-2991384071-368375801-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: bebomedia.com/OfferMosquitoIEHelper -> C:\Users\Undertaker\AppData\Local\ext_offermosquito\npOfferMosquitoIEHelper.dll No File FF Plugin HKU\S-1-5-21-1335839233-2991384071-368375801-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: facebook.com/fbDesktopPlugin -> C:\Users\Undertaker\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll No File FF Plugin HKU\S-1-5-21-1335839233-2991384071-368375801-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll () Chrome: ======= CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path CHR HKLM-x32\...\Chrome\Extension: [mjdepfkicdcciagbigfcmdhknnoaaegf] - C:\Program Files (x86)\Deskperience\Word Capture\wcxChrome.crx [2010-07-23] |
28.01.2015, 18:39 | #6 |
/// the machine /// TB-Ausbilder | zu viele pup's gefunden Lade Dir bitte von hier Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
Downloade Dir bitte AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ --> zu viele pup's gefunden |
28.01.2015, 19:52 | #7 |
| zu viele pup's gefunden hier das file vom adware cleaner Code:
ATTFilter # AdwCleaner v4.109 - Bericht erstellt am 28/01/2015 um 19:16:21 # Aktualisiert 24/01/2015 von Xplode # Database : 2015-01-26.1 [Live] # Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits) # Benutzername : Undertaker - UNDERTAKER-PC # Gestartet von : C:\Users\Undertaker\Desktop\AdwCleaner_4.109.exe # Option : Löschen ***** [ Dienste ] ***** Dienst Gelöscht : {e63d9559-e4c3-499e-867a-a3c9d0a21400}Gw64 ***** [ Dateien / Ordner ] ***** Ordner Gelöscht : C:\ProgramData\apn Ordner Gelöscht : C:\ProgramData\simplitec Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\simplitec Ordner Gelöscht : C:\Program Files (x86)\simplitec Ordner Gelöscht : C:\Users\UNDERT~1\AppData\Local\Temp\apn Ordner Gelöscht : C:\Users\Undertaker\AppData\Roaming\Fifth Ordner Gelöscht : C:\Users\Undertaker\AppData\Roaming\simplitec Datei Gelöscht : C:\Users\Public\Desktop\simplicheck.lnk Datei Gelöscht : C:\windows\System32\log\iSafeKrnlCall.log Datei Gelöscht : C:\windows\System32\sasnative64.exe Datei Gelöscht : C:\windows\System32\drivers\taphss6.sys Datei Gelöscht : C:\windows\System32\drivers\{e63d9559-e4c3-499e-867a-a3c9d0a21400}Gw64.sys Datei Gelöscht : C:\Users\Undertaker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\simplicheck.lnk Datei Gelöscht : C:\Users\Undertaker\Desktop\Goodgame Empire.lnk ***** [ Tasks ] ***** Task Gelöscht : Advanced System Protector_startup Task Gelöscht : Desk 365 RunAsStdUser Task Gelöscht : Fifth Task Gelöscht : globalUpdateUpdateTaskMachineCore Task Gelöscht : globalUpdateUpdateTaskMachineUA Task Gelöscht : OMESupervisor Task Gelöscht : RegClean Pro Task Gelöscht : RegClean Pro_DEFAULT Task Gelöscht : RegClean Pro_UPDATES Task Gelöscht : SomotoUpdateCheckerAutoStart ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [scheck] Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Snoozer] Schlüssel Gelöscht : HKCU\Software\MozillaPlugins\bebomedia.com/OfferMosquitoIEHelper Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0 Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10 Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4 Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Wpm Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZipper Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZipper Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinZipper Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C424171E-592A-415A-9EB1-DFD6D95D3530} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C424171E-592A-415A-9EB1-DFD6D95D3530} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C424171E-592A-415A-9EB1-DFD6D95D3530} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A} Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{C424171E-592A-415A-9EB1-DFD6D95D3530}] Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{4F524A2D-5637-006A-76A7-7A786E7484D7}] Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{4F524A2D-5637-4300-76A7-7A786E7484D7}] Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{C424171E-592A-415A-9EB1-DFD6D95D3530}] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{C424171E-592A-415A-9EB1-DFD6D95D3530} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5} Wert Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{C424171E-592A-415A-9EB1-DFD6D95D3530}] Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{46197f3d-30e7-4905-a14b-02bee3aaeb58} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{622B93BA-9CAD-4BAE-88A5-B71A271A02DC} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{46197f3d-30e7-4905-a14b-02bee3aaeb58} Schlüssel Gelöscht : HKCU\Software\APN PIP Schlüssel Gelöscht : HKCU\Software\GlobalUpdate Schlüssel Gelöscht : HKCU\Software\OfferMosquito Schlüssel Gelöscht : HKCU\Software\Protector Schlüssel Gelöscht : HKCU\Software\Somoto Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\BlockAndSurf Schlüssel Gelöscht : HKLM\SOFTWARE\GlobalUpdate Schlüssel Gelöscht : HKLM\SOFTWARE\PIP Schlüssel Gelöscht : HKLM\SOFTWARE\simplitec Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EC3825A1-02C6-4A83-8CA4-3F97A25CD37B} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Features\1A5283CE6C2038A4C84AF3792AC53DB7 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Products\1A5283CE6C2038A4C84AF3792AC53DB7 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\499E8534DA7E759419D2048CB780D3D5 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5DCE3C04E576AD15F972B67D0725120C Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\62255E52F19EC97429A42D59D49024FA Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\930D9472A978D7A4EB16BF4DECB173B7 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AEB93799E8B47D14CA356E4343D632A4 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BAE7C2A75DF08824E9CEFDE20F655BD9 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1A5283CE6C2038A4C84AF3792AC53DB7 ***** [ Browser ] ***** -\\ Internet Explorer v11.0.9600.17280 ************************* AdwCleaner[R0].txt - [11956 octets] - [02/01/2014 16:47:50] AdwCleaner[R1].txt - [9536 octets] - [02/01/2014 17:00:03] AdwCleaner[R2].txt - [5157 octets] - [16/03/2014 21:00:43] AdwCleaner[R3].txt - [6861 octets] - [22/05/2014 19:32:42] AdwCleaner[R4].txt - [12915 octets] - [28/01/2015 19:09:27] AdwCleaner[R5].txt - [12976 octets] - [28/01/2015 19:13:24] AdwCleaner[S0].txt - [2616 octets] - [02/01/2014 16:50:29] AdwCleaner[S1].txt - [7748 octets] - [02/01/2014 17:01:25] AdwCleaner[S2].txt - [5005 octets] - [16/03/2014 21:05:05] AdwCleaner[S3].txt - [1756 octets] - [22/05/2014 19:36:05] AdwCleaner[S4].txt - [12104 octets] - [28/01/2015 19:16:21] ########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [12165 octets] ########## FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-01-2015 Ran by Undertaker (administrator) on UNDERTAKER-PC on 28-01-2015 19:47:56 Running from C:\Users\Undertaker\Desktop Loaded Profiles: Undertaker & Shari (Available profiles: Undertaker & Shari) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe () C:\Windows\SysWOW64\PnkBstrA.exe () C:\Windows\SysWOW64\PnkBstrB.exe () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe (Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung) C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Dropbox, Inc.) C:\Users\Undertaker\AppData\Roaming\Dropbox\bin\Dropbox.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (1und1 Mail und Media GmbH) C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe (CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe (Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\SamsungFastStart\SmartRestarter.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (SAMSUNG Electronics) C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe (MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Samsung Electronics) C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11895400 2011-06-25] (Realtek Semiconductor) HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2588968 2010-11-12] (ELAN Microelectronics Corp.) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\qttask.exe [421888 2012-11-18] (Apple Inc.) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-16] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-03-22] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-10-28] (Samsung Electronics Co., Ltd.) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-08-16] (Apple Inc.) HKLM-x32\...\Run: [PopularScreensavers EPM Support] => "C:\PROGRA~2\POPULA~2\bar\1.bin\7imedint.exe" T8EPMSUP.DLL,S HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3816784 2014-07-21] (LogMeIn Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation) HKLM-x32\...\Run: [MailCheck IE Broker] => C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe [2135104 2014-11-17] (1und1 Mail und Media GmbH) HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126200 2014-11-20] (Avira Operations GmbH & Co. KG) HKU\S-1-5-21-1335839233-2991384071-368375801-1000\...\Run: [Facebook Update] => C:\Users\Undertaker\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-05-25] (Facebook Inc.) HKU\S-1-5-21-1335839233-2991384071-368375801-1000\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564528 2013-10-28] (Samsung) HKU\S-1-5-21-1335839233-2991384071-368375801-1000\...\Run: [KiesAirMessage] => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup HKU\S-1-5-21-1335839233-2991384071-368375801-1000\...\Run: [] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845168 2013-10-28] (Samsung) HKU\S-1-5-21-1335839233-2991384071-368375801-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.) HKU\S-1-5-21-1335839233-2991384071-368375801-1000\...\Policies\system: [LogonHoursAction] 2 HKU\S-1-5-21-1335839233-2991384071-368375801-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 HKU\S-1-5-21-1335839233-2991384071-368375801-1001\...\Policies\system: [LogonHoursAction] 2 HKU\S-1-5-21-1335839233-2991384071-368375801-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 Startup: C:\Users\Undertaker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Undertaker\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) GroupPolicy: Group Policy on Chrome detected <======= ATTENTION GroupPolicyUsers\S-1-5-21-1335839233-2991384071-368375801-1001\User: Group Policy restriction detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-1335839233-2991384071-368375801-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKU\S-1-5-21-1335839233-2991384071-368375801-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/ SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1335839233-2991384071-368375801-1000 -> {0EB8452D-5CC8-4EC9-A8EB-2C88D21E35F4} URL = hxxp://go.web.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8 SearchScopes: HKU\S-1-5-21-1335839233-2991384071-368375801-1000 -> {1A508217-8DC1-40F6-9D15-8A0EC64BF6A2} URL = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie SearchScopes: HKU\S-1-5-21-1335839233-2991384071-368375801-1000 -> {1EC8755B-73D5-4C21-ADD0-099B6E4567B6} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms} SearchScopes: HKU\S-1-5-21-1335839233-2991384071-368375801-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = https://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-1335839233-2991384071-368375801-1000 -> {8060BA75-525E-4046-B850-748E8FD0310F} URL = hxxp://go.gmx.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8 SearchScopes: HKU\S-1-5-21-1335839233-2991384071-368375801-1000 -> {9D1BC582-268A-4954-B09A-E237CF70CDD5} URL = hxxp://go.mail.com/tb/en-us/ie_searchplugin/?q={searchTerms}&enc=UTF-8 SearchScopes: HKU\S-1-5-21-1335839233-2991384071-368375801-1000 -> {A94AC31E-7810-432A-A47B-9C437A2B1847} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8 BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: WEB.DE MailCheck BHO -> {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} -> C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Samsung BHO Class -> {AA609D72-8482-4076-8991-8CDAE5B93BCB} -> C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll () BHO-x32: WEB.DE MailCheck BHO -> {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} -> C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKU\S-1-5-21-1335839233-2991384071-368375801-1001 -> No Name - {C424171E-592A-415A-9EB1-DFD6D95D3530} - No File Toolbar: HKU\S-1-5-21-1335839233-2991384071-368375801-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File DPF: HKLM {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab DPF: HKLM {784797A8-342D-4072-9486-03C8D0F2F0A1} hxxp://www.battlefieldheroes.com/static/updater/BFHUpdater_x64_5.0.199.0.cab Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Handler: webde - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH) Handler-x32: webde - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH) FireFox: ======== FF Plugin: @java.com/DTPlugin,version=10.9.2 -> C:\windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @popularscreensavers.com/Plugin -> C:\Program Files (x86)\PopularScreensavers\NPp5Stub.dll No File FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\5\NP_wtapp.dll () FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-1335839233-2991384071-368375801-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Undertaker\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF Plugin HKU\S-1-5-21-1335839233-2991384071-368375801-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Undertaker\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF Plugin HKU\S-1-5-21-1335839233-2991384071-368375801-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll () Chrome: ======= CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path CHR HKLM-x32\...\Chrome\Extension: [mjdepfkicdcciagbigfcmdhknnoaaegf] - C:\Program Files (x86)\Deskperience\Word Capture\wcxChrome.crx [2010-07-23] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [365568 2011-03-22] (Advanced Micro Devices, Inc.) [File not signed] R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG) R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-11-20] (Avira Operations GmbH & Co. KG) R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG) [File not signed] S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed] S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [254016 2014-10-10] (WildTangent) R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation) R2 PnkBstrA; C:\windows\SysWOW64\PnkBstrA.exe [75136 2013-03-11] () R2 PnkBstrB; C:\windows\SysWOW64\PnkBstrB.exe [189248 2013-03-11] () R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-12-01] () [File not signed] R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [310984 2013-07-28] () R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-14] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-14] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-01] (Avira Operations GmbH & Co. KG) R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [42696 2013-07-28] () S3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-27] (Malwarebytes Corporation) S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2012-01-16] (Windows (R) 2003 DDK 3790 provider) S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed] S3 RkHit; \??\C:\windows\system32\drivers\RKHit.sys [X] S3 taphss6; system32\DRIVERS\taphss6.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-28 19:44 - 2015-01-28 19:44 - 00001473 _____ () C:\Users\Undertaker\Desktop\JRT.txt 2015-01-28 19:36 - 2015-01-28 19:36 - 01707939 _____ (Thisisu) C:\Users\Undertaker\Desktop\JRT.exe 2015-01-28 19:08 - 2015-01-28 19:08 - 02194432 _____ () C:\Users\Undertaker\Desktop\AdwCleaner_4.109.exe 2015-01-28 19:02 - 2015-01-28 19:02 - 00001224 _____ () C:\Users\Undertaker\Desktop\Revo Uninstaller.lnk 2015-01-28 19:01 - 2015-01-28 19:01 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2015-01-27 19:33 - 2015-01-27 19:35 - 00037143 _____ () C:\Users\Undertaker\Desktop\Addition.txt 2015-01-27 19:31 - 2015-01-28 19:47 - 00019001 _____ () C:\Users\Undertaker\Desktop\FRST.txt 2015-01-27 19:31 - 2015-01-28 19:47 - 00000000 ____D () C:\Users\Undertaker\Desktop\FRST-OlderVersion 2015-01-27 18:41 - 2015-01-27 18:41 - 00010308 _____ () C:\Users\Undertaker\Desktop\Malwarebytes2701.txt 2015-01-27 18:25 - 2015-01-27 18:25 - 00000000 ____D () C:\ProgramData\Temp 2015-01-27 16:22 - 2015-01-27 16:22 - 00000000 ____D () C:\Users\Public\Documents\CrashDump 2015-01-17 09:51 - 2015-01-17 09:51 - 01080608 _____ (Unity Technologies ApS) C:\Users\Undertaker\Downloads\UnityWebPlayer.exe 2015-01-17 09:51 - 2015-01-17 09:51 - 00000000 ____D () C:\Users\Undertaker\AppData\Local\Unity 2015-01-01 16:45 - 2015-01-01 16:46 - 00000000 ____D () C:\Users\Undertaker\Documents\Fax ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-28 19:48 - 2014-01-02 16:54 - 00000000 ____D () C:\FRST 2015-01-28 19:47 - 2014-01-02 16:53 - 02130432 _____ (Farbar) C:\Users\Undertaker\Desktop\FRST64.exe 2015-01-28 19:47 - 2012-12-23 11:12 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job 2015-01-28 19:28 - 2012-12-04 13:05 - 00000948 _____ () C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1335839233-2991384071-368375801-1000UA.job 2015-01-28 19:27 - 2009-07-14 05:45 - 00028624 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-01-28 19:27 - 2009-07-14 05:45 - 00028624 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-01-28 19:21 - 2014-07-25 17:13 - 00000000 ___RD () C:\Users\Undertaker\Dropbox 2015-01-28 19:21 - 2014-07-25 17:11 - 00000000 ____D () C:\Users\Undertaker\AppData\Roaming\Dropbox 2015-01-28 19:21 - 2014-04-11 19:58 - 00000000 ____D () C:\Users\Undertaker\AppData\Local\LogMeIn Hamachi 2015-01-28 19:19 - 2013-04-20 09:22 - 00001110 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-01-28 19:18 - 2013-04-20 09:22 - 00001106 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-01-28 19:17 - 2013-04-20 09:22 - 00000000 ____D () C:\Program Files (x86)\Google 2015-01-28 19:17 - 2013-04-05 23:59 - 00057747 _____ () C:\windows\setupact.log 2015-01-28 19:17 - 2013-04-05 23:52 - 00222158 _____ () C:\windows\PFRO.log 2015-01-28 19:17 - 2009-07-14 06:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT 2015-01-28 19:16 - 2014-01-02 16:47 - 00000000 ____D () C:\AdwCleaner 2015-01-28 19:16 - 2014-01-01 21:10 - 00000000 ____D () C:\windows\system32\log 2015-01-28 19:16 - 2011-10-20 00:52 - 01235905 _____ () C:\windows\WindowsUpdate.log 2015-01-28 19:01 - 2014-07-29 16:13 - 00000000 ____D () C:\Neuer Ordner 2015-01-28 18:58 - 2012-12-04 13:05 - 00000926 _____ () C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1335839233-2991384071-368375801-1000Core.job 2015-01-28 15:23 - 2012-10-30 16:20 - 00000000 ____D () C:\windows\System32\Tasks\Games 2015-01-27 19:22 - 2014-01-24 17:52 - 00000000 ____D () C:\Facade 2015-01-27 19:17 - 2013-04-20 09:22 - 00000000 ____D () C:\Users\Undertaker\AppData\Local\Google 2015-01-27 18:23 - 2011-10-19 09:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung 2015-01-27 18:23 - 2011-10-19 09:04 - 00000000 ____D () C:\Program Files (x86)\Samsung 2015-01-27 18:23 - 2011-10-19 08:59 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2015-01-27 18:06 - 2014-05-22 18:43 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys 2015-01-27 18:05 - 2014-05-22 18:42 - 00001062 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-01-27 18:05 - 2014-05-22 18:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-01-27 18:05 - 2014-05-22 18:42 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-01-26 17:25 - 2012-11-06 13:44 - 00000000 ____D () C:\Users\Undertaker\AppData\Roaming\.minecraft 2015-01-26 16:29 - 2012-11-05 12:32 - 00000000 ____D () C:\Users\Undertaker\AppData\Roaming\Skype 2015-01-25 14:47 - 2012-12-23 11:12 - 00003822 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater 2015-01-25 14:47 - 2012-10-30 15:36 - 00701616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe 2015-01-25 14:47 - 2012-10-30 15:36 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-01-16 18:53 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\system32\NDF 2015-01-14 20:59 - 2013-07-31 19:03 - 00000000 ____D () C:\windows\system32\MRT 2015-01-14 20:44 - 2012-11-08 15:16 - 113365784 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe 2015-01-10 23:25 - 2013-03-28 22:41 - 00000000 ____D () C:\Users\Undertaker\AppData\Local\CrashDumps 2015-01-06 04:36 - 2010-11-21 04:27 - 00298120 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe 2015-01-01 16:45 - 2009-07-14 06:32 - 00000000 ____D () C:\windows\system32\FxsTmp ==================== Files in the root of some directories ======= 2013-12-14 16:59 - 2013-12-14 16:59 - 49940480 _____ () C:\Program Files (x86)\GUT205F.tmp 2013-04-05 20:39 - 2013-04-05 20:51 - 0000004 _____ () C:\Users\Undertaker\AppData\Roaming\skype.ini 2013-03-28 22:41 - 2013-03-28 22:41 - 0003584 _____ () C:\Users\Undertaker\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-03-04 21:26 - 2014-03-04 21:26 - 0091848 _____ () C:\Users\Undertaker\AppData\Local\ext_offermosquito_uninst.exe 2013-02-28 20:15 - 2014-03-14 13:34 - 1145382 ____N () C:\Users\Undertaker\AppData\Local\Tempmusic.ogg 2011-10-19 09:21 - 2011-10-19 09:22 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log 2011-10-19 09:07 - 2011-10-19 09:08 - 0000113 _____ () C:\ProgramData\{34FBC7C4-CD31-4D93-A428-0E524EAC4586}.log 2011-10-19 09:15 - 2011-10-19 09:17 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log 2011-10-19 09:09 - 2011-10-19 09:15 - 0000106 _____ () C:\ProgramData\{80E158EA-7181-40FE-A701-301CE6BE64AB}.log 2011-10-19 09:17 - 2011-10-19 09:21 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log Files to move or delete: ==================== C:\Users\Undertaker\AppData\Roaming\skype.ini Some content of TEMP: ==================== C:\Users\Shari\AppData\Local\Temp\avgnt.exe C:\Users\Undertaker\AppData\Local\Temp\APNSetup.exe C:\Users\Undertaker\AppData\Local\Temp\avgnt.exe C:\Users\Undertaker\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpn2rhev.dll C:\Users\Undertaker\AppData\Local\Temp\HssInstaller.exe C:\Users\Undertaker\AppData\Local\Temp\nsbAC51.exe C:\Users\Undertaker\AppData\Local\Temp\nsc8D10.exe C:\Users\Undertaker\AppData\Local\Temp\nsg9B0.exe C:\Users\Undertaker\AppData\Local\Temp\nsqB8DF.exe C:\Users\Undertaker\AppData\Local\Temp\nsr122A.exe C:\Users\Undertaker\AppData\Local\Temp\otcfpwjq.dll C:\Users\Undertaker\AppData\Local\Temp\SkypeSetup.exe C:\Users\Undertaker\AppData\Local\Temp\ubiAC69.tmp.exe C:\Users\Undertaker\AppData\Local\Temp\WEB.DE_Softwareaktualisierung_Setup.exe C:\Users\Undertaker\AppData\Local\Temp\WEB.DE_Toolbar_IE_Setup.exe C:\Users\Undertaker\AppData\Local\Temp\WEB.DE_Toolbar_IE_Special.exe C:\Users\Undertaker\AppData\Local\Temp\webde_onlinespeicher_setup_a201412.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-01-27 22:44 ==================== End Of Log ============================ --- --- --- und das JRT file Code:
ATTFilter
Grüße Ani |
29.01.2015, 07:05 | #8 |
/// the machine /// TB-Ausbilder | zu viele pup's gefundenESET Online Scanner
Downloade Dir bitte SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
31.01.2015, 18:45 | #9 |
| zu viele pup's gefunden Hallo Schrauber, konnte leider erst heute die ganzen Programme durchlaufen lassen. Sorry eset log Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7623 # api_version=3.0.2 # EOSSerial=3443acd88fc8674dac7167902eb27d02 # engine=22242 # end=stopped # remove_checked=false # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2015-01-31 03:39:11 # local_time=2015-01-31 04:39:11 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1031 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='Avira Desktop' # compatibility_mode=1810 16777213 100 100 8639 288138441 0 0 # compatibility_mode_1='' # compatibility_mode=5893 16776573 100 94 93226 174348601 0 0 # scanned=13 # found=0 # cleaned=0 # scan_time=0 ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7623 # api_version=3.0.2 # EOSSerial=3443acd88fc8674dac7167902eb27d02 # engine=22242 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2015-01-31 05:33:21 # local_time=2015-01-31 06:33:21 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1031 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='Avira Desktop' # compatibility_mode=1810 16777213 100 100 15489 288145291 0 0 # compatibility_mode_1='' # compatibility_mode=5893 16776573 100 94 100076 174355451 0 0 # scanned=299520 # found=26 # cleaned=26 # scan_time=6603 sh=6D2D5521F8C15D587F05119C714F0A431D053BE9 ft=1 fh=374f94ddfd2f4cb1 vn="Variante von Win32/Toolbar.MyWebSearch.AH evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\PopularScreensavers\NPp5Stub.dll.vir" sh=394D5B32C42AD951A2F1BA6E22A3DA2E754ABE98 ft=1 fh=bc9d2deedbf2e121 vn="Variante von Win32/Toolbar.MyWebSearch.AC evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\PopularScreensavers\p5cjpeg.dll.vir" sh=A358B67DA39C616383A7B0847E642BC54A63ACA0 ft=1 fh=8b6f4c896e14b7f9 vn="Variante von Win32/Toolbar.MyWebSearch.F evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\PopularScreensavers\p5Html.dll.vir" sh=3F81A47E189813D42F31DE4BABF42C68CA88F84E ft=1 fh=28f702c6787729c7 vn="Win32/Toolbar.MyWebSearch.AN evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\PopularScreensavers\p5MedInt.exe.vir" sh=A872BACD7502C7D8AC5FDED7543D5B948C852545 ft=1 fh=4b9ccd882c594a66 vn="Variante von Win32/Toolbar.MyWebSearch evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\PopularScreensavers\p5Plugin.dll.vir" sh=20A2E417F1D8E36A536364AEE3ADD8102BA5D8AF ft=1 fh=494d20b369828d7b vn="Win32/Toolbar.MyWebSearch evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\PopularScreensavers\p5PSSavr.scr.vir" sh=F9CFC856EE6AE11EED88CE6998B1A576DC23E1EF ft=1 fh=a977d5a1b63af9b9 vn="Variante von Win32/Toolbar.MyWebSearch.P evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\PopularScreensavers\p5ScrCtr.dll.vir" sh=DCD600E86218597D57F09717CF881D4C7CAE0BB8 ft=1 fh=051f941197fd4707 vn="Win32/Toolbar.MyWebSearch.AN evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\PopularScreensavers\p5svc.exe.vir" sh=A186269377566984B96F190DDEF31C8E7055FDEB ft=1 fh=8a7557b9ae51b8a9 vn="Win32/Toolbar.MyWebSearch.AN evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\PopularScreensavers\p5wphook.dll.vir" sh=BEC6B95D047100118D70D9504479C36A797B9B06 ft=1 fh=e155e3de02881385 vn="Variante von Win32/ELEX.BF evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\WinZipper\TrayDownloader.exe.vir" sh=BEFC0099864AA52ABB0A3B99793A5A1BF525401D ft=1 fh=64b34719c3735e0d vn="Variante von Win32/ELEX.Y evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\WinZipper\winzipersvc.exe.vir" sh=E3F8B8FE0BBC22CBB743C688ED79E0BF73FCCFE5 ft=1 fh=a81abe411291deb5 vn="Variante von Win32/Somoto.D evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Undertaker\AppData\Local\FilesFrog Update Checker\update_checker.exe.vir" sh=3A6B895DC791135C7B424D6A3AB327EB59ED2462 ft=1 fh=f63cb4459345e5cd vn="Win32/AdWare.Snoozer.A Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Undertaker\AppData\Roaming\SCheck\ntdllinst.exe.vir" sh=2BFAB9A9CA8BA01F9DF0E7BDA6758B7376C9D4F2 ft=1 fh=5eaeac4ca4c59724 vn="Win32/AdWare.Snoozer.A Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Undertaker\AppData\Roaming\Snz\Snz.exe.vir" sh=568B7040522AE31BE5FF0BD450B7D0B7A218E7A1 ft=1 fh=bb7982953e0dc058 vn="Variante von Win32/ELEX.BF evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\UNDERT~1\AppData\Local\Temp\Desk365\eInstall\eInstall.exe.vir" sh=C940F4029FE46A5F7B471214AC683B5FEBB26831 ft=1 fh=e14799081e7d1361 vn="Variante von Win64/Systweak.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\windows\System32\roboot64.exe.vir" sh=AAA29097B1E5A7098E19A38F1200E636EE1C3A1E ft=1 fh=6b75069f13c3f94c vn="Win64/AdvancedSystemProtector.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\windows\System32\sasnative64.exe.vir" sh=20A2E417F1D8E36A536364AEE3ADD8102BA5D8AF ft=1 fh=494d20b369828d7b vn="Win32/Toolbar.MyWebSearch evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\windows\SysWOW64\p5PSSavr.scr.vir" sh=FA61F495558B294EB796B8D6C44F75631FA57E7D ft=1 fh=b733a64984fbe467 vn="Win32/Conduit.SearchProtect.R evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Undertaker\AppData\Local\Temp\nsbAC51.exe" sh=FA61F495558B294EB796B8D6C44F75631FA57E7D ft=1 fh=b733a64984fbe467 vn="Win32/Conduit.SearchProtect.R evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Undertaker\AppData\Local\Temp\nsc8D10.exe" sh=FA61F495558B294EB796B8D6C44F75631FA57E7D ft=1 fh=b733a64984fbe467 vn="Win32/Conduit.SearchProtect.R evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Undertaker\AppData\Local\Temp\nsg9B0.exe" sh=FA61F495558B294EB796B8D6C44F75631FA57E7D ft=1 fh=b733a64984fbe467 vn="Win32/Conduit.SearchProtect.R evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Undertaker\AppData\Local\Temp\nsqB8DF.exe" sh=FA61F495558B294EB796B8D6C44F75631FA57E7D ft=1 fh=b733a64984fbe467 vn="Win32/Conduit.SearchProtect.R evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Undertaker\AppData\Local\Temp\nsr122A.exe" sh=AF92022A73E072242A8B95BC42475BDB244E0A30 ft=1 fh=0f1d648c9e10fd22 vn="Variante von Win32/ELEX.Q evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Undertaker\AppData\Local\Temp\fullpackage_temp1388606446\tmp\desk365.exe" sh=C7241007662586F5DE3A9F9927CFBD9D52A52AC9 ft=1 fh=a7692001af61d921 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Undertaker\AppData\Local\Temp\nsv619A\SpSetup.exe" sh=B1BDB5FB986F06CD3D267F2CC9AE1DF56CB72604 ft=1 fh=e1fd281970e36a4a vn="Variante von Win32/SoftPulse.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Undertaker\Downloads\New player.exe" Sec.Check Code:
ATTFilter Results of screen317's Security Check version 0.99.95 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Avira Desktop Antivirus up to date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` Java 7 Update 67 Java version 32-bit out of Date! Java 64-bit 8 Update 31 Adobe Reader XI ````````Process Check: objlist.exe by Laurent```````` Avira Antivir avgnt.exe Avira Antivir avguard.exe Symantec Norton Online Backup NOBuAgent.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` und das FRST FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-01-2015 01 Ran by Undertaker (administrator) on UNDERTAKER-PC on 31-01-2015 18:43:00 Running from C:\Users\Undertaker\Desktop Loaded Profiles: Undertaker & Shari (Available profiles: Undertaker & Shari) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe () C:\Windows\SysWOW64\PnkBstrA.exe () C:\Windows\SysWOW64\PnkBstrB.exe () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe (Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe (CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe (Dropbox, Inc.) C:\Users\Undertaker\AppData\Roaming\Dropbox\bin\Dropbox.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (1und1 Mail und Media GmbH) C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe (Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\SamsungFastStart\SmartRestarter.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe (SAMSUNG Electronics) C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (Samsung Electronics) C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe (MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_16_0_0_296_ActiveX.exe (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11895400 2011-06-25] (Realtek Semiconductor) HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2588968 2010-11-12] (ELAN Microelectronics Corp.) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\qttask.exe [421888 2012-11-18] (Apple Inc.) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-16] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-03-22] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-10-28] (Samsung Electronics Co., Ltd.) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-08-16] (Apple Inc.) HKLM-x32\...\Run: [PopularScreensavers EPM Support] => "C:\PROGRA~2\POPULA~2\bar\1.bin\7imedint.exe" T8EPMSUP.DLL,S HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3816784 2014-07-21] (LogMeIn Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation) HKLM-x32\...\Run: [MailCheck IE Broker] => C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe [2135104 2014-11-17] (1und1 Mail und Media GmbH) HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126200 2014-11-20] (Avira Operations GmbH & Co. KG) HKU\S-1-5-21-1335839233-2991384071-368375801-1000\...\Run: [Facebook Update] => C:\Users\Undertaker\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-05-25] (Facebook Inc.) HKU\S-1-5-21-1335839233-2991384071-368375801-1000\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564528 2013-10-28] (Samsung) HKU\S-1-5-21-1335839233-2991384071-368375801-1000\...\Run: [KiesAirMessage] => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup HKU\S-1-5-21-1335839233-2991384071-368375801-1000\...\Run: [] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845168 2013-10-28] (Samsung) HKU\S-1-5-21-1335839233-2991384071-368375801-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.) HKU\S-1-5-21-1335839233-2991384071-368375801-1000\...\Policies\system: [LogonHoursAction] 2 HKU\S-1-5-21-1335839233-2991384071-368375801-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 HKU\S-1-5-21-1335839233-2991384071-368375801-1001\...\Policies\system: [LogonHoursAction] 2 HKU\S-1-5-21-1335839233-2991384071-368375801-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 Startup: C:\Users\Undertaker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Undertaker\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) GroupPolicy: Group Policy on Chrome detected <======= ATTENTION GroupPolicyUsers\S-1-5-21-1335839233-2991384071-368375801-1001\User: Group Policy restriction detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-1335839233-2991384071-368375801-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKU\S-1-5-21-1335839233-2991384071-368375801-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/ SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1335839233-2991384071-368375801-1000 -> {0EB8452D-5CC8-4EC9-A8EB-2C88D21E35F4} URL = hxxp://go.web.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8 SearchScopes: HKU\S-1-5-21-1335839233-2991384071-368375801-1000 -> {1A508217-8DC1-40F6-9D15-8A0EC64BF6A2} URL = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie SearchScopes: HKU\S-1-5-21-1335839233-2991384071-368375801-1000 -> {1EC8755B-73D5-4C21-ADD0-099B6E4567B6} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms} SearchScopes: HKU\S-1-5-21-1335839233-2991384071-368375801-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = https://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-1335839233-2991384071-368375801-1000 -> {8060BA75-525E-4046-B850-748E8FD0310F} URL = hxxp://go.gmx.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8 SearchScopes: HKU\S-1-5-21-1335839233-2991384071-368375801-1000 -> {9D1BC582-268A-4954-B09A-E237CF70CDD5} URL = hxxp://go.mail.com/tb/en-us/ie_searchplugin/?q={searchTerms}&enc=UTF-8 SearchScopes: HKU\S-1-5-21-1335839233-2991384071-368375801-1000 -> {A94AC31E-7810-432A-A47B-9C437A2B1847} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8 BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: WEB.DE MailCheck BHO -> {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} -> C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Samsung BHO Class -> {AA609D72-8482-4076-8991-8CDAE5B93BCB} -> C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll () BHO-x32: WEB.DE MailCheck BHO -> {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} -> C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKU\S-1-5-21-1335839233-2991384071-368375801-1001 -> No Name - {C424171E-592A-415A-9EB1-DFD6D95D3530} - No File Toolbar: HKU\S-1-5-21-1335839233-2991384071-368375801-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File DPF: HKLM {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab DPF: HKLM {784797A8-342D-4072-9486-03C8D0F2F0A1} hxxp://www.battlefieldheroes.com/static/updater/BFHUpdater_x64_5.0.199.0.cab Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Handler: webde - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH) Handler-x32: webde - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH) FireFox: ======== FF Plugin: @java.com/DTPlugin,version=10.9.2 -> C:\windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @popularscreensavers.com/Plugin -> C:\Program Files (x86)\PopularScreensavers\NPp5Stub.dll No File FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\5\NP_wtapp.dll () FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-1335839233-2991384071-368375801-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Undertaker\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF Plugin HKU\S-1-5-21-1335839233-2991384071-368375801-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Undertaker\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF Plugin HKU\S-1-5-21-1335839233-2991384071-368375801-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll () Chrome: ======= CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path CHR HKLM-x32\...\Chrome\Extension: [mjdepfkicdcciagbigfcmdhknnoaaegf] - C:\Program Files (x86)\Deskperience\Word Capture\wcxChrome.crx [2010-07-23] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [365568 2011-03-22] (Advanced Micro Devices, Inc.) [File not signed] R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG) S2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-11-20] (Avira Operations GmbH & Co. KG) R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG) [File not signed] S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed] S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [254016 2014-10-10] (WildTangent) R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation) R2 PnkBstrA; C:\windows\SysWOW64\PnkBstrA.exe [75136 2013-03-11] () R2 PnkBstrB; C:\windows\SysWOW64\PnkBstrB.exe [189248 2013-03-11] () R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-12-01] () [File not signed] R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [310984 2013-07-28] () R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-14] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-14] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-01] (Avira Operations GmbH & Co. KG) R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [42696 2013-07-28] () S3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-27] (Malwarebytes Corporation) S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2012-01-16] (Windows (R) 2003 DDK 3790 provider) S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed] S3 RkHit; \??\C:\windows\system32\drivers\RKHit.sys [X] S3 taphss6; system32\DRIVERS\taphss6.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-31 15:55 - 2015-01-31 15:55 - 00852573 _____ () C:\Users\Undertaker\Desktop\SecurityCheck.exe 2015-01-31 15:53 - 2015-01-31 15:53 - 00000000 ____D () C:\Program Files (x86)\ESET 2015-01-31 15:52 - 2015-01-31 15:53 - 02347384 _____ (ESET) C:\Users\Undertaker\Desktop\esetsmartinstaller_deu.exe 2015-01-31 10:59 - 2015-01-31 10:59 - 08388608 _____ () C:\Users\Undertaker\Downloads\SM64 Chaos Edition V1.1.z64 2015-01-28 19:44 - 2015-01-28 19:44 - 00001473 _____ () C:\Users\Undertaker\Desktop\JRT.txt 2015-01-28 19:36 - 2015-01-28 19:36 - 01707939 _____ (Thisisu) C:\Users\Undertaker\Desktop\JRT.exe 2015-01-28 19:08 - 2015-01-28 19:08 - 02194432 _____ () C:\Users\Undertaker\Desktop\AdwCleaner_4.109.exe 2015-01-28 19:02 - 2015-01-28 19:02 - 00001224 _____ () C:\Users\Undertaker\Desktop\Revo Uninstaller.lnk 2015-01-28 19:01 - 2015-01-28 19:01 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2015-01-27 19:33 - 2015-01-27 19:35 - 00037143 _____ () C:\Users\Undertaker\Desktop\Addition.txt 2015-01-27 19:31 - 2015-01-31 18:43 - 00019489 _____ () C:\Users\Undertaker\Desktop\FRST.txt 2015-01-27 19:31 - 2015-01-31 18:41 - 00000000 ____D () C:\Users\Undertaker\Desktop\FRST-OlderVersion 2015-01-27 18:41 - 2015-01-27 18:41 - 00010308 _____ () C:\Users\Undertaker\Desktop\Malwarebytes2701.txt 2015-01-27 18:25 - 2015-01-27 18:25 - 00000000 ____D () C:\ProgramData\Temp 2015-01-27 16:22 - 2015-01-27 16:22 - 00000000 ____D () C:\Users\Public\Documents\CrashDump 2015-01-17 09:51 - 2015-01-17 09:51 - 01080608 _____ (Unity Technologies ApS) C:\Users\Undertaker\Downloads\UnityWebPlayer.exe 2015-01-17 09:51 - 2015-01-17 09:51 - 00000000 ____D () C:\Users\Undertaker\AppData\Local\Unity 2015-01-01 16:45 - 2015-01-01 16:46 - 00000000 ____D () C:\Users\Undertaker\Documents\Fax ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-31 18:43 - 2014-01-02 16:54 - 00000000 ____D () C:\FRST 2015-01-31 18:41 - 2014-01-02 16:53 - 02130944 _____ (Farbar) C:\Users\Undertaker\Desktop\FRST64.exe 2015-01-31 18:20 - 2013-04-20 09:22 - 00001110 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-01-31 18:05 - 2011-10-20 00:52 - 01653871 _____ () C:\windows\WindowsUpdate.log 2015-01-31 17:47 - 2012-12-23 11:12 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job 2015-01-31 16:28 - 2012-12-04 13:05 - 00000948 _____ () C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1335839233-2991384071-368375801-1000UA.job 2015-01-31 16:28 - 2012-12-04 13:05 - 00000926 _____ () C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1335839233-2991384071-368375801-1000Core.job 2015-01-31 16:22 - 2013-03-28 22:41 - 00000000 ____D () C:\Users\Undertaker\AppData\Local\CrashDumps 2015-01-31 13:51 - 2013-04-05 23:59 - 00058139 _____ () C:\windows\setupact.log 2015-01-31 13:22 - 2009-07-14 05:45 - 00028624 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-01-31 13:22 - 2009-07-14 05:45 - 00028624 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-01-31 08:14 - 2014-04-11 19:58 - 00000000 ____D () C:\Users\Undertaker\AppData\Local\LogMeIn Hamachi 2015-01-31 08:12 - 2014-07-25 17:13 - 00000000 ___RD () C:\Users\Undertaker\Dropbox 2015-01-31 08:12 - 2014-07-25 17:11 - 00000000 ____D () C:\Users\Undertaker\AppData\Roaming\Dropbox 2015-01-31 08:09 - 2013-04-20 09:22 - 00001106 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-01-31 08:08 - 2009-07-14 06:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT 2015-01-28 19:17 - 2013-04-20 09:23 - 00000000 ____D () C:\Program Files\Google 2015-01-28 19:17 - 2013-04-20 09:22 - 00000000 ____D () C:\Program Files (x86)\Google 2015-01-28 19:17 - 2013-04-05 23:52 - 00222158 _____ () C:\windows\PFRO.log 2015-01-28 19:16 - 2014-01-02 16:47 - 00000000 ____D () C:\AdwCleaner 2015-01-28 19:16 - 2014-01-01 21:10 - 00000000 ____D () C:\windows\system32\log 2015-01-28 19:01 - 2014-07-29 16:13 - 00000000 ____D () C:\Neuer Ordner 2015-01-28 15:23 - 2012-10-30 16:20 - 00000000 ____D () C:\windows\System32\Tasks\Games 2015-01-27 19:22 - 2014-01-24 17:52 - 00000000 ____D () C:\Facade 2015-01-27 19:17 - 2013-04-20 09:22 - 00000000 ____D () C:\Users\Undertaker\AppData\Local\Google 2015-01-27 18:23 - 2011-10-19 09:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung 2015-01-27 18:23 - 2011-10-19 09:04 - 00000000 ____D () C:\Program Files (x86)\Samsung 2015-01-27 18:23 - 2011-10-19 08:59 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2015-01-27 18:06 - 2014-05-22 18:43 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys 2015-01-27 18:05 - 2014-05-22 18:42 - 00001062 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-01-27 18:05 - 2014-05-22 18:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-01-27 18:05 - 2014-05-22 18:42 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-01-26 17:25 - 2012-11-06 13:44 - 00000000 ____D () C:\Users\Undertaker\AppData\Roaming\.minecraft 2015-01-26 16:29 - 2012-11-05 12:32 - 00000000 ____D () C:\Users\Undertaker\AppData\Roaming\Skype 2015-01-25 14:47 - 2012-12-23 11:12 - 00003822 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater 2015-01-25 14:47 - 2012-10-30 15:36 - 00701616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe 2015-01-25 14:47 - 2012-10-30 15:36 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-01-16 18:53 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\system32\NDF 2015-01-14 20:59 - 2013-07-31 19:03 - 00000000 ____D () C:\windows\system32\MRT 2015-01-14 20:44 - 2012-11-08 15:16 - 113365784 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe 2015-01-06 04:36 - 2010-11-21 04:27 - 00298120 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe 2015-01-01 16:45 - 2009-07-14 06:32 - 00000000 ____D () C:\windows\system32\FxsTmp ==================== Files in the root of some directories ======= 2013-12-14 16:59 - 2013-12-14 16:59 - 49940480 _____ () C:\Program Files (x86)\GUT205F.tmp 2013-04-05 20:39 - 2013-04-05 20:51 - 0000004 _____ () C:\Users\Undertaker\AppData\Roaming\skype.ini 2013-03-28 22:41 - 2013-03-28 22:41 - 0003584 _____ () C:\Users\Undertaker\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-03-04 21:26 - 2014-03-04 21:26 - 0091848 _____ () C:\Users\Undertaker\AppData\Local\ext_offermosquito_uninst.exe 2013-02-28 20:15 - 2014-03-14 13:34 - 1145382 ____N () C:\Users\Undertaker\AppData\Local\Tempmusic.ogg 2011-10-19 09:21 - 2011-10-19 09:22 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log 2011-10-19 09:07 - 2011-10-19 09:08 - 0000113 _____ () C:\ProgramData\{34FBC7C4-CD31-4D93-A428-0E524EAC4586}.log 2011-10-19 09:15 - 2011-10-19 09:17 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log 2011-10-19 09:09 - 2011-10-19 09:15 - 0000106 _____ () C:\ProgramData\{80E158EA-7181-40FE-A701-301CE6BE64AB}.log 2011-10-19 09:17 - 2011-10-19 09:21 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log Files to move or delete: ==================== C:\Users\Undertaker\AppData\Roaming\skype.ini Some content of TEMP: ==================== C:\Users\Shari\AppData\Local\Temp\avgnt.exe C:\Users\Undertaker\AppData\Local\Temp\APNSetup.exe C:\Users\Undertaker\AppData\Local\Temp\avgnt.exe C:\Users\Undertaker\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpywehel.dll C:\Users\Undertaker\AppData\Local\Temp\HssInstaller.exe C:\Users\Undertaker\AppData\Local\Temp\otcfpwjq.dll C:\Users\Undertaker\AppData\Local\Temp\SkypeSetup.exe C:\Users\Undertaker\AppData\Local\Temp\ubiAC69.tmp.exe C:\Users\Undertaker\AppData\Local\Temp\WEB.DE_Softwareaktualisierung_Setup.exe C:\Users\Undertaker\AppData\Local\Temp\WEB.DE_Toolbar_IE_Setup.exe C:\Users\Undertaker\AppData\Local\Temp\WEB.DE_Toolbar_IE_Special.exe C:\Users\Undertaker\AppData\Local\Temp\webde_onlinespeicher_setup_a201412.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-01-27 22:44 ==================== End Of Log ============================ |
31.01.2015, 23:20 | #10 |
/// the machine /// TB-Ausbilder | zu viele pup's gefunden Java updaten. Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter GroupPolicy: Group Policy on Chrome detected <======= ATTENTION GroupPolicyUsers\S-1-5-21-1335839233-2991384071-368375801-1001\User: Group Policy restriction detected <======= ATTENTION Emptytemp: Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
01.02.2015, 12:53 | #11 |
| zu viele pup's gefunden hier das fixlog Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-02-2015 Ran by Undertaker at 2015-02-01 11:42:54 Run:1 Running from C:\Users\Undertaker\Desktop Loaded Profiles: Undertaker & Shari (Available profiles: Undertaker & Shari) Boot Mode: Normal ============================================== Content of fixlist: ***************** GroupPolicy: Group Policy on Chrome detected <======= ATTENTION GroupPolicyUsers\S-1-5-21-1335839233-2991384071-368375801-1001\User: Group Policy restriction detected <======= ATTENTION Emptytemp: ***************** C:\windows\system32\GroupPolicy\Machine => Moved successfully. C:\windows\system32\GroupPolicy\GPT.ini => Moved successfully. C:\windows\system32\GroupPolicyUsers\S-1-5-21-1335839233-2991384071-368375801-1001\User => Moved successfully. EmptyTemp: => Removed 14.9 GB temporary data. The system needed a reboot. ==== End of Fixlog 11:45:37 ==== ich hab mal spaßeshalber nochmal Malware durchlaufen lassen. Der hat diesen Screensaver gefunden den ich ja vorher in einem anderen Durchlauf gelöscht habe. Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 01.02.2015 Suchlauf-Zeit: 12:18:12 Logdatei: malware_log.txt Administrator: Ja Version: 2.00.4.1028 Malware Datenbank: v2015.02.01.02 Rootkit Datenbank: v2015.01.14.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Undertaker Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 421823 Verstrichene Zeit: 33 Min, 1 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente erkannt) Module: 0 (Keine schädliche Elemente erkannt) Registrierungsschlüssel: 0 (Keine schädliche Elemente erkannt) Registrierungswerte: 1 PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|PopularScreensavers EPM Support, "C:\PROGRA~2\POPULA~2\bar\1.bin\7imedint.exe" T8EPMSUP.DLL,S, , [af977e9beb9f3ef825887d10ab5822de] Registrierungsdaten: 0 (Keine schädliche Elemente erkannt) Ordner: 0 (Keine schädliche Elemente erkannt) Dateien: 0 (Keine schädliche Elemente erkannt) Physische Sektoren: 0 (Keine schädliche Elemente erkannt) (end) |
01.02.2015, 17:08 | #12 |
/// the machine /// TB-Ausbilder | zu viele pup's gefunden den Fund löschen und nochmal mit MBAM scannen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
02.02.2015, 20:16 | #13 |
| zu viele pup's gefunden Hallo Schrauber, so habs nochmal durchlaufen lassen. Jetzt wurde nichts mehr gefunden. Rechner läuft auch wieder schneller als vorher. Ich glaube jetzt passt es wieder |
03.02.2015, 08:01 | #14 |
/// the machine /// TB-Ausbilder | zu viele pup's gefunden Gern Geschehen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
Themen zu zu viele pup's gefunden |
a.exe, c:\windows, cache, code, erkannt, explorer, file, files, image, internet, internet explorer, langsam, laptop, malwarebytes, microsoft, schutz, service, services, software, system32, temp, webseite, webseiten, windows, windows 7 |