|
Log-Analyse und Auswertung: Windows 7: DealPLy.G, vorher Linkey, von G Data gefundenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
31.01.2015, 09:35 | #1 |
| Windows 7: DealPLy.G, vorher Linkey, von G Data gefunden Hallo, Ich bin Freiberufler und falle unter die Ausnahme. Spende selbstverständlich. Vor einigen Tangen habe ich die Zeiterfassung ManicTime - wohl von der falschen Website - heruntergeladen und dann wohl beim Installieren geschlafen - keine Ahnung. Jetzt sind auf allen Websites viele Wörter unterstrichen und Popups, Tabs und neue Browser-Fenster gehen bei jedem Klick auf. Linkey habe ich noch selbst "entfernt", aber jetzt trau ich mich nicht mehr. Die drei oben erwähnten Scans habe ich gemacht. Die txts werde ich gleich versuchen zu posten, da ich das ja in einer besonderen Form tun soll, die ich hier noch nicht finde. Edit - wo finde ich das was ich für das Einfügen der Scan-Reports brauche? - Ende Edit Ich hoffe, Ihr könnt mir schnell helfen. Viele Grüße, Lars Geändert von Lars Port (31.01.2015 um 09:45 Uhr) Grund: Tags für Log-Eintrag nicht gefunden |
31.01.2015, 09:46 | #2 |
Ruhe in Frieden † 2019 | Windows 7: DealPLy.G, vorher Linkey, von G Data gefundenMein Name ist Sandra und ich werde Dir bei Deinem Problem behilflich sein.
Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der schnellere und bei einem Befall durch Malware immer der sicherste Weg. Adware lässt sich in den allermeisten Fällen problemlos entfernen. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Dir jemand vom Team sagt, dass Du clean bist. Meinst du die Scans aus den Anleitungen? Ansonsten bitte; Schritt 1 Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
31.01.2015, 11:07 | #3 |
| Die Logs Hallo Sandra,
__________________das ging aber schnell,mit Deiner Antwort, I dachte ich könnte noch schnell einkaufen gehen - Danke! Ja die Scans aus den Anleitungen- Hier die erste aus FRST: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-01-2015 Ran by User (administrator) on USER-PC on 31-01-2015 08:38:09 Running from C:\Users\User\Downloads Loaded Profiles: UpdatusUser & User (Available profiles: UpdatusUser & User & Software) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (G Data Software AG) C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe (G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlx64.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe () C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe (G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe (G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe (Nalpeiron Ltd.) C:\Windows\SysWOW64\nalserv.exe (Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe (AVG) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe (G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe (AVG) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe (G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\GdBgInx64.exe (G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\GDKBFltExe32.exe (G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKBap64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe (Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (Seal One AG) C:\Users\User\AppData\Local\Temp\Seal One\SealOne.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\acrotray.exe (G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe (CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Samsung Electronics Co., Ltd.) C:\Program Files\SAMSUNG\SamsungFastStart\SmartRestarter.exe (Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe (cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe (SAMSUNG Electronics) C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe (Samsung Electronics) C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe (ApSIC, S.L.) C:\Program Files (x86)\ApSIC\Xbench\XBench.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_296.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_296.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11855976 2011-05-19] (Realtek Semiconductor) HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2817872 2012-04-25] (ELAN Microelectronics Corp.) HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM-x32\...\Run: [Acrobat Assistant 7.0] => C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\Acrotray.exe [483328 2004-12-14] (Adobe Systems Inc.) HKLM-x32\...\Run: [GDFirewallTray] => C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe [1756792 2014-05-20] (G Data Software AG) HKLM-x32\...\Run: [G Data ASM] => C:\Program Files (x86)\G Data\InternetSecurity\DelayLoader\AutorunDelayLoader.exe [431224 2013-12-19] (G Data Software AG) HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe,c:\program files (x86)\g data\internetsecurity\avkkid\avkcks.exe Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-19\...\Winlogon: [Shell] C:\windows\Explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION HKU\S-1-5-20\...\Winlogon: [Shell] C:\windows\Explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION HKU\S-1-5-21-336506335-2600101090-358185080-1000\...\Winlogon: [Shell] C:\windows\Explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION HKU\S-1-5-21-336506335-2600101090-358185080-1001\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [152872 2007-06-27] (Nero AG) HKU\S-1-5-21-336506335-2600101090-358185080-1001\...\Run: [SealOne] => C:\Users\User\AppData\Roaming\Seal One\SealOne.exe [280600 2013-09-23] (Seal One AG) HKU\S-1-5-21-336506335-2600101090-358185080-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.) HKU\S-1-5-21-336506335-2600101090-358185080-1001\...\MountPoints2: G - G:\SealOne.exe HKU\S-1-5-21-336506335-2600101090-358185080-1001\...\MountPoints2: {1d648118-54ef-11e4-995f-e811329ab670} - G:\LaunchU3.exe -a HKU\S-1-5-21-336506335-2600101090-358185080-1001\...\MountPoints2: {68e638fd-2c55-11e3-be3e-e811329ab670} - G:\SealOne.exe HKU\S-1-5-21-336506335-2600101090-358185080-1001\...\MountPoints2: {704a96b1-1d49-11e3-abc8-e811329ab670} - G:\SealOne.exe HKU\S-1-5-21-336506335-2600101090-358185080-1001\...\Winlogon: [Shell] C:\windows\Explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION HKU\S-1-5-18\...\Winlogon: [Shell] C:\windows\Explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION AppInit_DLLs: C:\windows\system32\nvinitx.dll => C:\windows\system32\nvinitx.dll [226920 2011-05-04] (NVIDIA Corporation) AppInit_DLLs-x32: C:\windows\SysWOW64\nvinit.dll => C:\windows\SysWOW64\nvinit.dll [192616 2011-05-04] (NVIDIA Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk ShortcutTarget: Adobe Acrobat Speed Launcher.lnk -> C:\Windows\Installer\{AC76BA86-1033-0000-7760-100000000002}\SC_Acrobat.exe () Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Deskjet 1010 series.lnk ShortcutTarget: Tintenwarnungen überwachen - HP Deskjet 1010 series.lnk -> C:\Program Files\HP\HP Deskjet 1010 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.) HKLM\...\AppCertDlls: [x64] -> c:\program files (x86)\settings manager\smdmf\x64\sysapcrt.dll HKLM\...\AppCertDlls: [x86] -> c:\program files (x86)\settings manager\smdmf\sysapcrt.dll ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=56626&homepage=hxxp://go.microsoft.com/fwlink/p/?LinkId=255141 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\S-1-5-21-336506335-2600101090-358185080-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-336506335-2600101090-358185080-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-336506335-2600101090-358185080-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-336506335-2600101090-358185080-1001 -> {1701CD96-AFD5-45EA-AD76-8568770182B8} URL = hxxp://www.mysearchresults.com/search?c=3527&t=01&q={searchTerms} BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: AcroIEHlprObj Class -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO-x32: SSVHelper Class -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Samsung BHO Class -> {AA609D72-8482-4076-8991-8CDAE5B93BCB} -> C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll () BHO-x32: AcroIEToolbarHelper Class -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} DPF: HKLM-x32 {FA3D8C85-2F5A-43B9-B8A9-DDD015EBB166} hxxp://mozart.hunter.com/VocabTranslate/TranslationTextBox.ocx Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 FireFox: ======== FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ki6vzz44.default-1385707399717 FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_38 -> C:\windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npatgpc.dll (Cisco WebEx LLC) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF Extension: Better-Fox-Finder - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ki6vzz44.default-1385707399717\Extensions\{113c6a96-cbc4-4248-bc8a-c05e9ec4b669} [2015-01-21] FF Extension: LEOs Dictionaries - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ki6vzz44.default-1385707399717\Extensions\contextMenuExtension@leo.org.xpi [2013-12-11] FF Extension: Quick Translator - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ki6vzz44.default-1385707399717\Extensions\{5C655500-E712-41e7-9349-CE462F844B19}.xpi [2013-12-12] FF Extension: NoScript - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ki6vzz44.default-1385707399717\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-01-07] FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA} [2015-01-26] FF HKU\S-1-5-21-336506335-2600101090-358185080-1001\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-03-28] Chrome: ======= CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-12-20] CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-12-20] CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-12-20] CHR Extension: (Word CaptureX Extension) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjdepfkicdcciagbigfcmdhknnoaaegf [2012-12-20] CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-12-20] CHR HKLM-x32\...\Chrome\Extension: [mjdepfkicdcciagbigfcmdhknnoaaegf] - C:\Program Files (x86)\Deskperience\Word Capture\wcxChrome.crx [2010-07-23] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AAV UpdateService; C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] () R2 AVKProxy; C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [2250360 2014-10-14] (G Data Software AG) R2 AVKService; C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe [914552 2013-12-19] (G Data Software AG) R2 AVKWCtl; C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlx64.exe [2683760 2014-05-20] (G Data Software AG) S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [246256 2010-08-25] (CyberLink) S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [647680 2013-01-02] (Macrovision Europe Ltd.) [File not signed] R3 GDFwSvc; C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe [3228136 2014-08-21] (G Data Software AG) R3 GDScan; C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [700536 2014-05-20] (G Data Software AG) S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed] R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed] R2 NalServ; C:\windows\SysWOW64\nalserv.exe [147056 2014-04-10] (Nalpeiron Ltd.) R3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [279848 2007-06-27] (Nero AG) R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-12-01] () [File not signed] R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2253112 2014-07-14] (AVG) R2 UxTuneUp; C:\Windows\System32\uxtuneup.dll [42808 2014-07-14] (AVG) R2 UxTuneUp; C:\Windows\SysWOW64\uxtuneup.dll [35640 2014-07-14] (AVG) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R0 GDBehave; C:\Windows\System32\drivers\GDBehave.sys [55808 2014-09-07] (G Data Software AG) R1 GDKBFlt; C:\windows\system32\drivers\GDKBFlt64.sys [20992 2014-10-31] (G Data Software AG) R1 GDMnIcpt; C:\windows\system32\drivers\MiniIcpt.sys [142336 2014-10-13] (G Data Software AG) R3 GDPkIcpt; C:\windows\system32\drivers\PktIcpt.sys [64000 2014-09-07] (G Data Software AG) R1 gdwfpcd; C:\Windows\System32\drivers\gdwfpcd64.sys [64512 2015-01-25] (G Data Software AG) R1 GRD; C:\windows\system32\drivers\GRD.sys [106272 2014-09-06] (G Data Software) R1 HookCentre; C:\windows\system32\drivers\HookCentre.sys [61440 2014-09-07] (G Data Software AG) R0 speedfan; C:\Windows\SysWow64\speedfan.sys [14104 2007-02-07] (Windows (R) Server 2003 DDK provider) R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [14112 2013-09-18] (TuneUp Software) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-31 08:38 - 2015-01-31 08:39 - 00021113 _____ () C:\Users\User\Downloads\FRST.txt 2015-01-31 08:37 - 2015-01-31 08:38 - 00000000 ____D () C:\FRST 2015-01-31 08:36 - 2015-01-31 08:36 - 00380416 _____ () C:\Users\User\Downloads\Gmer-19357.exe 2015-01-31 08:29 - 2015-01-31 08:29 - 02130432 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe 2015-01-31 08:25 - 2015-01-31 08:25 - 00050477 _____ () C:\Users\User\Downloads\Defogger.exe 2015-01-31 08:25 - 2015-01-31 08:25 - 00000470 _____ () C:\Users\User\Downloads\defogger_disable.log 2015-01-31 08:25 - 2015-01-31 08:25 - 00000000 _____ () C:\Users\User\defogger_reenable 2015-01-30 17:29 - 2015-01-30 17:29 - 00001045 _____ () C:\Users\Public\Desktop\Xbench.lnk 2015-01-30 17:29 - 2015-01-30 17:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ApSIC Tools 2015-01-30 17:28 - 2015-01-30 17:29 - 00000000 ____D () C:\Users\User\Downloads\X-Bench 2015-01-30 17:27 - 2015-01-30 17:27 - 00003100 _____ () C:\windows\System32\Tasks\{83A45E20-E3A8-4E04-913E-80B346D2A23E} 2015-01-28 05:08 - 2015-01-28 05:14 - 00000000 ____D () C:\AdwCleaner 2015-01-28 05:07 - 2015-01-28 05:07 - 02194432 _____ () C:\Users\User\Downloads\AdwCleaner09.exe 2015-01-26 22:08 - 2015-01-26 22:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-01-25 20:50 - 2015-01-28 05:17 - 00000000 ____D () C:\ProgramData\smdmf 2015-01-25 20:43 - 2015-01-25 20:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G DATA INTERNET SECURITY 2015-01-25 14:33 - 2015-01-25 14:33 - 00002207 _____ () C:\Users\Software\Desktop\Google Chrome.lnk 2015-01-25 14:33 - 2015-01-25 14:33 - 00000306 __RSH () C:\Users\Software\ntuser.pol 2015-01-25 14:33 - 2015-01-25 14:33 - 00000000 ____D () C:\Users\Software\AppData\Local\Google 2015-01-25 14:33 - 2015-01-25 14:33 - 00000000 ____D () C:\Users\Software\AppData\Local\Adobe 2015-01-22 03:49 - 2015-01-30 13:00 - 00003922 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{876F45E0-7F4C-407B-BCE7-FBB636AC1A7E} 2015-01-21 20:40 - 2015-01-21 20:40 - 00000000 ____D () C:\Users\User\AppData\Roaming\WebTest 2015-01-21 20:34 - 2015-01-25 22:43 - 00000000 ____D () C:\Users\User\AppData\Local\Finkit 2015-01-21 20:34 - 2015-01-21 20:34 - 00000095 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc 2015-01-21 20:34 - 2015-01-21 20:34 - 00000089 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.64.bc 2015-01-21 20:33 - 2015-01-21 20:33 - 05964760 _____ () C:\Users\User\Desktop\ManicTime-2-3-8.exe 2015-01-15 09:08 - 2015-01-15 09:08 - 00009083 _____ () C:\Users\User\Desktop\01 Januar - Verknüpfung.lnk 2015-01-14 18:48 - 2015-01-14 18:48 - 00000975 _____ () C:\Users\User\Desktop\Aktuell - Verknüpfung.lnk 2015-01-14 03:20 - 2015-01-15 15:26 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird 2015-01-14 03:03 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\profsvc.dll 2015-01-14 03:03 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxdav.sys 2015-01-14 03:03 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe 2015-01-14 03:03 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll 2015-01-14 03:03 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe 2015-01-14 03:03 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll 2015-01-14 03:03 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe 2015-01-14 03:03 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe 2015-01-14 03:03 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll 2015-01-14 03:03 - 2014-12-11 18:47 - 00052736 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe 2015-01-14 03:03 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\windows\system32\nlasvc.dll 2015-01-14 03:03 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncsi.dll 2015-01-14 03:03 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\windows\SysWOW64\nlaapi.dll 2015-01-02 14:26 - 2015-01-02 14:26 - 00000000 ____D () C:\Users\User\Tracing ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-31 08:34 - 2012-12-20 16:45 - 00000000 ____D () C:\Users\User\AppData\Roaming\Skype 2015-01-31 08:31 - 2009-07-14 05:45 - 00028848 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-01-31 08:31 - 2009-07-14 05:45 - 00028848 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-01-31 07:53 - 2012-12-21 20:58 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job 2015-01-31 07:51 - 2012-12-20 18:26 - 00001110 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-01-31 07:41 - 2011-06-23 02:02 - 02082592 _____ () C:\windows\WindowsUpdate.log 2015-01-31 07:05 - 2013-07-24 16:11 - 00602306 _____ () C:\windows\setupact.log 2015-01-31 02:51 - 2012-12-20 18:26 - 00001106 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-01-30 23:57 - 2014-06-09 22:20 - 00000000 ____D () C:\Users\User\AppData\Local\CrashDumps 2015-01-30 21:32 - 2012-12-29 22:55 - 00000000 ____D () C:\Users\User\AppData\Roaming\FileZilla 2015-01-30 17:29 - 2013-01-07 17:50 - 00000000 ____D () C:\Program Files (x86)\ApSIC 2015-01-30 14:32 - 2009-07-14 06:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT 2015-01-28 10:24 - 2012-12-23 11:04 - 00000000 ____D () C:\Users\User\.freemind 2015-01-28 05:17 - 2010-11-21 04:47 - 00788010 _____ () C:\windows\PFRO.log 2015-01-27 15:31 - 2012-12-21 20:15 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-01-25 20:43 - 2014-10-13 18:42 - 00001938 _____ () C:\Users\Public\Desktop\G DATA INTERNET SECURITY.lnk 2015-01-25 20:42 - 2014-09-06 23:19 - 00064512 _____ (G Data Software AG) C:\windows\system32\Drivers\gdwfpcd64.sys 2015-01-25 20:42 - 2011-06-22 10:12 - 00028410 _____ () C:\windows\DPINST.LOG 2015-01-25 14:33 - 2012-12-25 22:00 - 00000000 ____D () C:\Users\Software\AppData\Roaming\Adobe 2015-01-25 14:33 - 2012-12-25 21:57 - 00001421 _____ () C:\Users\Software\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-01-25 14:33 - 2012-12-25 21:57 - 00000000 ____D () C:\Users\Software 2015-01-25 14:33 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Public\Libraries 2015-01-24 21:53 - 2012-12-21 20:58 - 00701616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe 2015-01-24 21:53 - 2012-12-21 20:58 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-01-24 21:53 - 2012-12-21 20:58 - 00003822 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater 2015-01-18 18:26 - 2013-12-07 11:27 - 00000000 ____D () C:\Users\User\Documents\Aktuell 2015-01-15 04:56 - 2014-11-19 18:45 - 00000000 ____D () C:\windows\system32\MRT 2015-01-15 04:50 - 2013-12-18 09:43 - 113365784 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe 2015-01-13 20:46 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\system32\NDF 2015-01-12 09:46 - 2012-12-20 16:12 - 00000000 ____D () C:\Users\User\AppData\Local\Adobe 2015-01-09 13:39 - 2012-12-29 18:20 - 00000000 ____D () C:\Users\User\Documents\Private Dokumente 2015-01-07 12:31 - 2011-06-23 01:27 - 00699474 _____ () C:\windows\system32\perfh007.dat 2015-01-07 12:31 - 2011-06-23 01:27 - 00149582 _____ () C:\windows\system32\perfc007.dat 2015-01-07 12:31 - 2009-07-14 06:13 - 01619816 _____ () C:\windows\system32\PerfStringBackup.INI 2015-01-07 10:47 - 2012-12-29 18:13 - 00000000 ____D () C:\Users\User\Documents\Dokument Arbeit 2015-01-06 04:36 - 2010-11-21 04:27 - 00298120 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe 2015-01-02 14:26 - 2014-05-19 12:09 - 00000000 ____D () C:\Users\User\AppData\Local\Windows Live ==================== Files in the root of some directories ======= 2014-09-06 23:18 - 2014-09-06 23:18 - 0000000 _____ () C:\Users\User\AppData\Roaming\gdfw.log 2014-09-06 23:18 - 2014-09-06 23:18 - 0000779 _____ () C:\Users\User\AppData\Roaming\gdscan.log 2012-12-26 11:52 - 2012-12-26 11:52 - 0000057 _____ () C:\ProgramData\Ament.ini 2015-01-21 20:34 - 2015-01-21 20:34 - 0000095 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc 2015-01-21 20:34 - 2015-01-21 20:34 - 0000089 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.64.bc 2011-06-22 10:31 - 2011-06-22 10:32 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log 2011-06-22 10:28 - 2011-06-22 10:28 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log 2011-06-22 10:24 - 2011-06-22 10:27 - 0000106 _____ () C:\ProgramData\{80E158EA-7181-40FE-A701-301CE6BE64AB}.log 2011-06-22 10:28 - 2011-06-22 10:30 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log 2011-06-22 10:30 - 2011-06-22 10:31 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log Some content of TEMP: ==================== C:\Users\User\AppData\Local\Temp\A~NSISu_.exe C:\Users\User\AppData\Local\Temp\DefaultTabSetup2.exe C:\Users\User\AppData\Local\Temp\kqrzamlt.dll C:\Users\User\AppData\Local\Temp\oi_{B2AEFB9F-47C8-4B6C-80E4-61A12BDB9DB9}.exe C:\Users\User\AppData\Local\Temp\oi_{BCD57690-7DFB-4243-839F-9E4663235F18}.exe C:\Users\User\AppData\Local\Temp\pdf24-creator-update.exe C:\Users\User\AppData\Local\Temp\Quarantine.exe C:\Users\User\AppData\Local\Temp\Shockwave_Installer_FF.exe C:\Users\User\AppData\Local\Temp\SimBundD.exe C:\Users\User\AppData\Local\Temp\sqlite3.dll C:\Users\User\AppData\Local\Temp\vcredist_x64.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-01-24 18:12 ==================== End Of Log ============================ und hier die Addition: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-01-2015 Ran by User at 2015-01-31 08:39:23 Running from C:\Users\User\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: G DATA INTERNET SECURITY (Enabled - Up to date) {545C8713-0744-B079-87F8-349A6D5C8CF0} AS: G DATA INTERNET SECURITY (Enabled - Up to date) {EF3D66F7-217E-BFF7-BD48-0FE816DBC64D} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: G DATA Personal Firewall (Enabled) {6C670636-4D2B-B121-ACA7-9DAF938FCB8B} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) „Windows Live Essentials“ (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden „Windows Live Mail“ (x32 Version: 15.4.3502.0922 - „Microsoft Corporation“) Hidden „Windows Live Messenger“ (x32 Version: 15.4.3502.0922 - „Microsoft Corporation“) Hidden „Windows Live“ fotogalerija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden AAVUpdateManager (HKLM-x32\...\{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}) (Version: 18.00.0000 - Wolters Kluwer Deutschland GmbH) Actualização do Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0816-0000-0000000FF1CE}_ENTERPRISE_{CCDE3C71-5F35-477F-BA90-1A399C91C10C}) (Version: - Microsoft) Actualização do Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0816-0000-0000000FF1CE}_ENTERPRISE_{CF0BC77F-1B63-44BF-BCFE-3A8CBB9077D1}) (Version: - Microsoft) Actualização do Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0816-0000-0000000FF1CE}_ENTERPRISE_{A1A8C49E-BB40-4852-853E-B5A1F6BB2A3C}) (Version: - Microsoft) Adobe Acrobat 7.0 Professional (HKLM-x32\...\Adobe Acrobat 7.0 Professional - V) (Version: 7.0.0 - Adobe Systems) Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.296 - Adobe Systems Incorporated) Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated) Adobe Reader XI (11.0.04) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.04 - Adobe Systems Incorporated) Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.) Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) ApSIC Xbench 2.9 (HKLM-x32\...\ApSIC Xbench) (Version: 2.9 - ApSIC, S.L.) Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team) AVG PC TuneUp 2014 (de-DE) (x32 Version: 14.0.1001.519 - AVG) Hidden AVG PC TuneUp 2014 (HKLM-x32\...\AVG PC TuneUp) (Version: 14.0.1001.519 - AVG) AVG PC TuneUp 2014 (x32 Version: 14.0.1001.519 - AVG) Hidden BatteryLifeExtender (HKLM-x32\...\{FFD0E594-823B-4E2B-B680-720B3C852588}) (Version: 1.0.11 - Samsung) ChargeableUSB (HKLM-x32\...\{92D50865-FC60-4EA8-BA7A-5581B0D13EFB}) (Version: 1.0.0.0 - SAMSUNG) Cisco WebEx Meetings (HKU\S-1-5-21-336506335-2600101090-358185080-1001\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC) CyberLink Media Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2227 - CyberLink Corp.) CyberLink MediaShow (HKLM-x32\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 5.0.1130a - CyberLink Corp.) CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3802 - CyberLink Corp.) CyberLink PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3306 - CyberLink Corp.) CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.2310.52 - CyberLink Corp.) CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.3509 - CyberLink Corp.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Easy Content Share (HKLM-x32\...\{2DDC70C1-C77A-4D08-89D2-9AB648504533}) (Version: 1.0 - Samsung Electronics Co., LTD) Easy Display Manager (HKLM-x32\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 3.2 - Samsung Electronics Co., Ltd.) Easy Migration (HKLM-x32\...\{AD86049C-3D9C-43E1-BE73-643F57D83D50}) (Version: 1.0 - Samsung Electronics Co., Ltd.) Easy Network Manager (HKLM-x32\...\{8732818E-CA78-4ACB-B077-22311BF4C0E4}) (Version: 4.4.7 - Samsung) Easy SpeedUp Manager (HKLM-x32\...\{EF367AA4-070B-493C-9575-85BE59D789C9}) (Version: 2.1.1.1 - Samsung Electronics Co.,Ltd.) EasyBatteryManager (HKLM-x32\...\{4A331D24-A9E8-484F-835E-1BA7B139689C}) (Version: 4.0.0.4 - Samsung) EasyFileShare (HKLM-x32\...\{EA76E65F-6679-495A-A8A6-42AD6602ED4C}) (Version: 1.0.11 - Samsung) ETDWare PS/2-X64 10.7.14.12_WHQL (HKLM\...\Elantech) (Version: 10.7.14.12 - ELAN Microelectronic Corp.) Fast Start (HKLM-x32\...\{77F45ECD-FAFC-45A8-8896-CFFB139DAAA3}) (Version: 2.2.0.0 - SAMSUNG) FFmpeg v0.6.2 for Audacity (HKLM-x32\...\FFmpeg for Audacity_is1) (Version: - ) FileZilla Client 3.6.0.2 (HKLM-x32\...\FileZilla Client) (Version: 3.6.0.2 - FileZilla Project) Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Free YouTube to MP3 Converter version 3.12.32.327 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.32.327 - DVDVideoSoft Ltd.) FreeMind (HKLM-x32\...\B991B020-2968-11D8-AF23-444553540000_is1) (Version: 0.9.0 - ) G DATA INTERNET SECURITY (HKLM-x32\...\{85203592-3610-4FB9-AA11-15B2255B5A12}) (Version: 25.0.2.4 - G DATA Software AG) Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.94 - Google Inc.) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden GoToMeeting 5.3.0.977 (HKU\S-1-5-21-336506335-2600101090-358185080-1001\...\GoToMeeting) (Version: 5.3.0.977 - CitrixOnline) HP Deskjet 1010 series - Grundlegende Software für das Gerät (HKLM\...\{E7EEE6AF-0CAC-4AA6-AF38-6DD1E67692EA}) (Version: 32.0.1180.44630 - Hewlett-Packard Co.) HP Deskjet 1010 series Hilfe (HKLM-x32\...\{307E9E87-616E-4DC5-B509-6AB3BD2BBF87}) (Version: 30.0.0 - Hewlett Packard) HP Deskjet 3050 J610 series - Grundlegende Software für das Gerät (HKLM\...\{3DF2B8CD-072D-49F5-BCF8-1DB86B0DF632}) (Version: 22.0.334.0 - Hewlett-Packard Co.) HP Deskjet 3050 J610 series Hilfe (HKLM-x32\...\{F7632A9B-661E-4FD9-B1A4-3B86BC99847F}) (Version: 140.0.63.63 - Hewlett Packard) HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP) HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard) Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2622 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.0.0.1046 - Intel Corporation) Intel® PROSet/Wireless WiFi-Software (HKLM\...\{DF7756DD-656A-45C3-BA71-74673E8259A9}) (Version: 15.00.0000.0642 - Intel Corporation) J2SE Runtime Environment 5.0 Update 10 (HKLM-x32\...\{3248F0A8-6813-11D6-A77B-00B0D0150100}) (Version: 1.5.0.100 - Sun Microsystems, Inc.) Java(TM) 6 Update 24 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216024F0}) (Version: 6.0.240 - Oracle) Java(TM) 6 Update 38 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216038FF}) (Version: 6.0.380 - Oracle) Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden K-Lite Mega Codec Pack 7.8.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 7.8.0 - ) LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - ) Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Office 2007 Primary Interop Assemblies (HKLM-x32\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}) (Version: - Microsoft) Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Language Pack 2007 - German/Deutsch (HKLM-x32\...\OMUI.de-de) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation) Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft WSE 2.0 SP3 Runtime (HKLM-x32\...\{F3CA9611-CD42-4562-ADAB-A554CF8E17F1}) (Version: 2.0.5050.0 - Microsoft Corp.) Movie Color Enhancer (HKLM-x32\...\{7F6F62F0-7884-4CFB-B86C-597A4A6D9C4D}) (Version: 1.0 - Samsung Electronics Co., Ltd.) Mozilla Firefox 35.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla) Mozilla Thunderbird 31.4.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.4.0 (x86 de)) (Version: 31.4.0 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) Nero 7 Ultra Edition (HKLM-x32\...\{91C0B95B-B83A-4828-A775-BBE2DD421031}) (Version: 7.02.9752 - Nero AG) Netzwerkaufzeichnungs-Player (HKLM-x32\...\{2AC49604-8A5B-45A4-B7ED-10BC1E5106A3}) (Version: 2.29.3212 - Cisco WebEx LLC) NVIDIA Graphics Driver 266.72 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 266.72 - NVIDIA Corporation) Open XML SDK 2.0 for Microsoft Office (HKLM-x32\...\{171D8D76-3F05-455A-A8AF-C561C2679905}) (Version: 2.0.5022 - Microsoft Corporation) OTIS·trans v2.3 (HKLM-x32\...\OTIS·trans) (Version: - ) PDF24 Creator 6.9.2 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org) PhoneShare (HKLM-x32\...\{3F50512F-53DF-46B1-8CCB-6C7E638CADD6}) (Version: 9.1.4 - Samsung) Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.) Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.44.421.2011 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6378 - Realtek Semiconductor Corp.) Samsung AnyWeb Print (HKLM-x32\...\{318DBE01-1E6B-4243-84B0-210391FE789A}) (Version: 2.0.67.1 - Samsung Electronics Co., Ltd.) Samsung Printer Live Update (HKLM-x32\...\Samsung Printer Live Update) (Version: - Samsung Electronics Co., Ltd.) Samsung Recovery Solution 5 (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 5.0.0.9 - Samsung) Samsung Support Center 1.0 (HKLM-x32\...\{F687E657-F636-44DF-8125-9FEEA2C362F5}) (Version: 1.1.38 - Samsung) Samsung Universal Print Driver (HKLM-x32\...\Samsung Universal Print Driver) (Version: 2.02.05.00:27 - Samsung Electronics Co., Ltd.) Samsung Universal Scan Driver (HKLM-x32\...\Samsung Universal Scan Driver) (Version: 1.2.5.0 - Samsung Electronics Co., Ltd.) Samsung Update Plus (HKLM-x32\...\{142D8CA7-2C6F-45A7-83E3-099AAFD99133}) (Version: 3.0.0.17 - Samsung Electronics Co., Ltd.) SDL MultiTerm 2011 SP2 - Remove suite of products (HKLM-x32\...\Multiterm2011) (Version: 9.2.361 - SDL) SDL MultiTerm 2011 SP2 Convert (HKLM-x32\...\{212062FE-9FEF-457F-980F-6B25270CC99D}) (Version: 9.2.361 - SDL) SDL MultiTerm 2011 SP2 Core (HKLM-x32\...\{6664CA13-C9B1-4488-881E-4AC14CE0F260}) (Version: 9.2.383 - SDL) SDL MultiTerm 2011 SP2 Desktop (HKLM-x32\...\{777BE1C2-F665-42E2-90DD-157A67715710}) (Version: 9.2.361 - SDL) SDL MultiTerm 2011 SP2 Word Integration (HKLM-x32\...\{7C21542D-7618-42D4-990D-9B458DCDE71E}) (Version: 9.2.372 - SDL) SDL Passolo 2007 Essential SP5 (HKLM-x32\...\SDL Passolo 2007 Essential SP5) (Version: SDL Passolo 2007 Essential SP5 - PASS Engineering) SDL Passolo Essential 2011 SP6 (HKLM-x32\...\{627163CD-8116-4982-9AC1-8C6DE4A499A0}) (Version: 11.6.0.0 - SDL) SDL Trados 2007 Freelance (HKLM-x32\...\{43BD0C58-6E6E-4500-AFB0-263423319604}) (Version: 8.3.863 - SDL International) SDL Trados 2011 SP2R - Remove suite of products (HKLM-x32\...\TranslationStudio2011) (Version: 2.2.3046 - SDL) SDL Trados Compatibility module (HKLM-x32\...\{7230BA04-AE1B-4C17-91A0-E7DF6DF6E05C}) (Version: 1.0.72 - SDL) SDL Trados Studio 2011 SP2R (HKLM-x32\...\{D771A633-D6A3-4DB0-9E8B-4E6F44B93348}) (Version: 2.2.3123 - SDL) SDL Trados Synergy 2007 (HKLM-x32\...\{7E62742F-1EEF-4532-B7FF-2D58004BDEAE}) (Version: 2.3.161.0 - SDL International) SDLX (HKLM-x32\...\{CE98383B-7BB4-457C-AEAB-D89E9537628F}) (Version: 9.3.7044 - ) SDLX (x32 Version: 9.3.7044 - SDL International) Hidden Skat-Online V10 (HKU\S-1-5-21-336506335-2600101090-358185080-1001\...\Skat-Online V10) (Version: - Skat.com, c/o Markus Riehl) Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.) SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - ) Steuer-Spar-Erklärung 2012 (HKLM-x32\...\{CCD2BAD2-0919-40CB-80CC-E9538B0E4C2E}) (Version: 17.14 - Wolters Kluwer Deutschland GmbH) Studie zur Verbesserung von HP Deskjet 1010 series (HKLM\...\{528CC409-FFE9-455F-9380-B1C7C7A534A0}) (Version: 32.0.1180.44630 - Hewlett-Packard Co.) SuperHTML Web Studio 8.5.6 (HKLM-x32\...\{31D72726-2A42-11E1-9D98-20824824019B}_is1) (Version: 8.5.6 - mirabyte GmbH & Co. KG) swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Total Commander (Remove or Repair) (HKLM-x32\...\Totalcmd) (Version: 7.56a - Ghisler Software GmbH) TP-LINK Wireless Client Utility (HKLM-x32\...\{7A2A107B-9695-423F-9462-8F17C178BD35}) (Version: 7.0 - TP-LINK) Überwachungstool für die Intel® Turbo-Boost-Technik 2.0 (HKLM\...\{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}) (Version: 2.0.82.0 - Intel) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_OMUI.de-de_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft) Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft) Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_OMUI.de-de_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft) Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_OMUI.de-de_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft) User Guide (HKLM-x32\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.5 - ) VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: - Elaborate Bytes) Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies) Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies) Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) WebEx Event-Manager für Firefox oder Chrome (HKLM-x32\...\{675A3222-5D42-4A22-974B-451BCDF7BEE4}) (Version: 6.29.3212 - Cisco WebEx LLC) Windows Live 程式集 (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation) WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version: - ) WordCaptureX Pro (HKLM-x32\...\{139C1D95-9037-3AB3-F5F4-4A79BF6831EC}) (Version: 4.0.0 - Deskperience) Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-336506335-2600101090-358185080-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\977\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.) ==================== Restore Points ========================= 15-01-2015 04:49:52 Windows Update 20-01-2015 17:24:49 Windows Update 21-01-2015 20:49:59 Windows Defender Checkpoint 24-01-2015 04:28:07 Windows Update 27-01-2015 08:39:02 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {01D4A3FA-D43F-4520-A881-1EEA636FF83D} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2012-09-17] (Sun Microsystems, Inc.) Task: {050F22BB-4832-4850-8B32-0FC64D358E92} - System32\Tasks\MovieColorEnhancer => C:\Program Files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe Task: {0AC12D56-882C-4148-97EA-AD6129F41F1B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-20] (Google Inc.) Task: {181FDD60-2431-41BD-A588-8B79826FF794} - System32\Tasks\HPCustParticipation HP Deskjet 1010 series => C:\Program Files\HP\HP Deskjet 1010 series\Bin\HPCustPartic.exe [2013-08-13] (Hewlett-Packard Co.) Task: {23AA9306-3270-4AB9-B7D1-A6A12B2D81A2} - System32\Tasks\EasySpeedUpManager => C:\Program Files (x86)\Samsung\EasySpeedUpManager\EasySpeedUpManager2.exe [2010-12-23] (Samsung Electronics) Task: {29F5623F-197B-4CE4-9575-249A42A3BF33} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-24] (Adobe Systems Incorporated) Task: {2EBF2C2D-1EA4-4D2A-A760-A87E29EC0F71} - System32\Tasks\advSRS5 => C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe [2010-11-17] (SEC) Task: {3DA9A863-46F7-45B2-950F-143E4A76958D} - System32\Tasks\BatteryLifeExtender => C:\Program Files (x86)\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe [2010-12-18] (Samsung Electronics. Co. Ltd.) Task: {4579918D-726F-415E-A032-ED7273C492BB} - System32\Tasks\WifiManager => C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe [2011-01-04] (Samsung Electronics Co., Ltd.) Task: {50D5F410-8427-4CF4-AF4F-600EB2DECFAF} - System32\Tasks\SamsungSupportCenter => C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe [2011-09-04] (SAMSUNG Electronics) Task: {5A5C97C9-2145-40AB-94B0-E64630C41BA4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-20] (Google Inc.) Task: {7CECDC27-8ADF-42FC-8D43-035553711E22} - System32\Tasks\SmartRestarter => C:\Program Files\Samsung\SamsungFastStart\SmartRestarter.exe [2010-08-05] (Samsung Electronics Co., Ltd.) Task: {819601AD-44C1-49F2-BA16-6299407D2B43} - System32\Tasks\HP-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [2013-05-30] (Hewlett-Packard) Task: {8FB2C273-13A1-40BF-B457-1C5CA3C195CC} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\AVG\AVG PC TuneUp\OneClick.exe [2014-07-14] (AVG) Task: {A5373F0D-D986-4697-A5F5-9C36A8D3800B} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2010-11-10] (CyberLink) Task: {A7B6A4BD-D06C-4C25-B22B-AD6475F40B9C} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04] (Adobe Systems Incorporated) Task: {ACC64998-69DF-419D-8217-CD55B0E5E489} - System32\Tasks\{882D0998-697C-487D-9AE1-CC4BCE60A7EF} => pcalua.exe -a C:\Users\User\Downloads\OtisTrans2.3.2.12\disk1\SETUP.EXE -d C:\Users\User\Downloads\OtisTrans2.3.2.12\disk1 Task: {BA817E50-EB2E-4133-8E0B-4D27E252A271} - System32\Tasks\SUPBackground => C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe [2011-01-11] (Samsung Electronics) Task: {C32CDC66-5EA1-454D-9073-D3AC0525F842} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {C42A5CF8-FD95-4E0D-B7E5-7C90754B5849} - System32\Tasks\{83A45E20-E3A8-4E04-913E-80B346D2A23E} => pcalua.exe -a "C:\Program Files (x86)\ApSIC\Xbench\uninst.Xbench.exe" Task: {D5E6B9A4-4BBC-46BF-BB2E-E4657AD3FBE1} - System32\Tasks\EasyBatteryManager => C:\Program Files (x86)\Samsung\EasyBatteryManager\EasyBatteryMgr4.exe [2010-07-20] (SAMSUNG Electronics co., LTD.) Task: {D99C4B19-873B-4CCA-8528-A730A613C684} - System32\Tasks\HP AR Program Upload - 691a9945d42f46d5877bbd5cad8123794f8fe3dae7034a1ab67dc489b9ea1927 => C:\Program Files\HP\HP Deskjet 1010 series\bin\HPRewards.exe [2013-08-13] (TODO: <Company name>) Task: {E7E8C7CD-1BD9-4809-B19E-05F3A2F260B3} - System32\Tasks\EasyDisplayMgr => C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe [2010-12-23] (Samsung Electronics Co., Ltd.) Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2011-06-23 01:11 - 2008-06-05 00:53 - 00027648 _____ () C:\windows\System32\spd__l.dll 2008-10-24 16:35 - 2008-10-24 16:35 - 00128296 _____ () C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe 2011-06-22 10:27 - 2009-12-01 08:21 - 00244904 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe 2014-07-14 11:26 - 2014-07-14 11:26 - 00699704 _____ () C:\Program Files (x86)\AVG\AVG PC TuneUp\avgrepliba.dll 2014-07-14 11:26 - 2014-07-14 11:26 - 00407864 _____ () C:\Program Files (x86)\AVG\AVG PC TuneUp\tuavga.dll 2014-05-20 02:38 - 2014-05-20 02:38 - 00340088 ____N () C:\Program Files (x86)\Common Files\G Data\AVKProxy\PktIcpt2x64.dll 2010-01-02 15:42 - 2010-01-02 15:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll 2011-06-23 01:08 - 2010-12-17 02:37 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2011-06-23 01:11 - 2010-10-21 19:22 - 00709632 _____ () C:\windows\system32\SnMinDrv.dll 2011-06-22 10:38 - 2006-08-12 04:48 - 00049152 _____ () C:\Program Files (x86)\Samsung\Easy Display Manager\HookDllPS2.dll 2015-01-14 03:20 - 2015-01-14 03:20 - 03347056 _____ () C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll 2015-01-14 03:20 - 2015-01-14 03:20 - 00158832 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll 2015-01-14 03:20 - 2015-01-14 03:20 - 00023152 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll 2012-11-29 22:59 - 2012-11-29 22:59 - 00093696 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll 2011-06-22 10:36 - 2010-05-07 15:22 - 01636864 _____ () C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\Resdll.dll 2009-11-02 06:20 - 2009-11-02 06:20 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll 2009-11-02 06:23 - 2009-11-02 06:23 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll 2011-06-22 10:08 - 2011-05-04 22:01 - 00004096 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll 2012-12-20 16:44 - 2011-10-04 09:00 - 03578880 _____ () C:\Program Files (x86)\K-Lite Codec Pack\ffdshow\ffdshow.ax 2015-01-26 22:08 - 2015-01-26 22:08 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll 2015-01-24 21:53 - 2015-01-24 21:53 - 16844976 _____ () C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\Windows:netNLSPreferences AlternateDataStreams: C:\Windows:nlsPreferences AlternateDataStreams: C:\windows\SysWOW64\CN08V1D15N05HX:NW AlternateDataStreams: C:\Users\User\Desktop\Aktenzeichen 0202183805 Abteilung Postbank.eml:OECustomProperty ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ========================= Accounts: ========================== Administrator (S-1-5-21-336506335-2600101090-358185080-500 - Administrator - Disabled) Gast (S-1-5-21-336506335-2600101090-358185080-501 - Limited - Disabled) Software (S-1-5-21-336506335-2600101090-358185080-1003 - Limited - Enabled) => C:\Users\Software UpdatusUser (S-1-5-21-336506335-2600101090-358185080-1000 - Limited - Enabled) => C:\Users\UpdatusUser User (S-1-5-21-336506335-2600101090-358185080-1001 - Administrator - Enabled) => C:\Users\User ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (01/30/2015 11:57:20 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm firefox.exe, Version 35.0.1.5500 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: b20 Startzeit: 01d03cd7d13586c1 Endzeit: 58 Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Berichts-ID: 538c60ca-a8d3-11e4-8480-e811329ab670 Error: (01/30/2015 11:57:19 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 35.0.1.5500, Zeitstempel: 0x54c1f9f3 Name des fehlerhaften Moduls: mozalloc.dll, Version: 35.0.1.5500, Zeitstempel: 0x54c1f224 Ausnahmecode: 0x80000003 Fehleroffset: 0x00001425 ID des fehlerhaften Prozesses: 0xaec Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0 Pfad der fehlerhaften Anwendung: plugin-container.exe1 Pfad des fehlerhaften Moduls: plugin-container.exe2 Berichtskennung: plugin-container.exe3 Error: (01/30/2015 10:57:54 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm firefox.exe, Version 35.0.1.5500 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1c6c Startzeit: 01d03ccbfbf03928 Endzeit: 53 Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Berichts-ID: 04ecc2d7-a8cb-11e4-8480-e811329ab670 Error: (01/30/2015 10:57:54 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 35.0.1.5500, Zeitstempel: 0x54c1f9f3 Name des fehlerhaften Moduls: mozalloc.dll, Version: 35.0.1.5500, Zeitstempel: 0x54c1f224 Ausnahmecode: 0x80000003 Fehleroffset: 0x00001425 ID des fehlerhaften Prozesses: 0x1cf4 Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0 Pfad der fehlerhaften Anwendung: plugin-container.exe1 Pfad des fehlerhaften Moduls: plugin-container.exe2 Berichtskennung: plugin-container.exe3 Error: (01/30/2015 02:33:56 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/30/2015 00:22:05 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/29/2015 01:51:33 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/29/2015 00:19:50 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/29/2015 03:46:54 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/29/2015 03:46:26 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 35.0.1.5500, Zeitstempel: 0x54c1fdbc Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea8e7 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00030102 ID des fehlerhaften Prozesses: 0x1034 Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0 Pfad der fehlerhaften Anwendung: firefox.exe1 Pfad des fehlerhaften Moduls: firefox.exe2 Berichtskennung: firefox.exe3 System errors: ============= Error: (01/31/2015 07:05:05 AM) (Source: cdrom) (EventID: 7) (User: ) Description: Fehlerhafter Block bei Gerät \Device\CdRom0. Error: (01/31/2015 07:05:04 AM) (Source: cdrom) (EventID: 7) (User: ) Description: Fehlerhafter Block bei Gerät \Device\CdRom0. Error: (01/31/2015 07:05:04 AM) (Source: cdrom) (EventID: 7) (User: ) Description: Fehlerhafter Block bei Gerät \Device\CdRom0. Error: (01/31/2015 07:05:00 AM) (Source: cdrom) (EventID: 7) (User: ) Description: Fehlerhafter Block bei Gerät \Device\CdRom0. Error: (01/31/2015 07:04:57 AM) (Source: cdrom) (EventID: 7) (User: ) Description: Fehlerhafter Block bei Gerät \Device\CdRom0. Error: (01/31/2015 07:04:53 AM) (Source: cdrom) (EventID: 7) (User: ) Description: Fehlerhafter Block bei Gerät \Device\CdRom0. Error: (01/31/2015 07:04:49 AM) (Source: cdrom) (EventID: 7) (User: ) Description: Fehlerhafter Block bei Gerät \Device\CdRom0. Error: (01/31/2015 07:04:45 AM) (Source: cdrom) (EventID: 7) (User: ) Description: Fehlerhafter Block bei Gerät \Device\CdRom0. Error: (01/31/2015 07:04:41 AM) (Source: cdrom) (EventID: 7) (User: ) Description: Fehlerhafter Block bei Gerät \Device\CdRom0. Error: (01/31/2015 07:04:37 AM) (Source: cdrom) (EventID: 7) (User: ) Description: Fehlerhafter Block bei Gerät \Device\CdRom0. Microsoft Office Sessions: ========================= Error: (06/02/2013 00:22:52 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 176265 seconds with 4680 seconds of active time. This session ended with a crash. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i7-2630QM CPU @ 2.00GHz Percentage of memory in use: 34% Total physical RAM: 8104.19 MB Available physical RAM: 5347.09 MB Total Pagefile: 16206.57 MB Available Pagefile: 12096.55 MB Total Virtual: 8192 MB Available Virtual: 8191.83 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:471 GB) (Free:316.96 GB) NTFS Drive d: () (Fixed) (Total:204.6 GB) (Free:201.09 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 698.6 GB) (Disk ID: 524706CB) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=471 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=204.6 GB) - (Type=OF Extended) Partition 4: (Not Active) - (Size=22.9 GB) - (Type=27) ==================== End Of Log ============================ |
31.01.2015, 15:20 | #4 | |
Ruhe in Frieden † 2019 | Windows 7: DealPLy.G, vorher Linkey, von G Data gefunden Hallo, du hast dsa ein wirklich Uralt-Java drauf. Grad wenn du den Rechner beruflich nutzt ist das echt schon ne sehr kritische Lücke. Du hast mal AVG als AV gehabt. Benutzt du den TuneUpKram noch davon? Poste mir bitte noch das Log vom Adwarecleaner. Gmer kannst du auch gerne posten und bitte noch das Log von G-Data wo es Dealply gefunden hat, merkst du irgendwas an Symptomenam Rechner? Schritt 1 Bitte deinstalliere folgende Programme (falls vorhanden) : Java(TM) 6 Update 24 Java(TM) 6 Update 38 Dazu gehe auf: den Windowsbutton in der Taskleiste --> Systemsteuerung --> Programme (Unterpunkt Programme deinstallieren) --> Programm auswählen --> entfernen Falls du ein Programm nicht deinstallieren kannst, lade dir von hier den Revo-uninstaller herunter und deinstalliere es damit, wähle dabei den moderaten Modus. Schritt 2 Bitte lasse die Datei aus der Code-Box bei Virustotal überprüfen.
Schritt 3 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter cmd: dir C:\ProgramData\smdmf /s Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
|
31.01.2015, 18:36 | #5 |
| Windows 7: DealPLy.G, vorher Linkey, von G Data gefunden Hallo Sandra, so, ich habe mich gesammelt. Virus total hatte abgebrochen - war nichts zu sehen nach dem Hochlade-Fenster - Werde ich wiederholen Weil ich befürchte wieder rausgeschmissen zu werden, wenn ich, wie Du sagtest, erstmal sammle und dann poste, werde ich die Punkte in mehreren Abschnitten jeweils als Antwort auf diese posten Jave habe ich beide deinstalliert - kein Problem (aber warum so alt?) HIer die Frische FRST Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 31-01-2015 01 Ran by User at 2015-01-31 17:59:13 Run:1 Running from C:\Users\User\Downloads Loaded Profiles: UpdatusUser & User (Available profiles: UpdatusUser & User & Software) Boot Mode: Normal ============================================== Content of fixlist: ***************** cmd: dir C:\ProgramData\smdmf /s ***************** ========= dir C:\ProgramData\smdmf /s ========= Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 32FE-0EAF Verzeichnis von C:\ProgramData\smdmf 28.01.2015 05:17 <DIR> . 28.01.2015 05:17 <DIR> .. 28.01.2015 05:15 172 stats.cfg 1 Datei(en), 172 Bytes Anzahl der angezeigten Dateien: 1 Datei(en), 172 Bytes 2 Verzeichnis(se), 341.831.258.112 Bytes frei ========= End of CMD: ========= ==== End of Fixlog 17:59:13 ==== Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net Rootkit scan 2015-01-31 11:27:41 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.JE4O 698,64GB Running: Gmer-19357.exe; Driver: C:\Users\User\AppData\Local\Temp\kxldapob.sys ---- Kernel code sections - GMER 2.1 ---- INITKDBG C:\windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 448 fffff800033b6000 8 bytes [00, 00, 15, 02, 46, 69, 6C, ...] INITKDBG C:\windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 457 fffff800033b6009 36 bytes [42, 24, FD, 0F, 00, 00, 00, ...] ---- Threads - GMER 2.1 ---- Thread C:\windows\system32\svchost.exe [1092:1648] 000007fef9ad1a50 Thread C:\windows\system32\svchost.exe [1092:4780] 000007fef0d5506c Thread C:\windows\system32\svchost.exe [1092:4800] 000007fef5771c20 Thread C:\windows\system32\svchost.exe [1092:3476] 000007fef5771c20 Thread C:\windows\system32\svchost.exe [1092:7688] 000007fefa9b4164 Thread C:\windows\system32\svchost.exe [1092:11176] 000007fefbb984d8 Thread C:\windows\system32\svchost.exe [1092:4372] 000007fef5cf23a8 Thread C:\windows\system32\svchost.exe [1092:1744] 000007fef6fe0d00 Thread C:\windows\system32\svchost.exe [1092:12220] 000007fef5cc9498 Thread C:\windows\system32\svchost.exe [1092:9664] 000007feed85e1c4 Thread C:\windows\system32\svchost.exe [1092:5180] 000007fef76b1ab0 Thread C:\windows\System32\spoolsv.exe [1684:3312] 000007fef5ae10c8 Thread C:\windows\System32\spoolsv.exe [1684:3348] 000007fef5aa6144 Thread C:\windows\System32\spoolsv.exe [1684:3352] 000007fef59b5fd0 Thread C:\windows\System32\spoolsv.exe [1684:3356] 000007fef59a3438 Thread C:\windows\System32\spoolsv.exe [1684:3360] 000007fef59b63ec Thread C:\windows\System32\spoolsv.exe [1684:3368] 000007fef7e85e5c Thread C:\windows\System32\spoolsv.exe [1684:3372] 000007fef6d05074 Thread C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [1824:1888] 0000000077c43e85 Thread C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [1824:1892] 0000000075d57587 Thread C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [1564:1988] 0000000054a38f75 Thread C:\windows\system32\taskhost.exe [2900:3084] 000007fef7ef1f38 Thread C:\windows\system32\taskhost.exe [2900:3120] 000007fefac91010 Thread C:\windows\system32\taskhost.exe [2900:652] 000007fef7ff5170 Thread C:\windows\system32\svchost.exe [5788:6112] 000007fef59b5fd0 Thread C:\windows\system32\svchost.exe [5788:5848] 000007fef59a3438 Thread C:\windows\system32\svchost.exe [5788:1872] 000007fef59b63ec Thread C:\windows\system32\svchost.exe [5788:1508] 000007fefb7f2bf8 Thread C:\windows\System32\svchost.exe [6140:4820] 000007feedd59688 Thread C:\windows\system32\taskhost.exe [7944:7416] 000007fef79aef24 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\dca97104e466 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\dca97104e65f Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\dca97104e466 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\dca97104e65f (not active ControlSet) ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ---- Code:
ATTFilter # AdwCleaner v4.109 - Bericht erstellt am 28/01/2015 um 05:08:29 # Aktualisiert 24/01/2015 von Xplode # Database : 2015-01-26.1 [Live] # Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits) # Benutzername : User - USER-PC # Gestartet von : C:\Users\User\Downloads\AdwCleaner09.exe # Option : Suchen ***** [ Dienste ] ***** Dienst Gefunden : DefaultTabUpdate Dienst Gefunden : F06DEFF2-5B9C-490D-910F-35D3A91196222 Dienst Gefunden : SmdmFService ***** [ Dateien / Ordner ] ***** Datei Gefunden : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\default-search.xml Datei Gefunden : C:\Users\User\AppData\Local\Temp\Uninstall.exe Datei Gefunden : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ki6vzz44.default-1385707399717\searchplugins\default-search.xml Datei Gefunden : C:\Users\User\daemonprocess.txt Ordner Gefunden : C:\Program Files (x86)\MyPC Backup Ordner Gefunden : C:\Program Files (x86)\Settings Manager Ordner Gefunden : C:\ProgramData\Ask Ordner Gefunden : C:\ProgramData\smdmf Ordner Gefunden : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc Ordner Gefunden : C:\Users\User\AppData\Local\Linkey Ordner Gefunden : C:\Users\User\AppData\Local\Mobogenie Ordner Gefunden : C:\Users\User\AppData\Roaming\defaulttab Ordner Gefunden : C:\Users\User\AppData\Roaming\FirefoxToolbar Ordner Gefunden : C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup Ordner Gefunden : C:\Users\User\Documents\Mobogenie Ordner Gefunden : C:\windows\SysWOW64\config\systemprofile\AppData\Roaming\defaulttab Ordner Gefunden : C:\windows\SysWOW64\config\systemprofile\AppData\Roaming\FirefoxToolbar ***** [ Tasks ] ***** Task Gefunden : DTChk Task Gefunden : DTReg ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\DefaultTab Schlüssel Gefunden : HKCU\Software\Default Tab Schlüssel Gefunden : HKCU\Software\Google\Chrome\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp Schlüssel Gefunden : HKCU\Software\InstallCore Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{411D9E33-F71E-4FDA-8630-AF7BE637CAEE} Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{54739D49-AC03-4C57-9264-C5195596B3A1} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Schlüssel Gefunden : HKCU\Software\OCS Schlüssel Gefunden : HKCU\Software\SmdmF Schlüssel Gefunden : HKCU\Software\Softonic Schlüssel Gefunden : [x64] HKCU\Software\Default Tab Schlüssel Gefunden : [x64] HKCU\Software\InstallCore Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{411D9E33-F71E-4FDA-8630-AF7BE637CAEE} Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} Schlüssel Gefunden : [x64] HKCU\Software\OCS Schlüssel Gefunden : [x64] HKCU\Software\SmdmF Schlüssel Gefunden : [x64] HKCU\Software\Softonic Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{38495740-0035-4471-851E-F5BBB86AB085} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{72D89EBF-0C5D-4190-91FD-398E45F1D007} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\DefaultTabBHO.DLL Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{54739D49-AC03-4C57-9264-C5195596B3A1} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{E1842850-FB16-4471-B327-7343FBAED55C} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowser Schlüssel Gefunden : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowser.1 Schlüssel Gefunden : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX Schlüssel Gefunden : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX.1 Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{AA760BA8-5862-4BC5-9263-4452CBC0B264} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\SettingsManagerIEHelper.DNSGuard Schlüssel Gefunden : HKLM\SOFTWARE\Classes\SettingsManagerIEHelper.DNSGuard.1 Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{93D511B5-143B-4A99-ABFC-B5B78AD0AE1B} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{FEB62B15-CC00-4736-AAEC-BA046C9DFF73} Schlüssel Gefunden : HKLM\SOFTWARE\Default Tab Schlüssel Gefunden : HKLM\SOFTWARE\DefaultTab Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2D33ED6-EBBD-467C-BF6F-F175D9B51363} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BAD84EE2-624D-4E7C-A8BB-41EFD720FD77} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Settings Manager Schlüssel Gefunden : HKLM\SOFTWARE\SmdmF Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\CLSID\{54739D49-AC03-4C57-9264-C5195596B3A1} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\CLSID\{E1842850-FB16-4471-B327-7343FBAED55C} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{AA760BA8-5862-4BC5-9263-4452CBC0B264} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup Wert Gefunden : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x64] Wert Gefunden : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x86] Wert Gefunden : HKLM\SYSTEM\ControlSet002\Control\Session Manager\AppCertDlls [x64] Wert Gefunden : HKLM\SYSTEM\ControlSet002\Control\Session Manager\AppCertDlls [x86] Wert Gefunden : HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls [x64] Wert Gefunden : HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls [x86] ***** [ Browser ] ***** -\\ Internet Explorer v11.0.9600.17496 Einstellung Gefunden : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.default-search.net?sid=476&aid=144&itype=a&ver=15005&tm=599&src=hmp -\\ Mozilla Firefox v35.0.1 (x86 de) [ki6vzz44.default-1385707399717] - Zeile gefunden : user_pref("browser.search.order.1", "default-search.net"); [ki6vzz44.default-1385707399717] - Zeile gefunden : user_pref("browser.search.selectedEngine", "default-search.net"); [ki6vzz44.default-1385707399717] - Zeile gefunden : user_pref("browser.startup.homepage", "hxxp://www.default-search.net?sid=476&aid=144&itype=a&ver=15005&tm=599&src=hmp"); [ki6vzz44.default-1385707399717] - Zeile gefunden : user_pref("keyword.URL", "hxxp://www.default-search.net/search?sid=476&aid=144&itype=a&ver=15005&tm=599&src=ds&p="); -\\ Google Chrome v40.0.2214.93 [C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web data] - Gefunden [Search Provider] : hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=ORJ&o=&locale=&apn_uid=B94DA6A3-4934-4F4A-9FBB-AFE3A38A927B&apn_ptnrs=U3&apn_sauid=111A09E0-E96B-49B2-9761-74083D8B560E&apn_dtid=OSJ000YYPT&q={searchTerms} [C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web data] - Gefunden [Search Provider] : hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=ORJ&o=&locale=&apn_uid=B94DA6A3-4934-4F4A-9FBB-AFE3A38A927B&apn_ptnrs=U3&apn_sauid=111A09E0-E96B-49B2-9761-74083D8B560E&apn_dtid=OSJ000YYPT&q={searchTerms} ************************* AdwCleaner[R0].txt - [10057 octets] - [28/01/2015 05:08:29] ########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [10118 octets] ########## Code:
ATTFilter # AdwCleaner v4.109 - Bericht erstellt am 28/01/2015 um 05:10:59 # Aktualisiert 24/01/2015 von Xplode # Database : 2015-01-26.1 [Live] # Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits) # Benutzername : User - USER-PC # Gestartet von : C:\Users\User\Downloads\AdwCleaner09.exe # Option : Suchen ***** [ Dienste ] ***** Dienst Gefunden : DefaultTabUpdate Dienst Gefunden : F06DEFF2-5B9C-490D-910F-35D3A91196222 Dienst Gefunden : SmdmFService ***** [ Dateien / Ordner ] ***** Datei Gefunden : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\default-search.xml Datei Gefunden : C:\Users\User\AppData\Local\Temp\Uninstall.exe Datei Gefunden : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ki6vzz44.default-1385707399717\searchplugins\default-search.xml Datei Gefunden : C:\Users\User\daemonprocess.txt Ordner Gefunden : C:\Program Files (x86)\MyPC Backup Ordner Gefunden : C:\Program Files (x86)\Settings Manager Ordner Gefunden : C:\ProgramData\Ask Ordner Gefunden : C:\ProgramData\smdmf Ordner Gefunden : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc Ordner Gefunden : C:\Users\User\AppData\Local\Linkey Ordner Gefunden : C:\Users\User\AppData\Local\Mobogenie Ordner Gefunden : C:\Users\User\AppData\Roaming\defaulttab Ordner Gefunden : C:\Users\User\AppData\Roaming\FirefoxToolbar Ordner Gefunden : C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup Ordner Gefunden : C:\Users\User\Documents\Mobogenie Ordner Gefunden : C:\windows\SysWOW64\config\systemprofile\AppData\Roaming\defaulttab Ordner Gefunden : C:\windows\SysWOW64\config\systemprofile\AppData\Roaming\FirefoxToolbar ***** [ Tasks ] ***** Task Gefunden : DTChk Task Gefunden : DTReg ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\DefaultTab Schlüssel Gefunden : HKCU\Software\Default Tab Schlüssel Gefunden : HKCU\Software\Google\Chrome\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp Schlüssel Gefunden : HKCU\Software\InstallCore Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{411D9E33-F71E-4FDA-8630-AF7BE637CAEE} Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{54739D49-AC03-4C57-9264-C5195596B3A1} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Schlüssel Gefunden : HKCU\Software\OCS Schlüssel Gefunden : HKCU\Software\SmdmF Schlüssel Gefunden : HKCU\Software\Softonic Schlüssel Gefunden : [x64] HKCU\Software\Default Tab Schlüssel Gefunden : [x64] HKCU\Software\InstallCore Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{411D9E33-F71E-4FDA-8630-AF7BE637CAEE} Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} Schlüssel Gefunden : [x64] HKCU\Software\OCS Schlüssel Gefunden : [x64] HKCU\Software\SmdmF Schlüssel Gefunden : [x64] HKCU\Software\Softonic Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{38495740-0035-4471-851E-F5BBB86AB085} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{72D89EBF-0C5D-4190-91FD-398E45F1D007} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\DefaultTabBHO.DLL Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{54739D49-AC03-4C57-9264-C5195596B3A1} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{E1842850-FB16-4471-B327-7343FBAED55C} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowser Schlüssel Gefunden : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowser.1 Schlüssel Gefunden : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX Schlüssel Gefunden : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX.1 Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{AA760BA8-5862-4BC5-9263-4452CBC0B264} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\SettingsManagerIEHelper.DNSGuard Schlüssel Gefunden : HKLM\SOFTWARE\Classes\SettingsManagerIEHelper.DNSGuard.1 Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{93D511B5-143B-4A99-ABFC-B5B78AD0AE1B} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{FEB62B15-CC00-4736-AAEC-BA046C9DFF73} Schlüssel Gefunden : HKLM\SOFTWARE\Default Tab Schlüssel Gefunden : HKLM\SOFTWARE\DefaultTab Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2D33ED6-EBBD-467C-BF6F-F175D9B51363} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BAD84EE2-624D-4E7C-A8BB-41EFD720FD77} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Settings Manager Schlüssel Gefunden : HKLM\SOFTWARE\SmdmF Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\CLSID\{54739D49-AC03-4C57-9264-C5195596B3A1} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\CLSID\{E1842850-FB16-4471-B327-7343FBAED55C} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{AA760BA8-5862-4BC5-9263-4452CBC0B264} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup Wert Gefunden : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x64] Wert Gefunden : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x86] Wert Gefunden : HKLM\SYSTEM\ControlSet002\Control\Session Manager\AppCertDlls [x64] Wert Gefunden : HKLM\SYSTEM\ControlSet002\Control\Session Manager\AppCertDlls [x86] Wert Gefunden : HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls [x64] Wert Gefunden : HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls [x86] ***** [ Browser ] ***** -\\ Internet Explorer v11.0.9600.17496 Einstellung Gefunden : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.default-search.net?sid=476&aid=144&itype=a&ver=15005&tm=599&src=hmp -\\ Mozilla Firefox v35.0.1 (x86 de) [ki6vzz44.default-1385707399717] - Zeile gefunden : user_pref("browser.search.order.1", "default-search.net"); [ki6vzz44.default-1385707399717] - Zeile gefunden : user_pref("browser.search.selectedEngine", "default-search.net"); [ki6vzz44.default-1385707399717] - Zeile gefunden : user_pref("browser.startup.homepage", "hxxp://www.default-search.net?sid=476&aid=144&itype=a&ver=15005&tm=599&src=hmp"); [ki6vzz44.default-1385707399717] - Zeile gefunden : user_pref("keyword.URL", "hxxp://www.default-search.net/search?sid=476&aid=144&itype=a&ver=15005&tm=599&src=ds&p="); -\\ Google Chrome v40.0.2214.93 [C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web data] - Gefunden [Search Provider] : hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=ORJ&o=&locale=&apn_uid=B94DA6A3-4934-4F4A-9FBB-AFE3A38A927B&apn_ptnrs=U3&apn_sauid=111A09E0-E96B-49B2-9761-74083D8B560E&apn_dtid=OSJ000YYPT&q={searchTerms} [C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web data] - Gefunden [Search Provider] : hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=ORJ&o=&locale=&apn_uid=B94DA6A3-4934-4F4A-9FBB-AFE3A38A927B&apn_ptnrs=U3&apn_sauid=111A09E0-E96B-49B2-9761-74083D8B560E&apn_dtid=OSJ000YYPT&q={searchTerms} ************************* AdwCleaner[R0].txt - [10267 octets] - [28/01/2015 05:08:29] AdwCleaner[R1].txt - [10118 octets] - [28/01/2015 05:10:59] ########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [10179 octets] ########## Code:
ATTFilter # AdwCleaner v4.109 - Bericht erstellt am 28/01/2015 um 05:14:37 # Aktualisiert 24/01/2015 von Xplode # Database : 2015-01-26.1 [Live] # Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits) # Benutzername : User - USER-PC # Gestartet von : C:\Users\User\Downloads\AdwCleaner09.exe # Option : Löschen ***** [ Dienste ] ***** Dienst Gelöscht : DefaultTabUpdate [#] Dienst Gelöscht : F06DEFF2-5B9C-490D-910F-35D3A91196222 [#] Dienst Gelöscht : SmdmFService ***** [ Dateien / Ordner ] ***** Ordner Gelöscht : C:\ProgramData\Ask [!] Ordner Gelöscht : C:\ProgramData\smdmf Ordner Gelöscht : C:\Program Files (x86)\MyPC Backup [!] Ordner Gelöscht : C:\Program Files (x86)\Settings Manager Ordner Gelöscht : C:\windows\SysWOW64\config\systemprofile\AppData\Roaming\defaulttab Ordner Gelöscht : C:\windows\SysWOW64\config\systemprofile\AppData\Roaming\FirefoxToolbar Ordner Gelöscht : C:\Users\User\AppData\Local\Linkey Ordner Gelöscht : C:\Users\User\AppData\Local\Mobogenie Ordner Gelöscht : C:\Users\User\AppData\Roaming\defaulttab Ordner Gelöscht : C:\Users\User\AppData\Roaming\FirefoxToolbar Ordner Gelöscht : C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup Ordner Gelöscht : C:\Users\User\Documents\Mobogenie Ordner Gelöscht : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc Datei Gelöscht : C:\Users\User\AppData\Local\Temp\Uninstall.exe Datei Gelöscht : C:\Users\User\daemonprocess.txt Datei Gelöscht : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ki6vzz44.default-1385707399717\searchplugins\default-search.xml Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\default-search.xml ***** [ Tasks ] ***** Task Gelöscht : DTChk Task Gelöscht : DTReg ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\DefaultTabBHO.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowser Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowser.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd Wert Gelöscht : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x64] Wert Gelöscht : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x86] Wert Gelöscht : HKLM\SYSTEM\ControlSet002\Control\Session Manager\AppCertDlls [x64] Wert Gelöscht : HKLM\SYSTEM\ControlSet002\Control\Session Manager\AppCertDlls [x86] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SettingsManagerIEHelper.DNSGuard.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SettingsManagerIEHelper.DNSGuard Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{38495740-0035-4471-851E-F5BBB86AB085} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{72D89EBF-0C5D-4190-91FD-398E45F1D007} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{54739D49-AC03-4C57-9264-C5195596B3A1} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E1842850-FB16-4471-B327-7343FBAED55C} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AA760BA8-5862-4BC5-9263-4452CBC0B264} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{FEB62B15-CC00-4736-AAEC-BA046C9DFF73} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{93D511B5-143B-4A99-ABFC-B5B78AD0AE1B} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{54739D49-AC03-4C57-9264-C5195596B3A1} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2D33ED6-EBBD-467C-BF6F-F175D9B51363} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BAD84EE2-624D-4E7C-A8BB-41EFD720FD77} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{54739D49-AC03-4C57-9264-C5195596B3A1} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{E1842850-FB16-4471-B327-7343FBAED55C} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{AA760BA8-5862-4BC5-9263-4452CBC0B264} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{411D9E33-F71E-4FDA-8630-AF7BE637CAEE} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} Schlüssel Gelöscht : HKCU\Software\Default Tab Schlüssel Gelöscht : HKCU\Software\InstallCore Schlüssel Gelöscht : HKCU\Software\OCS Schlüssel Gelöscht : HKCU\Software\SmdmF Schlüssel Gelöscht : HKCU\Software\Softonic Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\DefaultTab Schlüssel Gelöscht : HKLM\SOFTWARE\Default Tab Schlüssel Gelöscht : HKLM\SOFTWARE\DefaultTab Schlüssel Gelöscht : HKLM\SOFTWARE\SmdmF Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Settings Manager Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup ***** [ Browser ] ***** -\\ Internet Explorer v11.0.9600.17496 Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] -\\ Mozilla Firefox v35.0.1 (x86 de) [ki6vzz44.default-1385707399717\prefs.js] - Zeile gelöscht : user_pref("browser.search.order.1", "default-search.net"); [ki6vzz44.default-1385707399717\prefs.js] - Zeile gelöscht : user_pref("browser.search.selectedEngine", "default-search.net"); [ki6vzz44.default-1385707399717\prefs.js] - Zeile gelöscht : user_pref("browser.startup.homepage", "hxxp://www.default-search.net?sid=476&aid=144&itype=a&ver=15005&tm=599&src=hmp"); [ki6vzz44.default-1385707399717\prefs.js] - Zeile gelöscht : user_pref("keyword.URL", "hxxp://www.default-search.net/search?sid=476&aid=144&itype=a&ver=15005&tm=599&src=ds&p="); -\\ Google Chrome v40.0.2214.93 [C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=ORJ&o=&locale=&apn_uid=B94DA6A3-4934-4F4A-9FBB-AFE3A38A927B&apn_ptnrs=U3&apn_sauid=111A09E0-E96B-49B2-9761-74083D8B560E&apn_dtid=OSJ000YYPT&q={searchTerms} [C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=ORJ&o=&locale=&apn_uid=B94DA6A3-4934-4F4A-9FBB-AFE3A38A927B&apn_ptnrs=U3&apn_sauid=111A09E0-E96B-49B2-9761-74083D8B560E&apn_dtid=OSJ000YYPT&q={searchTerms} ************************* AdwCleaner[R0].txt - [10267 octets] - [28/01/2015 05:08:29] AdwCleaner[R1].txt - [10328 octets] - [28/01/2015 05:10:59] AdwCleaner[S0].txt - [9279 octets] - [28/01/2015 05:14:37] ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [9339 octets] ########## Jetzt zum Rest aus Deiner Anleitung du hast dsa ein wirklich Uralt-Java drauf. Verstehe ich nicht, habe oft etwas aktualisiert. Hab aber vor einigen Monaten mal verwundert festgestellt, dass das automatische Windows-Update ausgeschaltet war.- Kann das damit was zu tun haben? Du hast mal AVG als AV gehabt. Benutzt du den TuneUpKram noch davon? Benutzen nicht. Meldet sich aber immer mal wieder.Musste ich für G DAta mal deinstallieren. AVG-Removal-Tool hat nicht alles erwischt - G Data Problem war aber weg. Würde ich gern ganz loswerden. G-Data wo es Dealply gefunden hat, Finde ich keinen Bericht zu. Meldet sich nur immer mal wieder mit Meldungen wie "Script.Adware. DealPLy .G " bei "Aufruf von Webinhalten" oder so ähnlich. In der Quarantäne steht nur was zu Aztec... (die Linkey-Leute) und zu Softonic, die doch in Ordnung sind, oder? merkst du irgendwas an Symptomen am Rechner? Symptome: Auf Webseiten sind Wörter unterstrichen. Es gehen permanent neue Tabs bzw. Fenster auf beim Klicken auf Websites. Laden dauert lange Angezeigter Inhalt "springt" wieder nach oben. Werbung wird eingeblendet, als ob es dazu gehört. Auch bei Eurer Website - der Text war dann rechts und drunter, der Banner links und drüber (floss "drum herum") Beim letzten Mal hatte Virus Total doch analysiert. Habe es nochmal gemacht. Hier der Link https://www.virustotal.com/de/file/be2e1fa374b1bf5a196f7962dc5e8069189bc31da800b88db6208367f2d1926d/analysis/1422726038/ Geändert von Lars Port (31.01.2015 um 18:43 Uhr) |
01.02.2015, 01:17 | #6 |
Ruhe in Frieden † 2019 | Windows 7: DealPLy.G, vorher Linkey, von G Data gefunden Hallo, du hast da Java 6 drauf gehabt. Mittlerweile stehen wir bei Java 8 Update 31 Deinstalliere bitte noch: AVG PC TuneUp 2014 Schritt 1 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter FF Extension: Better-Fox-Finder - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ki6vzz44.default-1385707399717\Extensions\{113c6a96-cbc4-4248-bc8a-c05e9ec4b669} [2015-01-21] HKLM\...\AppCertDlls: [x64] -> c:\program files (x86)\settings manager\smdmf\x64\sysapcrt.dll HKLM\...\AppCertDlls: [x86] -> HKLM\...\AppCertDlls: [x64] -> c:\program files (x86)\settings manager\smdmf\x64\sysapcrt.dll R2 UxTuneUp; C:\Windows\System32\uxtuneup.dll [42808 2014-07-14] (AVG) R2 UxTuneUp; C:\Windows\SysWOW64\uxtuneup.dll [35640 2014-07-14] (AVG) R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [14112 2013-09-18] (TuneUp Software) c:\program files (x86)\settings manager C:\Windows\System32\uxtuneup.dll C:\Windows\SysWOW64\uxtuneup.dll C:\Program Files (x86)\AVG Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Schritt 2 Downloade Dir bitte Malwarebytes Anti-Malware
Schritt 3 Starte noch einmal FRST.
__________________ --> Windows 7: DealPLy.G, vorher Linkey, von G Data gefunden |
01.02.2015, 03:15 | #7 |
| Windows 7: DealPLy.G, vorher Linkey, von G Data gefunden Hallo Sandra, die Fixlog Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-02-2015 Ran by User at 2015-02-01 01:56:40 Run:2 Running from C:\Users\User\Downloads Loaded Profiles: UpdatusUser & User (Available profiles: UpdatusUser & User & Software) Boot Mode: Normal ============================================== Content of fixlist: ***************** FF Extension: Better-Fox-Finder - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ki6vzz44.default-1385707399717\Extensions\{113c6a96-cbc4-4248-bc8a-c05e9ec4b669} [2015-01-21] HKLM\...\AppCertDlls: [x64] -> c:\program files (x86)\settings manager\smdmf\x64\sysapcrt.dll HKLM\...\AppCertDlls: [x86] -> HKLM\...\AppCertDlls: [x64] -> c:\program files (x86)\settings manager\smdmf\x64\sysapcrt.dll R2 UxTuneUp; C:\Windows\System32\uxtuneup.dll [42808 2014-07-14] (AVG) R2 UxTuneUp; C:\Windows\SysWOW64\uxtuneup.dll [35640 2014-07-14] (AVG) R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [14112 2013-09-18] (TuneUp Software) c:\program files (x86)\settings manager C:\Windows\System32\uxtuneup.dll C:\Windows\SysWOW64\uxtuneup.dll C:\Program Files (x86)\AVG ***************** C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ki6vzz44.default-1385707399717\Extensions\{113c6a96-cbc4-4248-bc8a-c05e9ec4b669} => Moved successfully. HKLM\System\CurrentControlSet\Control\Session Manager\AppCertDlls\\x64 => value deleted successfully. HKLM\System\CurrentControlSet\Control\Session Manager\AppCertDlls\\x64 => Value not found. UxTuneUp => Service not found. UxTuneUp => Service not found. TuneUpUtilitiesDrv => Service not found. "c:\program files (x86)\settings manager" => File/Directory not found. "C:\Windows\System32\uxtuneup.dll" => File/Directory not found. "C:\Windows\SysWOW64\uxtuneup.dll" => File/Directory not found. "C:\Program Files (x86)\AVG" => File/Directory not found. ==== End of Fixlog 01:56:42 ==== Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 01.02.2015 Suchlauf-Zeit: 02:05:08 Logdatei: mbam.txt Administrator: Ja Version: 2.00.4.1028 Malware Datenbank: v2015.01.31.06 Rootkit Datenbank: v2015.01.14.01 Lizenz: Testversion Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: User Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 460982 Verstrichene Zeit: 46 Min, 17 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente erkannt) Module: 0 (Keine schädliche Elemente erkannt) Registrierungsschlüssel: 9 PUP.Optional.DefaultTab.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{7F6AFBF1-E065-4627-A2FD-810366367D01}, In Quarantäne, [e012fa035435d561880af40ce41fac54], PUP.Optional.DefaultTab.A, HKU\S-1-5-21-336506335-2600101090-358185080-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{7F6AFBF1-E065-4627-A2FD-810366367D01}, In Quarantäne, [e012fa035435d561880af40ce41fac54], PUP.Optional.Linkey.A, HKLM\SOFTWARE\LINKEY, In Quarantäne, [12e0cb32731661d5abbe7249e61d9d63], PUP.Optional.SettingsManager.A, HKLM\SOFTWARE\WOW6432NODE\SmdmF, In Quarantäne, [d71b3fbed4b59a9c53315347887b7e82], PUP.Optional.Linkey.A, HKLM\SOFTWARE\WOW6432NODE\LINKEY, In Quarantäne, [00f254a97d0c90a69ecbe5d62cd7936d], PUP.Optional.DefaultTab.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Default tab, In Quarantäne, [0de59f5e5e2b75c157d4aeda748f8080], PUP.Optional.DefaultTab.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DefaultTab, In Quarantäne, [539f1fde7f0a39fd631ef49522e158a8], PUP.Optional.DefaultTab.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\DefaultTab, In Quarantäne, [43aff30ae1a8e65001d0ac1e4bb8cf31], PUP.Optional.Linkey.A, HKU\S-1-5-21-336506335-2600101090-358185080-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\LINKEY, In Quarantäne, [8270ea13513890a654def708cb393fc1], Registrierungswerte: 5 PUP.Optional.Linkey.A, HKLM\SOFTWARE\LINKEY|ie_jsurl, hxxp://app.linkeyproject.com/popup/IE/background.js, In Quarantäne, [12e0cb32731661d5abbe7249e61d9d63] PUP.Optional.Linkey.A, HKLM\SOFTWARE\WOW6432NODE\LINKEY|ie_jsurl, hxxp://app.linkeyproject.com/popup/IE/background.js, In Quarantäne, [00f254a97d0c90a69ecbe5d62cd7936d] PUP.Optional.SettingsManager, HKLM\SYSTEM\CURRENTCONTROLSET\CONTROL\SESSION MANAGER\APPCERTDLLS|x86, c:\program files (x86)\settings manager\smdmf\sysapcrt.dll, In Quarantäne, [0ee4fd00b4d5ec4a887bb0eeb05321df] PUP.Optional.Linkey.A, HKU\S-1-5-21-336506335-2600101090-358185080-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\LINKEY|browsers, ff,ie, In Quarantäne, [8270ea13513890a654def708cb393fc1] Hijack.Regedit, HKU\S-1-5-21-336506335-2600101090-358185080-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM|DisableRegedit, 0, In Quarantäne, [7280cd3050391323ff0f36035aaab848] Registrierungsdaten: 0 (Keine schädliche Elemente erkannt) Ordner: 12 PUP.Optional.DefaultTab.A, C:\Users\User\AppData\Local\Temp\installdt.tmp, In Quarantäne, [ec06e21be3a689adb62823c1f410a858], PUP.Optional.DefaultTab.A, C:\Users\User\AppData\Local\Temp\installdt.tmp\XPI, In Quarantäne, [ec06e21be3a689adb62823c1f410a858], PUP.Optional.DefaultTab.A, C:\Users\User\AppData\Local\Temp\installdt.tmp\XPI\defaulttab, In Quarantäne, [ec06e21be3a689adb62823c1f410a858], PUP.Optional.DefaultTab.A, C:\Users\User\AppData\Local\Temp\installdt.tmp\XPI\defaulttab\components, In Quarantäne, [ec06e21be3a689adb62823c1f410a858], PUP.Optional.DefaultTab.A, C:\Users\User\AppData\Local\Temp\installdt.tmp\XPI\defaulttab\locale, In Quarantäne, [ec06e21be3a689adb62823c1f410a858], PUP.Optional.DefaultTab.A, C:\Users\User\AppData\Local\Temp\installdt.tmp\XPI\defaulttab\locale\en-US, In Quarantäne, [ec06e21be3a689adb62823c1f410a858], PUP.Optional.DefaultTab.A, C:\Windows\Temp\installdt.tmp\XPI, In Quarantäne, [d51d7a83ccbd53e3e986d0774bb83dc3], PUP.Optional.DefaultTab.A, C:\Windows\Temp\installdt.tmp\XPI\defaulttab, In Quarantäne, [d51d7a83ccbd53e3e986d0774bb83dc3], PUP.Optional.DefaultTab.A, C:\Windows\Temp\installdt.tmp\XPI\defaulttab\components, In Quarantäne, [d51d7a83ccbd53e3e986d0774bb83dc3], PUP.Optional.DefaultTab.A, C:\Windows\Temp\installdt.tmp\XPI\defaulttab\locale, In Quarantäne, [d51d7a83ccbd53e3e986d0774bb83dc3], PUP.Optional.DefaultTab.A, C:\Windows\Temp\installdt.tmp\XPI\defaulttab\locale\en-US, In Quarantäne, [d51d7a83ccbd53e3e986d0774bb83dc3], PUP.Optional.SettingsManager.A, C:\ProgramData\smdmf, In Quarantäne, [e80a10ed028776c02432aabeaa59916f], Dateien: 6 Trojan.Agent, C:\Users\User\AppData\Local\Temp\RBhHE9x3.zip.part, In Quarantäne, [26ccd22b96f3db5b76c1af96a8598977], PUP.Optional.DefaultTab.A, C:\Users\User\AppData\Local\Temp\DefaultTabSetup2.exe, In Quarantäne, [c230c736ef9a7fb7a9065cd05ba5b24e], PUP.Optional.DefaultTab.A, C:\Users\User\AppData\Local\Temp\installdt.tmp\DefaultTab.xpi, In Quarantäne, [ec06e21be3a689adb62823c1f410a858], PUP.Optional.DefaultTab.A, C:\Users\User\AppData\Local\Temp\installdt.tmp\XPI\defaulttab\locale\en-US\defaulttab.properties, In Quarantäne, [ec06e21be3a689adb62823c1f410a858], PUP.Optional.DefaultTab.A, C:\Windows\Temp\installdt.tmp\XPI\defaulttab\locale\en-US\defaulttab.properties, In Quarantäne, [d51d7a83ccbd53e3e986d0774bb83dc3], PUP.Optional.SettingsManager.A, C:\ProgramData\smdmf\stats.cfg, In Quarantäne, [e80a10ed028776c02432aabeaa59916f], Physische Sektoren: 0 (Keine schädliche Elemente erkannt) (end) FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2015 Ran by User (administrator) on USER-PC on 01-02-2015 03:04:55 Running from C:\Users\User\Downloads Loaded Profiles: UpdatusUser & User (Available profiles: UpdatusUser & User & Software) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (G Data Software AG) C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe (G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlx64.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Microsoft Corporation) C:\Windows\System32\lpksetup.exe () C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe (G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe (G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe (Nalpeiron Ltd.) C:\Windows\SysWOW64\nalserv.exe (Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\GdBgInx64.exe (G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\GDKBFltExe32.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Seal One AG) C:\Users\User\AppData\Local\Temp\Seal One\SealOne.exe (Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\acrotray.exe (G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) C:\Windows\System32\rundll32.exe (CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe (Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe (Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKBap64.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Samsung Electronics Co., Ltd.) C:\Program Files\SAMSUNG\SamsungFastStart\SmartRestarter.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe (Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe (SAMSUNG Electronics) C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe (Samsung Electronics) C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11855976 2011-05-19] (Realtek Semiconductor) HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2817872 2012-04-25] (ELAN Microelectronics Corp.) HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM-x32\...\Run: [Acrobat Assistant 7.0] => C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\Acrotray.exe [483328 2004-12-14] (Adobe Systems Inc.) HKLM-x32\...\Run: [GDFirewallTray] => C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe [1756792 2014-05-20] (G Data Software AG) HKLM-x32\...\Run: [G Data ASM] => C:\Program Files (x86)\G Data\InternetSecurity\DelayLoader\AutorunDelayLoader.exe [431224 2013-12-19] (G Data Software AG) HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe,c:\program files (x86)\g data\internetsecurity\avkkid\avkcks.exe, Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-19\...\Winlogon: [Shell] C:\windows\Explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION HKU\S-1-5-20\...\Winlogon: [Shell] C:\windows\Explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION HKU\S-1-5-21-336506335-2600101090-358185080-1000\...\Winlogon: [Shell] C:\windows\Explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION HKU\S-1-5-21-336506335-2600101090-358185080-1001\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [152872 2007-06-27] (Nero AG) HKU\S-1-5-21-336506335-2600101090-358185080-1001\...\Run: [SealOne] => C:\Users\User\AppData\Roaming\Seal One\SealOne.exe [280600 2013-09-23] (Seal One AG) HKU\S-1-5-21-336506335-2600101090-358185080-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.) HKU\S-1-5-21-336506335-2600101090-358185080-1001\...\MountPoints2: G - G:\SealOne.exe HKU\S-1-5-21-336506335-2600101090-358185080-1001\...\MountPoints2: {1d648118-54ef-11e4-995f-e811329ab670} - G:\LaunchU3.exe -a HKU\S-1-5-21-336506335-2600101090-358185080-1001\...\MountPoints2: {68e638fd-2c55-11e3-be3e-e811329ab670} - G:\SealOne.exe HKU\S-1-5-21-336506335-2600101090-358185080-1001\...\MountPoints2: {704a96b1-1d49-11e3-abc8-e811329ab670} - G:\SealOne.exe HKU\S-1-5-21-336506335-2600101090-358185080-1001\...\Winlogon: [Shell] C:\windows\Explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION HKU\S-1-5-18\...\Winlogon: [Shell] C:\windows\Explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION AppInit_DLLs: C:\windows\system32\nvinitx.dll => C:\windows\system32\nvinitx.dll [226920 2011-05-04] (NVIDIA Corporation) AppInit_DLLs-x32: C:\windows\SysWOW64\nvinit.dll => C:\windows\SysWOW64\nvinit.dll [192616 2011-05-04] (NVIDIA Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk ShortcutTarget: Adobe Acrobat Speed Launcher.lnk -> C:\Windows\Installer\{AC76BA86-1033-0000-7760-100000000002}\SC_Acrobat.exe () Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Deskjet 1010 series.lnk ShortcutTarget: Tintenwarnungen überwachen - HP Deskjet 1010 series.lnk -> C:\Program Files\HP\HP Deskjet 1010 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=56626&homepage=hxxp://go.microsoft.com/fwlink/p/?LinkId=255141 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\S-1-5-21-336506335-2600101090-358185080-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-336506335-2600101090-358185080-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-336506335-2600101090-358185080-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-336506335-2600101090-358185080-1001 -> {1701CD96-AFD5-45EA-AD76-8568770182B8} URL = hxxp://www.mysearchresults.com/search?c=3527&t=01&q={searchTerms} BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: AcroIEHlprObj Class -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.5.0_10\bin\ssv.dll (Sun Microsystems, Inc.) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Samsung BHO Class -> {AA609D72-8482-4076-8991-8CDAE5B93BCB} -> C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll () BHO-x32: AcroIEToolbarHelper Class -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} DPF: HKLM-x32 {FA3D8C85-2F5A-43B9-B8A9-DDD015EBB166} hxxp://mozart.hunter.com/VocabTranslate/TranslationTextBox.ocx Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 FireFox: ======== FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ki6vzz44.default-1385707399717 FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_38 -> C:\windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npatgpc.dll (Cisco WebEx LLC) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF Extension: LEOs Dictionaries - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ki6vzz44.default-1385707399717\Extensions\contextMenuExtension@leo.org.xpi [2013-12-11] FF Extension: Quick Translator - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ki6vzz44.default-1385707399717\Extensions\{5C655500-E712-41e7-9349-CE462F844B19}.xpi [2013-12-12] FF Extension: NoScript - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ki6vzz44.default-1385707399717\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-01-07] FF HKU\S-1-5-21-336506335-2600101090-358185080-1001\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-03-28] Chrome: ======= CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-12-20] CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-12-20] CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-12-20] CHR Extension: (Word CaptureX Extension) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjdepfkicdcciagbigfcmdhknnoaaegf [2012-12-20] CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-12-20] CHR HKLM-x32\...\Chrome\Extension: [mjdepfkicdcciagbigfcmdhknnoaaegf] - C:\Program Files (x86)\Deskperience\Word Capture\wcxChrome.crx [2010-07-23] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AAV UpdateService; C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] () R2 AVKProxy; C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [2250360 2014-10-14] (G Data Software AG) R2 AVKService; C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe [914552 2013-12-19] (G Data Software AG) R2 AVKWCtl; C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlx64.exe [2683760 2014-05-20] (G Data Software AG) S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [246256 2010-08-25] (CyberLink) S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [647680 2013-01-02] (Macrovision Europe Ltd.) [File not signed] R3 GDFwSvc; C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe [3228136 2014-08-21] (G Data Software AG) R3 GDScan; C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [700536 2014-05-20] (G Data Software AG) S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed] R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed] R2 NalServ; C:\windows\SysWOW64\nalserv.exe [147056 2014-04-10] (Nalpeiron Ltd.) R3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [279848 2007-06-27] (Nero AG) R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-12-01] () [File not signed] R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R0 GDBehave; C:\Windows\System32\drivers\GDBehave.sys [55808 2014-09-07] (G Data Software AG) R1 GDKBFlt; C:\windows\system32\drivers\GDKBFlt64.sys [20992 2014-10-31] (G Data Software AG) R1 GDMnIcpt; C:\windows\system32\drivers\MiniIcpt.sys [142336 2014-10-13] (G Data Software AG) R3 GDPkIcpt; C:\windows\system32\drivers\PktIcpt.sys [64000 2014-09-07] (G Data Software AG) R1 gdwfpcd; C:\Windows\System32\drivers\gdwfpcd64.sys [64512 2015-01-25] (G Data Software AG) R1 GRD; C:\windows\system32\drivers\GRD.sys [106272 2014-09-06] (G Data Software) R1 HookCentre; C:\windows\system32\drivers\HookCentre.sys [61440 2014-09-07] (G Data Software AG) R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-01] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation) R0 speedfan; C:\Windows\SysWow64\speedfan.sys [14104 2007-02-07] (Windows (R) Server 2003 DDK provider) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-01 03:04 - 2015-02-01 03:04 - 00006024 _____ () C:\Users\User\Desktop\mbam.txt 2015-02-01 02:02 - 2015-02-01 02:57 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys 2015-02-01 02:01 - 2015-02-01 02:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-02-01 02:01 - 2015-02-01 02:01 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-02-01 02:01 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys 2015-02-01 02:01 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys 2015-02-01 02:01 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys 2015-01-31 17:57 - 2015-02-01 01:56 - 02131456 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe 2015-01-31 17:57 - 2015-02-01 01:56 - 00000000 ____D () C:\Users\User\Downloads\FRST-OlderVersion 2015-01-31 17:56 - 2015-01-31 17:56 - 00000032 _____ () C:\Users\User\Desktop\Fixlist.txt 2015-01-31 15:19 - 2015-01-31 15:19 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-01-31 15:15 - 2015-01-31 15:18 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\User\Downloads\mbam-setup-2.0.4.1028.exe 2015-01-31 09:03 - 2015-01-31 11:27 - 00005103 _____ () C:\Users\User\Downloads\GMER.txt 2015-01-31 08:39 - 2015-01-31 08:39 - 00037468 _____ () C:\Users\User\Downloads\Addition.txt 2015-01-31 08:38 - 2015-02-01 03:05 - 00020553 _____ () C:\Users\User\Downloads\FRST.txt 2015-01-31 08:37 - 2015-02-01 03:04 - 00000000 ____D () C:\FRST 2015-01-31 08:36 - 2015-01-31 08:36 - 00380416 _____ () C:\Users\User\Downloads\Gmer-19357.exe 2015-01-31 08:25 - 2015-01-31 08:25 - 00050477 _____ () C:\Users\User\Downloads\Defogger.exe 2015-01-31 08:25 - 2015-01-31 08:25 - 00000470 _____ () C:\Users\User\Downloads\defogger_disable.log 2015-01-31 08:25 - 2015-01-31 08:25 - 00000000 _____ () C:\Users\User\defogger_reenable 2015-01-30 17:29 - 2015-01-30 17:29 - 00001045 _____ () C:\Users\Public\Desktop\Xbench.lnk 2015-01-30 17:29 - 2015-01-30 17:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ApSIC Tools 2015-01-30 17:28 - 2015-01-30 17:29 - 00000000 ____D () C:\Users\User\Downloads\X-Bench 2015-01-30 17:27 - 2015-01-30 17:27 - 00003100 _____ () C:\windows\System32\Tasks\{83A45E20-E3A8-4E04-913E-80B346D2A23E} 2015-01-28 05:08 - 2015-01-28 05:14 - 00000000 ____D () C:\AdwCleaner 2015-01-28 05:07 - 2015-01-28 05:07 - 02194432 _____ () C:\Users\User\Downloads\AdwCleaner09.exe 2015-01-26 22:08 - 2015-01-26 22:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-01-25 20:43 - 2015-01-25 20:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G DATA INTERNET SECURITY 2015-01-25 14:33 - 2015-01-25 14:33 - 00002207 _____ () C:\Users\Software\Desktop\Google Chrome.lnk 2015-01-25 14:33 - 2015-01-25 14:33 - 00000306 __RSH () C:\Users\Software\ntuser.pol 2015-01-25 14:33 - 2015-01-25 14:33 - 00000000 ____D () C:\Users\Software\AppData\Local\Google 2015-01-25 14:33 - 2015-01-25 14:33 - 00000000 ____D () C:\Users\Software\AppData\Local\Adobe 2015-01-22 03:49 - 2015-02-01 03:00 - 00003922 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{876F45E0-7F4C-407B-BCE7-FBB636AC1A7E} 2015-01-21 20:40 - 2015-01-21 20:40 - 00000000 ____D () C:\Users\User\AppData\Roaming\WebTest 2015-01-21 20:34 - 2015-01-25 22:43 - 00000000 ____D () C:\Users\User\AppData\Local\Finkit 2015-01-21 20:34 - 2015-01-21 20:34 - 00000095 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc 2015-01-21 20:34 - 2015-01-21 20:34 - 00000089 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.64.bc 2015-01-21 20:33 - 2015-01-21 20:33 - 05964760 _____ () C:\Users\User\Desktop\ManicTime-2-3-8.exe 2015-01-15 09:08 - 2015-01-15 09:08 - 00009083 _____ () C:\Users\User\Desktop\01 Januar - Verknüpfung.lnk 2015-01-14 18:48 - 2015-01-14 18:48 - 00000975 _____ () C:\Users\User\Desktop\Aktuell - Verknüpfung.lnk 2015-01-14 03:20 - 2015-01-15 15:26 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird 2015-01-14 03:03 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\profsvc.dll 2015-01-14 03:03 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxdav.sys 2015-01-14 03:03 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe 2015-01-14 03:03 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll 2015-01-14 03:03 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe 2015-01-14 03:03 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll 2015-01-14 03:03 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe 2015-01-14 03:03 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe 2015-01-14 03:03 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll 2015-01-14 03:03 - 2014-12-11 18:47 - 00052736 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe 2015-01-14 03:03 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\windows\system32\nlasvc.dll 2015-01-14 03:03 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncsi.dll 2015-01-14 03:03 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\windows\SysWOW64\nlaapi.dll 2015-01-02 14:26 - 2015-01-02 14:26 - 00000000 ____D () C:\Users\User\Tracing ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-01 03:03 - 2009-07-14 05:45 - 00028848 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-02-01 03:03 - 2009-07-14 05:45 - 00028848 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-02-01 03:01 - 2011-06-23 02:02 - 01097300 _____ () C:\windows\WindowsUpdate.log 2015-02-01 02:58 - 2012-12-20 16:45 - 00000000 ____D () C:\Users\User\AppData\Roaming\Skype 2015-02-01 02:56 - 2012-12-20 18:26 - 00001106 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-02-01 02:55 - 2013-07-24 16:11 - 00602474 _____ () C:\windows\setupact.log 2015-02-01 02:55 - 2010-11-21 04:47 - 00794596 _____ () C:\windows\PFRO.log 2015-02-01 02:55 - 2009-07-14 06:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT 2015-02-01 02:53 - 2012-12-21 20:58 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job 2015-02-01 02:51 - 2012-12-20 18:26 - 00001110 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-02-01 01:56 - 2014-06-09 22:20 - 00000000 ____D () C:\Users\User\AppData\Local\CrashDumps 2015-01-31 16:18 - 2012-12-23 11:04 - 00000000 ____D () C:\Users\User\.freemind 2015-01-30 21:32 - 2012-12-29 22:55 - 00000000 ____D () C:\Users\User\AppData\Roaming\FileZilla 2015-01-30 17:29 - 2013-01-07 17:50 - 00000000 ____D () C:\Program Files (x86)\ApSIC 2015-01-27 15:31 - 2012-12-21 20:15 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-01-25 20:43 - 2014-10-13 18:42 - 00001938 _____ () C:\Users\Public\Desktop\G DATA INTERNET SECURITY.lnk 2015-01-25 20:42 - 2014-09-06 23:19 - 00064512 _____ (G Data Software AG) C:\windows\system32\Drivers\gdwfpcd64.sys 2015-01-25 20:42 - 2011-06-22 10:12 - 00028410 _____ () C:\windows\DPINST.LOG 2015-01-25 14:33 - 2012-12-25 22:00 - 00000000 ____D () C:\Users\Software\AppData\Roaming\Adobe 2015-01-25 14:33 - 2012-12-25 21:57 - 00001421 _____ () C:\Users\Software\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-01-25 14:33 - 2012-12-25 21:57 - 00000000 ____D () C:\Users\Software 2015-01-25 14:33 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Public\Libraries 2015-01-24 21:53 - 2012-12-21 20:58 - 00701616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe 2015-01-24 21:53 - 2012-12-21 20:58 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-01-24 21:53 - 2012-12-21 20:58 - 00003822 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater 2015-01-18 18:26 - 2013-12-07 11:27 - 00000000 ____D () C:\Users\User\Documents\Aktuell 2015-01-15 04:56 - 2014-11-19 18:45 - 00000000 ____D () C:\windows\system32\MRT 2015-01-15 04:50 - 2013-12-18 09:43 - 113365784 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe 2015-01-13 20:46 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\system32\NDF 2015-01-12 09:46 - 2012-12-20 16:12 - 00000000 ____D () C:\Users\User\AppData\Local\Adobe 2015-01-09 13:39 - 2012-12-29 18:20 - 00000000 ____D () C:\Users\User\Documents\Private Dokumente 2015-01-07 12:31 - 2011-06-23 01:27 - 00699474 _____ () C:\windows\system32\perfh007.dat 2015-01-07 12:31 - 2011-06-23 01:27 - 00149582 _____ () C:\windows\system32\perfc007.dat 2015-01-07 12:31 - 2009-07-14 06:13 - 01619816 _____ () C:\windows\system32\PerfStringBackup.INI 2015-01-07 10:47 - 2012-12-29 18:13 - 00000000 ____D () C:\Users\User\Documents\Dokument Arbeit 2015-01-06 04:36 - 2010-11-21 04:27 - 00298120 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe 2015-01-02 14:26 - 2014-05-19 12:09 - 00000000 ____D () C:\Users\User\AppData\Local\Windows Live ==================== Files in the root of some directories ======= 2014-09-06 23:18 - 2014-09-06 23:18 - 0000000 _____ () C:\Users\User\AppData\Roaming\gdfw.log 2014-09-06 23:18 - 2014-09-06 23:18 - 0000779 _____ () C:\Users\User\AppData\Roaming\gdscan.log 2012-12-26 11:52 - 2012-12-26 11:52 - 0000057 _____ () C:\ProgramData\Ament.ini 2015-01-21 20:34 - 2015-01-21 20:34 - 0000095 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc 2015-01-21 20:34 - 2015-01-21 20:34 - 0000089 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.64.bc 2011-06-22 10:31 - 2011-06-22 10:32 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log 2011-06-22 10:28 - 2011-06-22 10:28 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log 2011-06-22 10:24 - 2011-06-22 10:27 - 0000106 _____ () C:\ProgramData\{80E158EA-7181-40FE-A701-301CE6BE64AB}.log 2011-06-22 10:28 - 2011-06-22 10:30 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log 2011-06-22 10:30 - 2011-06-22 10:31 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log Some content of TEMP: ==================== C:\Users\User\AppData\Local\Temp\DseShExt-x64.dll C:\Users\User\AppData\Local\Temp\DseShExt-x86.dll C:\Users\User\AppData\Local\Temp\kqrzamlt.dll C:\Users\User\AppData\Local\Temp\oi_{B2AEFB9F-47C8-4B6C-80E4-61A12BDB9DB9}.exe C:\Users\User\AppData\Local\Temp\oi_{BCD57690-7DFB-4243-839F-9E4663235F18}.exe C:\Users\User\AppData\Local\Temp\pdf24-creator-update.exe C:\Users\User\AppData\Local\Temp\SDShelEx-win32.dll C:\Users\User\AppData\Local\Temp\SDShelEx-x64.dll C:\Users\User\AppData\Local\Temp\Shockwave_Installer_FF.exe C:\Users\User\AppData\Local\Temp\SimBundD.exe C:\Users\User\AppData\Local\Temp\vcredist_x64.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-01-24 18:12 ==================== End Of Log ============================ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-02-2015 Ran by User at 2015-02-01 03:05:46 Running from C:\Users\User\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: G DATA INTERNET SECURITY (Enabled - Up to date) {545C8713-0744-B079-87F8-349A6D5C8CF0} AS: G DATA INTERNET SECURITY (Enabled - Up to date) {EF3D66F7-217E-BFF7-BD48-0FE816DBC64D} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: G DATA Personal Firewall (Enabled) {6C670636-4D2B-B121-ACA7-9DAF938FCB8B} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) „Windows Live Essentials“ (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden „Windows Live Mail“ (x32 Version: 15.4.3502.0922 - „Microsoft Corporation“) Hidden „Windows Live Messenger“ (x32 Version: 15.4.3502.0922 - „Microsoft Corporation“) Hidden „Windows Live“ fotogalerija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden AAVUpdateManager (HKLM-x32\...\{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}) (Version: 18.00.0000 - Wolters Kluwer Deutschland GmbH) Actualização do Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0816-0000-0000000FF1CE}_ENTERPRISE_{CCDE3C71-5F35-477F-BA90-1A399C91C10C}) (Version: - Microsoft) Actualização do Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0816-0000-0000000FF1CE}_ENTERPRISE_{CF0BC77F-1B63-44BF-BCFE-3A8CBB9077D1}) (Version: - Microsoft) Actualização do Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0816-0000-0000000FF1CE}_ENTERPRISE_{A1A8C49E-BB40-4852-853E-B5A1F6BB2A3C}) (Version: - Microsoft) Adobe Acrobat 7.0 Professional (HKLM-x32\...\Adobe Acrobat 7.0 Professional - V) (Version: 7.0.0 - Adobe Systems) Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.296 - Adobe Systems Incorporated) Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated) Adobe Reader XI (11.0.04) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.04 - Adobe Systems Incorporated) Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.) Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) ApSIC Xbench 2.9 (HKLM-x32\...\ApSIC Xbench) (Version: 2.9 - ApSIC, S.L.) Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team) BatteryLifeExtender (HKLM-x32\...\{FFD0E594-823B-4E2B-B680-720B3C852588}) (Version: 1.0.11 - Samsung) ChargeableUSB (HKLM-x32\...\{92D50865-FC60-4EA8-BA7A-5581B0D13EFB}) (Version: 1.0.0.0 - SAMSUNG) Cisco WebEx Meetings (HKU\S-1-5-21-336506335-2600101090-358185080-1001\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC) CyberLink Media Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2227 - CyberLink Corp.) CyberLink MediaShow (HKLM-x32\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 5.0.1130a - CyberLink Corp.) CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3802 - CyberLink Corp.) CyberLink PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3306 - CyberLink Corp.) CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.2310.52 - CyberLink Corp.) CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.3509 - CyberLink Corp.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Easy Content Share (HKLM-x32\...\{2DDC70C1-C77A-4D08-89D2-9AB648504533}) (Version: 1.0 - Samsung Electronics Co., LTD) Easy Display Manager (HKLM-x32\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 3.2 - Samsung Electronics Co., Ltd.) Easy Migration (HKLM-x32\...\{AD86049C-3D9C-43E1-BE73-643F57D83D50}) (Version: 1.0 - Samsung Electronics Co., Ltd.) Easy Network Manager (HKLM-x32\...\{8732818E-CA78-4ACB-B077-22311BF4C0E4}) (Version: 4.4.7 - Samsung) Easy SpeedUp Manager (HKLM-x32\...\{EF367AA4-070B-493C-9575-85BE59D789C9}) (Version: 2.1.1.1 - Samsung Electronics Co.,Ltd.) EasyBatteryManager (HKLM-x32\...\{4A331D24-A9E8-484F-835E-1BA7B139689C}) (Version: 4.0.0.4 - Samsung) EasyFileShare (HKLM-x32\...\{EA76E65F-6679-495A-A8A6-42AD6602ED4C}) (Version: 1.0.11 - Samsung) ETDWare PS/2-X64 10.7.14.12_WHQL (HKLM\...\Elantech) (Version: 10.7.14.12 - ELAN Microelectronic Corp.) Fast Start (HKLM-x32\...\{77F45ECD-FAFC-45A8-8896-CFFB139DAAA3}) (Version: 2.2.0.0 - SAMSUNG) FFmpeg v0.6.2 for Audacity (HKLM-x32\...\FFmpeg for Audacity_is1) (Version: - ) FileZilla Client 3.6.0.2 (HKLM-x32\...\FileZilla Client) (Version: 3.6.0.2 - FileZilla Project) Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Free YouTube to MP3 Converter version 3.12.32.327 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.32.327 - DVDVideoSoft Ltd.) FreeMind (HKLM-x32\...\B991B020-2968-11D8-AF23-444553540000_is1) (Version: 0.9.0 - ) G DATA INTERNET SECURITY (HKLM-x32\...\{85203592-3610-4FB9-AA11-15B2255B5A12}) (Version: 25.0.2.4 - G DATA Software AG) Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.94 - Google Inc.) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden GoToMeeting 5.3.0.977 (HKU\S-1-5-21-336506335-2600101090-358185080-1001\...\GoToMeeting) (Version: 5.3.0.977 - CitrixOnline) HP Deskjet 1010 series - Grundlegende Software für das Gerät (HKLM\...\{E7EEE6AF-0CAC-4AA6-AF38-6DD1E67692EA}) (Version: 32.0.1180.44630 - Hewlett-Packard Co.) HP Deskjet 1010 series Hilfe (HKLM-x32\...\{307E9E87-616E-4DC5-B509-6AB3BD2BBF87}) (Version: 30.0.0 - Hewlett Packard) HP Deskjet 3050 J610 series - Grundlegende Software für das Gerät (HKLM\...\{3DF2B8CD-072D-49F5-BCF8-1DB86B0DF632}) (Version: 22.0.334.0 - Hewlett-Packard Co.) HP Deskjet 3050 J610 series Hilfe (HKLM-x32\...\{F7632A9B-661E-4FD9-B1A4-3B86BC99847F}) (Version: 140.0.63.63 - Hewlett Packard) HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP) HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard) Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2622 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.0.0.1046 - Intel Corporation) Intel® PROSet/Wireless WiFi-Software (HKLM\...\{DF7756DD-656A-45C3-BA71-74673E8259A9}) (Version: 15.00.0000.0642 - Intel Corporation) J2SE Runtime Environment 5.0 Update 10 (HKLM-x32\...\{3248F0A8-6813-11D6-A77B-00B0D0150100}) (Version: 1.5.0.100 - Sun Microsystems, Inc.) Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden K-Lite Mega Codec Pack 7.8.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 7.8.0 - ) LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - ) Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation) Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Office 2007 Primary Interop Assemblies (HKLM-x32\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}) (Version: - Microsoft) Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Language Pack 2007 - German/Deutsch (HKLM-x32\...\OMUI.de-de) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation) Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft WSE 2.0 SP3 Runtime (HKLM-x32\...\{F3CA9611-CD42-4562-ADAB-A554CF8E17F1}) (Version: 2.0.5050.0 - Microsoft Corp.) Movie Color Enhancer (HKLM-x32\...\{7F6F62F0-7884-4CFB-B86C-597A4A6D9C4D}) (Version: 1.0 - Samsung Electronics Co., Ltd.) Mozilla Firefox 35.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla) Mozilla Thunderbird 31.4.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.4.0 (x86 de)) (Version: 31.4.0 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) Nero 7 Ultra Edition (HKLM-x32\...\{91C0B95B-B83A-4828-A775-BBE2DD421031}) (Version: 7.02.9752 - Nero AG) Netzwerkaufzeichnungs-Player (HKLM-x32\...\{2AC49604-8A5B-45A4-B7ED-10BC1E5106A3}) (Version: 2.29.3212 - Cisco WebEx LLC) NVIDIA Graphics Driver 266.72 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 266.72 - NVIDIA Corporation) Open XML SDK 2.0 for Microsoft Office (HKLM-x32\...\{171D8D76-3F05-455A-A8AF-C561C2679905}) (Version: 2.0.5022 - Microsoft Corporation) OTIS·trans v2.3 (HKLM-x32\...\OTIS·trans) (Version: - ) PDF24 Creator 6.9.2 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org) PhoneShare (HKLM-x32\...\{3F50512F-53DF-46B1-8CCB-6C7E638CADD6}) (Version: 9.1.4 - Samsung) Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.) Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.44.421.2011 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6378 - Realtek Semiconductor Corp.) Samsung AnyWeb Print (HKLM-x32\...\{318DBE01-1E6B-4243-84B0-210391FE789A}) (Version: 2.0.67.1 - Samsung Electronics Co., Ltd.) Samsung Printer Live Update (HKLM-x32\...\Samsung Printer Live Update) (Version: - Samsung Electronics Co., Ltd.) Samsung Recovery Solution 5 (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 5.0.0.9 - Samsung) Samsung Support Center 1.0 (HKLM-x32\...\{F687E657-F636-44DF-8125-9FEEA2C362F5}) (Version: 1.1.38 - Samsung) Samsung Universal Print Driver (HKLM-x32\...\Samsung Universal Print Driver) (Version: 2.02.05.00:27 - Samsung Electronics Co., Ltd.) Samsung Universal Scan Driver (HKLM-x32\...\Samsung Universal Scan Driver) (Version: 1.2.5.0 - Samsung Electronics Co., Ltd.) Samsung Update Plus (HKLM-x32\...\{142D8CA7-2C6F-45A7-83E3-099AAFD99133}) (Version: 3.0.0.17 - Samsung Electronics Co., Ltd.) SDL MultiTerm 2011 SP2 - Remove suite of products (HKLM-x32\...\Multiterm2011) (Version: 9.2.361 - SDL) SDL MultiTerm 2011 SP2 Convert (HKLM-x32\...\{212062FE-9FEF-457F-980F-6B25270CC99D}) (Version: 9.2.361 - SDL) SDL MultiTerm 2011 SP2 Core (HKLM-x32\...\{6664CA13-C9B1-4488-881E-4AC14CE0F260}) (Version: 9.2.383 - SDL) SDL MultiTerm 2011 SP2 Desktop (HKLM-x32\...\{777BE1C2-F665-42E2-90DD-157A67715710}) (Version: 9.2.361 - SDL) SDL MultiTerm 2011 SP2 Word Integration (HKLM-x32\...\{7C21542D-7618-42D4-990D-9B458DCDE71E}) (Version: 9.2.372 - SDL) SDL Passolo 2007 Essential SP5 (HKLM-x32\...\SDL Passolo 2007 Essential SP5) (Version: SDL Passolo 2007 Essential SP5 - PASS Engineering) SDL Passolo Essential 2011 SP6 (HKLM-x32\...\{627163CD-8116-4982-9AC1-8C6DE4A499A0}) (Version: 11.6.0.0 - SDL) SDL Trados 2007 Freelance (HKLM-x32\...\{43BD0C58-6E6E-4500-AFB0-263423319604}) (Version: 8.3.863 - SDL International) SDL Trados 2011 SP2R - Remove suite of products (HKLM-x32\...\TranslationStudio2011) (Version: 2.2.3046 - SDL) SDL Trados Compatibility module (HKLM-x32\...\{7230BA04-AE1B-4C17-91A0-E7DF6DF6E05C}) (Version: 1.0.72 - SDL) SDL Trados Studio 2011 SP2R (HKLM-x32\...\{D771A633-D6A3-4DB0-9E8B-4E6F44B93348}) (Version: 2.2.3123 - SDL) SDL Trados Synergy 2007 (HKLM-x32\...\{7E62742F-1EEF-4532-B7FF-2D58004BDEAE}) (Version: 2.3.161.0 - SDL International) SDLX (HKLM-x32\...\{CE98383B-7BB4-457C-AEAB-D89E9537628F}) (Version: 9.3.7044 - ) SDLX (x32 Version: 9.3.7044 - SDL International) Hidden Skat-Online V10 (HKU\S-1-5-21-336506335-2600101090-358185080-1001\...\Skat-Online V10) (Version: - Skat.com, c/o Markus Riehl) Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.) SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - ) Steuer-Spar-Erklärung 2012 (HKLM-x32\...\{CCD2BAD2-0919-40CB-80CC-E9538B0E4C2E}) (Version: 17.14 - Wolters Kluwer Deutschland GmbH) Studie zur Verbesserung von HP Deskjet 1010 series (HKLM\...\{528CC409-FFE9-455F-9380-B1C7C7A534A0}) (Version: 32.0.1180.44630 - Hewlett-Packard Co.) SuperHTML Web Studio 8.5.6 (HKLM-x32\...\{31D72726-2A42-11E1-9D98-20824824019B}_is1) (Version: 8.5.6 - mirabyte GmbH & Co. KG) swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Total Commander (Remove or Repair) (HKLM-x32\...\Totalcmd) (Version: 7.56a - Ghisler Software GmbH) TP-LINK Wireless Client Utility (HKLM-x32\...\{7A2A107B-9695-423F-9462-8F17C178BD35}) (Version: 7.0 - TP-LINK) Überwachungstool für die Intel® Turbo-Boost-Technik 2.0 (HKLM\...\{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}) (Version: 2.0.82.0 - Intel) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_OMUI.de-de_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft) Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft) Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_OMUI.de-de_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft) Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_OMUI.de-de_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft) User Guide (HKLM-x32\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.5 - ) VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: - Elaborate Bytes) Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies) Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies) Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) WebEx Event-Manager für Firefox oder Chrome (HKLM-x32\...\{675A3222-5D42-4A22-974B-451BCDF7BEE4}) (Version: 6.29.3212 - Cisco WebEx LLC) Windows Live 程式集 (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation) WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version: - ) WordCaptureX Pro (HKLM-x32\...\{139C1D95-9037-3AB3-F5F4-4A79BF6831EC}) (Version: 4.0.0 - Deskperience) Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-336506335-2600101090-358185080-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\977\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.) ==================== Restore Points ========================= 21-01-2015 20:49:59 Windows Defender Checkpoint 24-01-2015 04:28:07 Windows Update 27-01-2015 08:39:02 Windows Update 31-01-2015 17:45:34 Removed Java(TM) 6 Update 24 31-01-2015 17:47:41 Removed Java(TM) 6 Update 38 01-02-2015 01:52:23 AVG PC TuneUp 2014 wird entfernt 01-02-2015 01:54:06 AVG PC TuneUp 2014 (de-DE) wird entfernt ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {01D4A3FA-D43F-4520-A881-1EEA636FF83D} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe Task: {050F22BB-4832-4850-8B32-0FC64D358E92} - System32\Tasks\MovieColorEnhancer => C:\Program Files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe Task: {0AC12D56-882C-4148-97EA-AD6129F41F1B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-20] (Google Inc.) Task: {181FDD60-2431-41BD-A588-8B79826FF794} - System32\Tasks\HPCustParticipation HP Deskjet 1010 series => C:\Program Files\HP\HP Deskjet 1010 series\Bin\HPCustPartic.exe [2013-08-13] (Hewlett-Packard Co.) Task: {23AA9306-3270-4AB9-B7D1-A6A12B2D81A2} - System32\Tasks\EasySpeedUpManager => C:\Program Files (x86)\Samsung\EasySpeedUpManager\EasySpeedUpManager2.exe [2010-12-23] (Samsung Electronics) Task: {29F5623F-197B-4CE4-9575-249A42A3BF33} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-24] (Adobe Systems Incorporated) Task: {2EBF2C2D-1EA4-4D2A-A760-A87E29EC0F71} - System32\Tasks\advSRS5 => C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe [2010-11-17] (SEC) Task: {3DA9A863-46F7-45B2-950F-143E4A76958D} - System32\Tasks\BatteryLifeExtender => C:\Program Files (x86)\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe [2010-12-18] (Samsung Electronics. Co. Ltd.) Task: {4579918D-726F-415E-A032-ED7273C492BB} - System32\Tasks\WifiManager => C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe [2011-01-04] (Samsung Electronics Co., Ltd.) Task: {50D5F410-8427-4CF4-AF4F-600EB2DECFAF} - System32\Tasks\SamsungSupportCenter => C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe [2011-09-04] (SAMSUNG Electronics) Task: {5A5C97C9-2145-40AB-94B0-E64630C41BA4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-20] (Google Inc.) Task: {7CECDC27-8ADF-42FC-8D43-035553711E22} - System32\Tasks\SmartRestarter => C:\Program Files\Samsung\SamsungFastStart\SmartRestarter.exe [2010-08-05] (Samsung Electronics Co., Ltd.) Task: {819601AD-44C1-49F2-BA16-6299407D2B43} - System32\Tasks\HP-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [2013-05-30] (Hewlett-Packard) Task: {A5373F0D-D986-4697-A5F5-9C36A8D3800B} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2010-11-10] (CyberLink) Task: {A7B6A4BD-D06C-4C25-B22B-AD6475F40B9C} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04] (Adobe Systems Incorporated) Task: {ACC64998-69DF-419D-8217-CD55B0E5E489} - System32\Tasks\{882D0998-697C-487D-9AE1-CC4BCE60A7EF} => pcalua.exe -a C:\Users\User\Downloads\OtisTrans2.3.2.12\disk1\SETUP.EXE -d C:\Users\User\Downloads\OtisTrans2.3.2.12\disk1 Task: {BA817E50-EB2E-4133-8E0B-4D27E252A271} - System32\Tasks\SUPBackground => C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe [2011-01-11] (Samsung Electronics) Task: {C32CDC66-5EA1-454D-9073-D3AC0525F842} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {C42A5CF8-FD95-4E0D-B7E5-7C90754B5849} - System32\Tasks\{83A45E20-E3A8-4E04-913E-80B346D2A23E} => pcalua.exe -a "C:\Program Files (x86)\ApSIC\Xbench\uninst.Xbench.exe" Task: {D5E6B9A4-4BBC-46BF-BB2E-E4657AD3FBE1} - System32\Tasks\EasyBatteryManager => C:\Program Files (x86)\Samsung\EasyBatteryManager\EasyBatteryMgr4.exe [2010-07-20] (SAMSUNG Electronics co., LTD.) Task: {D99C4B19-873B-4CCA-8528-A730A613C684} - System32\Tasks\HP AR Program Upload - 691a9945d42f46d5877bbd5cad8123794f8fe3dae7034a1ab67dc489b9ea1927 => C:\Program Files\HP\HP Deskjet 1010 series\bin\HPRewards.exe [2013-08-13] (TODO: <Company name>) Task: {E7E8C7CD-1BD9-4809-B19E-05F3A2F260B3} - System32\Tasks\EasyDisplayMgr => C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe [2010-12-23] (Samsung Electronics Co., Ltd.) Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2011-06-23 01:11 - 2008-06-05 00:53 - 00027648 _____ () C:\windows\System32\spd__l.dll 2008-10-24 16:35 - 2008-10-24 16:35 - 00128296 _____ () C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe 2011-06-22 10:27 - 2009-12-01 08:21 - 00244904 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe 2010-01-02 15:42 - 2010-01-02 15:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll 2011-06-23 01:08 - 2010-12-17 02:37 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2014-05-20 02:38 - 2014-05-20 02:38 - 00340088 ____N () C:\Program Files (x86)\Common Files\G Data\AVKProxy\PktIcpt2x64.dll 2011-06-23 01:11 - 2010-10-21 19:22 - 00709632 _____ () C:\windows\system32\SnMinDrv.dll 2011-06-22 10:38 - 2006-08-12 04:48 - 00049152 _____ () C:\Program Files (x86)\Samsung\Easy Display Manager\HookDllPS2.dll 2011-06-22 10:36 - 2010-05-07 15:22 - 01636864 _____ () C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\Resdll.dll 2015-01-26 22:08 - 2015-01-26 22:08 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll 2015-01-14 03:20 - 2015-01-14 03:20 - 03347056 _____ () C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll 2015-01-14 03:20 - 2015-01-14 03:20 - 00158832 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll 2015-01-14 03:20 - 2015-01-14 03:20 - 00023152 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll 2009-11-02 06:20 - 2009-11-02 06:20 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll 2009-11-02 06:23 - 2009-11-02 06:23 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\Windows:netNLSPreferences AlternateDataStreams: C:\Windows:nlsPreferences AlternateDataStreams: C:\windows\SysWOW64\CN08V1D15N05HX:NW AlternateDataStreams: C:\Users\User\Desktop\Aktenzeichen 0202183805 Abteilung Postbank.eml:OECustomProperty ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ========================= Accounts: ========================== Administrator (S-1-5-21-336506335-2600101090-358185080-500 - Administrator - Disabled) Gast (S-1-5-21-336506335-2600101090-358185080-501 - Limited - Disabled) Software (S-1-5-21-336506335-2600101090-358185080-1003 - Limited - Enabled) => C:\Users\Software UpdatusUser (S-1-5-21-336506335-2600101090-358185080-1000 - Limited - Enabled) => C:\Users\UpdatusUser User (S-1-5-21-336506335-2600101090-358185080-1001 - Administrator - Enabled) => C:\Users\User ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (02/01/2015 02:57:31 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/01/2015 01:56:41 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 35.0.1.5500, Zeitstempel: 0x54c1f9f3 Name des fehlerhaften Moduls: mozalloc.dll, Version: 35.0.1.5500, Zeitstempel: 0x54c1f224 Ausnahmecode: 0x80000003 Fehleroffset: 0x00001425 ID des fehlerhaften Prozesses: 0x240c Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0 Pfad der fehlerhaften Anwendung: plugin-container.exe1 Pfad des fehlerhaften Moduls: plugin-container.exe2 Berichtskennung: plugin-container.exe3 Error: (01/31/2015 05:59:13 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 35.0.1.5500, Zeitstempel: 0x54c1f9f3 Name des fehlerhaften Moduls: mozalloc.dll, Version: 35.0.1.5500, Zeitstempel: 0x54c1f224 Ausnahmecode: 0x80000003 Fehleroffset: 0x00001425 ID des fehlerhaften Prozesses: 0x10ac Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0 Pfad der fehlerhaften Anwendung: plugin-container.exe1 Pfad des fehlerhaften Moduls: plugin-container.exe2 Berichtskennung: plugin-container.exe3 Error: (01/31/2015 09:39:18 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm wmplayer.exe, Version 12.0.7601.18150 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 14dc Startzeit: 01d03d30f336b46b Endzeit: 44699 Anwendungspfad: C:\Program Files (x86)\Windows Media Player\wmplayer.exe Berichts-ID: 86921ccd-a924-11e4-8480-e811329ab670 Error: (01/30/2015 11:57:20 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm firefox.exe, Version 35.0.1.5500 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: b20 Startzeit: 01d03cd7d13586c1 Endzeit: 58 Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Berichts-ID: 538c60ca-a8d3-11e4-8480-e811329ab670 Error: (01/30/2015 11:57:19 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 35.0.1.5500, Zeitstempel: 0x54c1f9f3 Name des fehlerhaften Moduls: mozalloc.dll, Version: 35.0.1.5500, Zeitstempel: 0x54c1f224 Ausnahmecode: 0x80000003 Fehleroffset: 0x00001425 ID des fehlerhaften Prozesses: 0xaec Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0 Pfad der fehlerhaften Anwendung: plugin-container.exe1 Pfad des fehlerhaften Moduls: plugin-container.exe2 Berichtskennung: plugin-container.exe3 Error: (01/30/2015 10:57:54 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm firefox.exe, Version 35.0.1.5500 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1c6c Startzeit: 01d03ccbfbf03928 Endzeit: 53 Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Berichts-ID: 04ecc2d7-a8cb-11e4-8480-e811329ab670 Error: (01/30/2015 10:57:54 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 35.0.1.5500, Zeitstempel: 0x54c1f9f3 Name des fehlerhaften Moduls: mozalloc.dll, Version: 35.0.1.5500, Zeitstempel: 0x54c1f224 Ausnahmecode: 0x80000003 Fehleroffset: 0x00001425 ID des fehlerhaften Prozesses: 0x1cf4 Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0 Pfad der fehlerhaften Anwendung: plugin-container.exe1 Pfad des fehlerhaften Moduls: plugin-container.exe2 Berichtskennung: plugin-container.exe3 Error: (01/30/2015 02:33:56 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (01/30/2015 00:22:05 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors: ============= Error: (01/31/2015 08:47:53 PM) (Source: NetBT) (EventID: 4319) (User: ) Description: Ein doppelter Name wurde im TCP-Netzwerk entdeckt. Die IP-Adresse des Computers, der die Meldung gesendet hat, steht in den Daten. Verwenden Sie NBTSTAT -n an der Eingabeaufforderung, um den doppelten Namen zu bestimmen. Error: (01/31/2015 08:47:53 PM) (Source: NetBT) (EventID: 4319) (User: ) Description: Ein doppelter Name wurde im TCP-Netzwerk entdeckt. Die IP-Adresse des Computers, der die Meldung gesendet hat, steht in den Daten. Verwenden Sie NBTSTAT -n an der Eingabeaufforderung, um den doppelten Namen zu bestimmen. Error: (01/31/2015 08:47:53 PM) (Source: NetBT) (EventID: 4319) (User: ) Description: Ein doppelter Name wurde im TCP-Netzwerk entdeckt. Die IP-Adresse des Computers, der die Meldung gesendet hat, steht in den Daten. Verwenden Sie NBTSTAT -n an der Eingabeaufforderung, um den doppelten Namen zu bestimmen. Error: (01/31/2015 07:05:05 AM) (Source: cdrom) (EventID: 7) (User: ) Description: Fehlerhafter Block bei Gerät \Device\CdRom0. Error: (01/31/2015 07:05:04 AM) (Source: cdrom) (EventID: 7) (User: ) Description: Fehlerhafter Block bei Gerät \Device\CdRom0. Error: (01/31/2015 07:05:04 AM) (Source: cdrom) (EventID: 7) (User: ) Description: Fehlerhafter Block bei Gerät \Device\CdRom0. Error: (01/31/2015 07:05:00 AM) (Source: cdrom) (EventID: 7) (User: ) Description: Fehlerhafter Block bei Gerät \Device\CdRom0. Error: (01/31/2015 07:04:57 AM) (Source: cdrom) (EventID: 7) (User: ) Description: Fehlerhafter Block bei Gerät \Device\CdRom0. Error: (01/31/2015 07:04:53 AM) (Source: cdrom) (EventID: 7) (User: ) Description: Fehlerhafter Block bei Gerät \Device\CdRom0. Error: (01/31/2015 07:04:49 AM) (Source: cdrom) (EventID: 7) (User: ) Description: Fehlerhafter Block bei Gerät \Device\CdRom0. Microsoft Office Sessions: ========================= Error: (06/02/2013 00:22:52 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 176265 seconds with 4680 seconds of active time. This session ended with a crash. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i7-2630QM CPU @ 2.00GHz Percentage of memory in use: 35% Total physical RAM: 8104.29 MB Available physical RAM: 5228.99 MB Total Pagefile: 16206.76 MB Available Pagefile: 12681.5 MB Total Virtual: 8192 MB Available Virtual: 8191.84 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:471 GB) (Free:318.8 GB) NTFS Drive d: () (Fixed) (Total:204.6 GB) (Free:201.09 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 698.6 GB) (Disk ID: 524706CB) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=471 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=204.6 GB) - (Type=OF Extended) Partition 4: (Not Active) - (Size=22.9 GB) - (Type=27) ==================== End Of Log ============================ |
01.02.2015, 16:10 | #8 |
Ruhe in Frieden † 2019 | Windows 7: DealPLy.G, vorher Linkey, von G Data gefunden Hallo, das sieht doch gut aus. Hast du jetzt noch Probleme? Schritt 1 Da der Scan mit Eset sehr gründlich ist, kann er unter Umständen mehrere Stunden dauern ESET Online Scanner
Schritt 2 Starte noch einmal FRST.
|
01.02.2015, 16:18 | #9 |
| Windows 7: DealPLy.G, vorher Linkey, von G Data gefunden Hallo Sandra, Nein, bisher kein Problem mehr festgetellt. Ich vermute mal den Scan mit ESET sollte man wohl in jedem Fall machen, oder? Ich frage deshalb, weil mein Computer bei manchen Programmen - so auch gestern bei Malwarebytes - dazu neigt, trotz Aktivität abzuschalten. Wenn es mehrere Stunden dauert sehe ich schwarz. Unbedingt nötig? |
01.02.2015, 17:23 | #10 |
Ruhe in Frieden † 2019 | Windows 7: DealPLy.G, vorher Linkey, von G Data gefunden Hallo, ja der ist schon wichtig, schau sonst bitte in der Systemsteuerung nach unter Energieoptionen kannst du einstellen, dass er nicht abschaltet. |
03.02.2015, 05:09 | #11 |
| Windows 7: DealPLy.G, vorher Linkey, von G Data gefunden Hallo Sandra, In den Energieoptionen stand bei mire zwar nix mit Abschalten, aber ich hab mal Zuklappen und so weiter alles verändert, und siehe da... Gestern Nacht hatte ich vergessen, den Scan zu starten. Hier jetzt das Log: Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7623 # api_version=3.0.2 # EOSSerial=1ee20e4c7b699c488e15f1400d9cd351 # engine=22272 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2015-02-03 01:39:58 # local_time=2015-02-03 02:39:58 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1031 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='' # compatibility_mode=5893 16776573 100 94 64014 174557448 0 0 # scanned=214013 # found=27 # cleaned=0 # scan_time=14628 sh=D4B287A0266DC5F6F77F3E1A6B6BCCEBC02C3134 ft=1 fh=0a321bb339b36ed3 vn="Variante von Win32/Toolbar.DefaultTab.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\User\AppData\Roaming\defaulttab\defaulttab\DefaultTabBHO.dll.vir" sh=B6D2E20C72D0626903D1E67B3E6BE17881458AC8 ft=1 fh=48cb686bd0b760bf vn="Variante von Win32/Toolbar.DefaultTab.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\User\AppData\Roaming\defaulttab\defaulttab\DefaultTabStart.exe.vir" sh=F281EFD20F386099FE0FD6B0A15B3C82EDD5026C ft=1 fh=37c66d763e8eb8b3 vn="Win64/Toolbar.DefaultTab.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\User\AppData\Roaming\defaulttab\defaulttab\DefaultTabStart64.exe.vir" sh=A66441EA33B541895F23B3A4F8EB408B616A94BA ft=1 fh=02e58446c958c5ff vn="Win32/Toolbar.DefaultTab.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\User\AppData\Roaming\defaulttab\defaulttab\defaulttabuninstaller.exe.vir" sh=9C4BBB13B347FCC00E98F1A45C0BC7CE0C21E7E7 ft=1 fh=10a265e5733f77e3 vn="Variante von Win32/Toolbar.DefaultTab.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\User\AppData\Roaming\defaulttab\defaulttab\DefaultTabWrap.dll.vir" sh=F75A22FBFCB2CA4E00E71B4800503BA40BAD2054 ft=1 fh=d6e3bea2a582f889 vn="Win64/Toolbar.DefaultTab.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\User\AppData\Roaming\defaulttab\defaulttab\DefaultTabWrap64.dll.vir" sh=EA111903F48C1CB7FE5056509351A88EFE85114F ft=1 fh=0f73ddfd31d1def0 vn="Win32/Toolbar.DefaultTab.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\User\AppData\Roaming\defaulttab\defaulttab\dtupdate.exe.vir" sh=28539A70E2586CAB7CCF61E13653CDA3038F9319 ft=1 fh=d409c7a053045b55 vn="Variante von Win32/Toolbar.DefaultTab.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\User\AppData\Roaming\defaulttab\defaulttab\uninstalldt.exe.vir" sh=67DBA78BBB20E4F8802ECF34F0F7ACBD7E482F2F ft=1 fh=da1dcc152fe36b5d vn="Variante von Win32/Toolbar.DefaultTab.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\User\AppData\Roaming\defaulttab\defaulttab\update.exe.vir" sh=0E3B2EF424E3F98318D647120BD8923F1C86F03D ft=1 fh=cb024ee9143d2326 vn="Variante von Win32/Toolbar.DefaultTab.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\windows\SysWOW64\config\systemprofile\AppData\Roaming\defaulttab\defaulttab\DefaultTabBHO.dll.vir" sh=3D3A1643F851B5804DBDF628BD027E7832150BE6 ft=1 fh=e5d0ea741f20c5e3 vn="Variante von Win32/Toolbar.DefaultTab.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\windows\SysWOW64\config\systemprofile\AppData\Roaming\defaulttab\defaulttab\DefaultTabStart.exe.vir" sh=2DFE3B40CD4CE263337661E7A6489537EAC54EC3 ft=1 fh=2ed4f5c2f17891ac vn="Win64/Toolbar.DefaultTab.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\windows\SysWOW64\config\systemprofile\AppData\Roaming\defaulttab\defaulttab\DefaultTabStart64.exe.vir" sh=A66441EA33B541895F23B3A4F8EB408B616A94BA ft=1 fh=02e58446c958c5ff vn="Win32/Toolbar.DefaultTab.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\windows\SysWOW64\config\systemprofile\AppData\Roaming\defaulttab\defaulttab\DefaultTabUninstaller.exe.vir" sh=BFB9F931786A8B4BB3DD55A8089CCB42C737BFA3 ft=1 fh=6f89099aa279c44c vn="Variante von Win32/Toolbar.DefaultTab.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\windows\SysWOW64\config\systemprofile\AppData\Roaming\defaulttab\defaulttab\DefaultTabWrap.dll.vir" sh=1FB950E12B7C532368D9A6B286C33EA03793C8D7 ft=1 fh=2443041331d157f3 vn="Win64/Toolbar.DefaultTab.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\windows\SysWOW64\config\systemprofile\AppData\Roaming\defaulttab\defaulttab\DefaultTabWrap64.dll.vir" sh=20107B1A3462C1F63AD0135AF2C1B36011D3CE5C ft=1 fh=3ef4cd0616959b99 vn="Variante von Win32/Toolbar.DefaultTab.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\windows\SysWOW64\config\systemprofile\AppData\Roaming\defaulttab\defaulttab\uninstalldt.exe.vir" sh=35EAA81F625675E507502B609B7AA5A25775C21F ft=0 fh=0000000000000000 vn="JS/Kryptik.I Trojaner" ac=I fn="C:\Users\User\AppData\Local\Mozilla\Firefox\Profiles\ki6vzz44.default-1385707399717\cache2\entries\6E2E555496351B053B316EA91588ECF3CFA9C7CE" sh=30457F7CFBCDA8749B9CD92F573741C817F1503F ft=1 fh=28278fd3183d6da2 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\AppData\Local\Temp\DMR\dmr_72.exe" sh=EA97B0A005C1D6A95224AEAD5178AECC9C15BED9 ft=1 fh=52dea634f8b147aa vn="Win32/Mobogenie.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\AppData\Local\Temp\is1158881826\520015943_stp\Mobogenie_Setup_2.2.2_501.exe" sh=F64FFC5A25D68DF07E9FDE6F4460C73C9D4D334D ft=1 fh=8cfd63a6dea5661c vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Downloads\AVG Remover 2015 - CHIP-Installer.exe" sh=7A7C3EB794BE718DCF4A0174205B63B62321A796 ft=1 fh=c71c00112927adeb vn="Variante von Win32/InstallCore.BY evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Downloads\FreeYouTubeToMP3Converter_3.12.31.325.exe" sh=FAFD98E732BEF3CB7806C776CC25171C0ED8F261 ft=1 fh=851423878734aeac vn="Variante von Win32/Toolbar.DefaultTab.C evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.30_0\plugins\npDefaultTabSearch.dll" sh=01E530CFF771B3736766D51413153BF653C1D045 ft=1 fh=703f9826874db652 vn="Win32/Toolbar.SearchSuite.T evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Temp\nsg5FA0.tmp\Starter.exe" sh=01E530CFF771B3736766D51413153BF653C1D045 ft=1 fh=703f9826874db652 vn="Win32/Toolbar.SearchSuite.T evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Temp\nsm2780.tmp\Starter.exe" sh=FAFD98E732BEF3CB7806C776CC25171C0ED8F261 ft=1 fh=851423878734aeac vn="Variante von Win32/Toolbar.DefaultTab.C evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.30_0\plugins\npDefaultTabSearch.dll" sh=01E530CFF771B3736766D51413153BF653C1D045 ft=1 fh=703f9826874db652 vn="Win32/Toolbar.SearchSuite.T evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Temp\nsg5FA0.tmp\Starter.exe" sh=01E530CFF771B3736766D51413153BF653C1D045 ft=1 fh=703f9826874db652 vn="Win32/Toolbar.SearchSuite.T evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Temp\nsm2780.tmp\Starter.exe" Und dasd FRST-Log: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2015 Ran by User (administrator) on USER-PC on 03-02-2015 05:04:25 Running from C:\Users\User\Downloads Loaded Profiles: UpdatusUser & User (Available profiles: UpdatusUser & User & Software) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (G Data Software AG) C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe (G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlx64.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe () C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe (G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe (G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe (Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Seal One AG) C:\Users\User\AppData\Local\Temp\Seal One\SealOne.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Nalpeiron Ltd.) C:\Windows\SysWOW64\nalserv.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\acrotray.exe (G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe (G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\GdBgInx64.exe (G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\GDKBFltExe32.exe (Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe (Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe (G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe (Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe (CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe (Samsung Electronics Co., Ltd.) C:\Program Files\SAMSUNG\SamsungFastStart\SmartRestarter.exe (Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe (cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe (G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKBap64.exe (SAMSUNG Electronics) C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Samsung Electronics) C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe (SDL International) C:\Program Files (x86)\SDL International\T2007_FL\TT\TagEditor.exe (Macrovision Europe Ltd.) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE (Microsoft Corporation) C:\Windows\splwow64.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (SDL) C:\Program Files (x86)\SDL\SDL Trados Studio\Studio2\SDLTradosStudio.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\Acrobat.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (SDL International) C:\Program Files (x86)\SDL International\T2007_FL\TT\TW4Win.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11855976 2011-05-19] (Realtek Semiconductor) HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2817872 2012-04-25] (ELAN Microelectronics Corp.) HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM-x32\...\Run: [Acrobat Assistant 7.0] => C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\Acrotray.exe [483328 2004-12-14] (Adobe Systems Inc.) HKLM-x32\...\Run: [GDFirewallTray] => C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe [1756792 2014-05-20] (G Data Software AG) HKLM-x32\...\Run: [G Data ASM] => C:\Program Files (x86)\G Data\InternetSecurity\DelayLoader\AutorunDelayLoader.exe [431224 2013-12-19] (G Data Software AG) HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe,c:\program files (x86)\g data\internetsecurity\avkkid\avkcks.exe, Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-19\...\Winlogon: [Shell] C:\windows\Explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION HKU\S-1-5-20\...\Winlogon: [Shell] C:\windows\Explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION HKU\S-1-5-21-336506335-2600101090-358185080-1000\...\Winlogon: [Shell] C:\windows\Explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION HKU\S-1-5-21-336506335-2600101090-358185080-1001\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [152872 2007-06-27] (Nero AG) HKU\S-1-5-21-336506335-2600101090-358185080-1001\...\Run: [SealOne] => C:\Users\User\AppData\Roaming\Seal One\SealOne.exe [280600 2013-09-23] (Seal One AG) HKU\S-1-5-21-336506335-2600101090-358185080-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.) HKU\S-1-5-21-336506335-2600101090-358185080-1001\...\MountPoints2: G - G:\SealOne.exe HKU\S-1-5-21-336506335-2600101090-358185080-1001\...\MountPoints2: {1d648118-54ef-11e4-995f-e811329ab670} - G:\LaunchU3.exe -a HKU\S-1-5-21-336506335-2600101090-358185080-1001\...\MountPoints2: {68e638fd-2c55-11e3-be3e-e811329ab670} - G:\SealOne.exe HKU\S-1-5-21-336506335-2600101090-358185080-1001\...\MountPoints2: {704a96b1-1d49-11e3-abc8-e811329ab670} - G:\SealOne.exe HKU\S-1-5-21-336506335-2600101090-358185080-1001\...\Winlogon: [Shell] C:\windows\Explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION HKU\S-1-5-18\...\Winlogon: [Shell] C:\windows\Explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION AppInit_DLLs: C:\windows\system32\nvinitx.dll => C:\windows\system32\nvinitx.dll [226920 2011-05-04] (NVIDIA Corporation) AppInit_DLLs-x32: C:\windows\SysWOW64\nvinit.dll => C:\windows\SysWOW64\nvinit.dll [192616 2011-05-04] (NVIDIA Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk ShortcutTarget: Adobe Acrobat Speed Launcher.lnk -> C:\Windows\Installer\{AC76BA86-1033-0000-7760-100000000002}\SC_Acrobat.exe () Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Deskjet 1010 series.lnk ShortcutTarget: Tintenwarnungen überwachen - HP Deskjet 1010 series.lnk -> C:\Program Files\HP\HP Deskjet 1010 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=56626&homepage=hxxp://go.microsoft.com/fwlink/p/?LinkId=255141 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\S-1-5-21-336506335-2600101090-358185080-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-336506335-2600101090-358185080-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-336506335-2600101090-358185080-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-336506335-2600101090-358185080-1001 -> {1701CD96-AFD5-45EA-AD76-8568770182B8} URL = hxxp://www.mysearchresults.com/search?c=3527&t=01&q={searchTerms} BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: AcroIEHlprObj Class -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.5.0_10\bin\ssv.dll (Sun Microsystems, Inc.) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Samsung BHO Class -> {AA609D72-8482-4076-8991-8CDAE5B93BCB} -> C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll () BHO-x32: AcroIEToolbarHelper Class -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} DPF: HKLM-x32 {FA3D8C85-2F5A-43B9-B8A9-DDD015EBB166} hxxp://mozart.hunter.com/VocabTranslate/TranslationTextBox.ocx Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 FireFox: ======== FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ki6vzz44.default-1385707399717 FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_38 -> C:\windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npatgpc.dll (Cisco WebEx LLC) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF Extension: LEOs Dictionaries - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ki6vzz44.default-1385707399717\Extensions\contextMenuExtension@leo.org.xpi [2013-12-11] FF Extension: Quick Translator - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ki6vzz44.default-1385707399717\Extensions\{5C655500-E712-41e7-9349-CE462F844B19}.xpi [2013-12-12] FF Extension: NoScript - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ki6vzz44.default-1385707399717\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-01-07] FF HKU\S-1-5-21-336506335-2600101090-358185080-1001\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-03-28] Chrome: ======= CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-12-20] CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-12-20] CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-12-20] CHR Extension: (Word CaptureX Extension) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjdepfkicdcciagbigfcmdhknnoaaegf [2012-12-20] CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-12-20] CHR HKLM-x32\...\Chrome\Extension: [mjdepfkicdcciagbigfcmdhknnoaaegf] - C:\Program Files (x86)\Deskperience\Word Capture\wcxChrome.crx [2010-07-23] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AAV UpdateService; C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] () R2 AVKProxy; C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [2250360 2014-10-14] (G Data Software AG) R2 AVKService; C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe [914552 2013-12-19] (G Data Software AG) R2 AVKWCtl; C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlx64.exe [2683760 2014-05-20] (G Data Software AG) S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [246256 2010-08-25] (CyberLink) R3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [647680 2013-01-02] (Macrovision Europe Ltd.) [File not signed] R3 GDFwSvc; C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe [3228136 2014-08-21] (G Data Software AG) R3 GDScan; C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [700536 2014-05-20] (G Data Software AG) S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed] R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed] R2 NalServ; C:\windows\SysWOW64\nalserv.exe [147056 2014-04-10] (Nalpeiron Ltd.) R3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [279848 2007-06-27] (Nero AG) R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-12-01] () [File not signed] R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R0 GDBehave; C:\Windows\System32\drivers\GDBehave.sys [55808 2014-09-07] (G Data Software AG) R1 GDKBFlt; C:\windows\system32\drivers\GDKBFlt64.sys [20992 2014-10-31] (G Data Software AG) R1 GDMnIcpt; C:\windows\system32\drivers\MiniIcpt.sys [142336 2014-10-13] (G Data Software AG) R3 GDPkIcpt; C:\windows\system32\drivers\PktIcpt.sys [64000 2014-09-07] (G Data Software AG) R1 gdwfpcd; C:\Windows\System32\drivers\gdwfpcd64.sys [64512 2015-01-25] (G Data Software AG) R1 GRD; C:\windows\system32\drivers\GRD.sys [106272 2014-09-06] (G Data Software) R1 HookCentre; C:\windows\system32\drivers\HookCentre.sys [61440 2014-09-07] (G Data Software AG) R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-02] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation) R0 speedfan; C:\Windows\SysWow64\speedfan.sys [14104 2007-02-07] (Windows (R) Server 2003 DDK provider) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-02 22:28 - 2015-02-02 22:28 - 00000000 ____D () C:\Program Files (x86)\ESET 2015-02-02 21:43 - 2015-02-02 21:43 - 02347384 _____ (ESET) C:\Users\User\Downloads\esetsmartinstaller_deu.exe 2015-02-01 03:04 - 2015-02-01 03:04 - 00006024 _____ () C:\Users\User\Desktop\mbam.txt 2015-02-01 02:02 - 2015-02-02 20:15 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys 2015-02-01 02:01 - 2015-02-01 02:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-02-01 02:01 - 2015-02-01 02:01 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-02-01 02:01 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys 2015-02-01 02:01 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys 2015-02-01 02:01 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys 2015-01-31 17:57 - 2015-02-01 01:56 - 02131456 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe 2015-01-31 17:57 - 2015-02-01 01:56 - 00000000 ____D () C:\Users\User\Downloads\FRST-OlderVersion 2015-01-31 17:56 - 2015-01-31 17:56 - 00000032 _____ () C:\Users\User\Desktop\Fixlist.txt 2015-01-31 15:19 - 2015-01-31 15:19 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-01-31 15:15 - 2015-01-31 15:18 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\User\Downloads\mbam-setup-2.0.4.1028.exe 2015-01-31 09:03 - 2015-01-31 11:27 - 00005103 _____ () C:\Users\User\Downloads\GMER.txt 2015-01-31 08:39 - 2015-02-01 03:06 - 00037644 _____ () C:\Users\User\Downloads\Addition.txt 2015-01-31 08:38 - 2015-02-03 05:04 - 00021217 _____ () C:\Users\User\Downloads\FRST.txt 2015-01-31 08:37 - 2015-02-03 05:04 - 00000000 ____D () C:\FRST 2015-01-31 08:36 - 2015-01-31 08:36 - 00380416 _____ () C:\Users\User\Downloads\Gmer-19357.exe 2015-01-31 08:25 - 2015-01-31 08:25 - 00050477 _____ () C:\Users\User\Downloads\Defogger.exe 2015-01-31 08:25 - 2015-01-31 08:25 - 00000470 _____ () C:\Users\User\Downloads\defogger_disable.log 2015-01-31 08:25 - 2015-01-31 08:25 - 00000000 _____ () C:\Users\User\defogger_reenable 2015-01-30 17:29 - 2015-01-30 17:29 - 00001045 _____ () C:\Users\Public\Desktop\Xbench.lnk 2015-01-30 17:29 - 2015-01-30 17:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ApSIC Tools 2015-01-30 17:28 - 2015-01-30 17:29 - 00000000 ____D () C:\Users\User\Downloads\X-Bench 2015-01-30 17:27 - 2015-01-30 17:27 - 00003100 _____ () C:\windows\System32\Tasks\{83A45E20-E3A8-4E04-913E-80B346D2A23E} 2015-01-28 05:08 - 2015-01-28 05:14 - 00000000 ____D () C:\AdwCleaner 2015-01-28 05:07 - 2015-01-28 05:07 - 02194432 _____ () C:\Users\User\Downloads\AdwCleaner09.exe 2015-01-26 22:08 - 2015-01-26 22:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-01-25 20:43 - 2015-01-25 20:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G DATA INTERNET SECURITY 2015-01-25 14:33 - 2015-01-25 14:33 - 00002207 _____ () C:\Users\Software\Desktop\Google Chrome.lnk 2015-01-25 14:33 - 2015-01-25 14:33 - 00000306 __RSH () C:\Users\Software\ntuser.pol 2015-01-25 14:33 - 2015-01-25 14:33 - 00000000 ____D () C:\Users\Software\AppData\Local\Google 2015-01-25 14:33 - 2015-01-25 14:33 - 00000000 ____D () C:\Users\Software\AppData\Local\Adobe 2015-01-22 03:49 - 2015-02-02 04:53 - 00003922 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{876F45E0-7F4C-407B-BCE7-FBB636AC1A7E} 2015-01-21 20:40 - 2015-01-21 20:40 - 00000000 ____D () C:\Users\User\AppData\Roaming\WebTest 2015-01-21 20:34 - 2015-01-25 22:43 - 00000000 ____D () C:\Users\User\AppData\Local\Finkit 2015-01-21 20:34 - 2015-01-21 20:34 - 00000095 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc 2015-01-21 20:34 - 2015-01-21 20:34 - 00000089 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.64.bc 2015-01-21 20:33 - 2015-01-21 20:33 - 05964760 _____ () C:\Users\User\Desktop\ManicTime-2-3-8.exe 2015-01-15 09:08 - 2015-01-15 09:08 - 00009083 _____ () C:\Users\User\Desktop\01 Januar - Verknüpfung.lnk 2015-01-14 18:48 - 2015-01-14 18:48 - 00000975 _____ () C:\Users\User\Desktop\Aktuell - Verknüpfung.lnk 2015-01-14 03:20 - 2015-01-15 15:26 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird 2015-01-14 03:03 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\profsvc.dll 2015-01-14 03:03 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxdav.sys 2015-01-14 03:03 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe 2015-01-14 03:03 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll 2015-01-14 03:03 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe 2015-01-14 03:03 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll 2015-01-14 03:03 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe 2015-01-14 03:03 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe 2015-01-14 03:03 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll 2015-01-14 03:03 - 2014-12-11 18:47 - 00052736 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe 2015-01-14 03:03 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\windows\system32\nlasvc.dll 2015-01-14 03:03 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncsi.dll 2015-01-14 03:03 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\windows\SysWOW64\nlaapi.dll ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-03 04:53 - 2012-12-21 20:58 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job 2015-02-03 04:51 - 2012-12-20 18:26 - 00001110 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-02-03 04:49 - 2012-12-20 16:45 - 00000000 ____D () C:\Users\User\AppData\Roaming\Skype 2015-02-03 03:00 - 2011-06-23 02:02 - 01239521 _____ () C:\windows\WindowsUpdate.log 2015-02-03 02:51 - 2012-12-20 18:26 - 00001106 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-02-02 19:28 - 2013-07-24 16:11 - 00602810 _____ () C:\windows\setupact.log 2015-02-02 12:56 - 2014-06-09 22:20 - 00000000 ____D () C:\Users\User\AppData\Local\CrashDumps 2015-02-01 09:28 - 2009-07-14 05:45 - 00028848 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-02-01 09:28 - 2009-07-14 05:45 - 00028848 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-02-01 09:19 - 2009-07-14 06:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT 2015-02-01 09:18 - 2010-11-21 04:47 - 00794942 _____ () C:\windows\PFRO.log 2015-01-31 16:18 - 2012-12-23 11:04 - 00000000 ____D () C:\Users\User\.freemind 2015-01-30 21:32 - 2012-12-29 22:55 - 00000000 ____D () C:\Users\User\AppData\Roaming\FileZilla 2015-01-30 17:29 - 2013-01-07 17:50 - 00000000 ____D () C:\Program Files (x86)\ApSIC 2015-01-27 15:31 - 2012-12-21 20:15 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-01-25 20:43 - 2014-10-13 18:42 - 00001938 _____ () C:\Users\Public\Desktop\G DATA INTERNET SECURITY.lnk 2015-01-25 20:42 - 2014-09-06 23:19 - 00064512 _____ (G Data Software AG) C:\windows\system32\Drivers\gdwfpcd64.sys 2015-01-25 20:42 - 2011-06-22 10:12 - 00028410 _____ () C:\windows\DPINST.LOG 2015-01-25 14:33 - 2012-12-25 22:00 - 00000000 ____D () C:\Users\Software\AppData\Roaming\Adobe 2015-01-25 14:33 - 2012-12-25 21:57 - 00001421 _____ () C:\Users\Software\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-01-25 14:33 - 2012-12-25 21:57 - 00000000 ____D () C:\Users\Software 2015-01-25 14:33 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Public\Libraries 2015-01-24 21:53 - 2012-12-21 20:58 - 00701616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe 2015-01-24 21:53 - 2012-12-21 20:58 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-01-24 21:53 - 2012-12-21 20:58 - 00003822 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater 2015-01-18 18:26 - 2013-12-07 11:27 - 00000000 ____D () C:\Users\User\Documents\Aktuell 2015-01-15 04:56 - 2014-11-19 18:45 - 00000000 ____D () C:\windows\system32\MRT 2015-01-15 04:50 - 2013-12-18 09:43 - 113365784 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe 2015-01-13 20:46 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\system32\NDF 2015-01-12 09:46 - 2012-12-20 16:12 - 00000000 ____D () C:\Users\User\AppData\Local\Adobe 2015-01-09 13:39 - 2012-12-29 18:20 - 00000000 ____D () C:\Users\User\Documents\Private Dokumente 2015-01-07 12:31 - 2011-06-23 01:27 - 00699474 _____ () C:\windows\system32\perfh007.dat 2015-01-07 12:31 - 2011-06-23 01:27 - 00149582 _____ () C:\windows\system32\perfc007.dat 2015-01-07 12:31 - 2009-07-14 06:13 - 01619816 _____ () C:\windows\system32\PerfStringBackup.INI 2015-01-07 10:47 - 2012-12-29 18:13 - 00000000 ____D () C:\Users\User\Documents\Dokument Arbeit 2015-01-06 04:36 - 2010-11-21 04:27 - 00298120 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe ==================== Files in the root of some directories ======= 2014-09-06 23:18 - 2014-09-06 23:18 - 0000000 _____ () C:\Users\User\AppData\Roaming\gdfw.log 2014-09-06 23:18 - 2014-09-06 23:18 - 0000779 _____ () C:\Users\User\AppData\Roaming\gdscan.log 2012-12-26 11:52 - 2012-12-26 11:52 - 0000057 _____ () C:\ProgramData\Ament.ini 2015-01-21 20:34 - 2015-01-21 20:34 - 0000095 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc 2015-01-21 20:34 - 2015-01-21 20:34 - 0000089 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.64.bc 2011-06-22 10:31 - 2011-06-22 10:32 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log 2011-06-22 10:28 - 2011-06-22 10:28 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log 2011-06-22 10:24 - 2011-06-22 10:27 - 0000106 _____ () C:\ProgramData\{80E158EA-7181-40FE-A701-301CE6BE64AB}.log 2011-06-22 10:28 - 2011-06-22 10:30 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log 2011-06-22 10:30 - 2011-06-22 10:31 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log Some content of TEMP: ==================== C:\Users\User\AppData\Local\Temp\DseShExt-x64.dll C:\Users\User\AppData\Local\Temp\DseShExt-x86.dll C:\Users\User\AppData\Local\Temp\kqrzamlt.dll C:\Users\User\AppData\Local\Temp\oi_{B2AEFB9F-47C8-4B6C-80E4-61A12BDB9DB9}.exe C:\Users\User\AppData\Local\Temp\oi_{BCD57690-7DFB-4243-839F-9E4663235F18}.exe C:\Users\User\AppData\Local\Temp\pdf24-creator-update.exe C:\Users\User\AppData\Local\Temp\SDShelEx-win32.dll C:\Users\User\AppData\Local\Temp\SDShelEx-x64.dll C:\Users\User\AppData\Local\Temp\Shockwave_Installer_FF.exe C:\Users\User\AppData\Local\Temp\SimBundD.exe C:\Users\User\AppData\Local\Temp\vcredist_x64.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-02-03 03:05 ==================== End Of Log ============================ |
04.02.2015, 01:18 | #12 |
Ruhe in Frieden † 2019 | Windows 7: DealPLy.G, vorher Linkey, von G Data gefunden Hallo, sehr gut. Schritt 1 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter C:\Users\User\AppData\Local\Mozilla\Firefox\Profiles\ki6vzz44.default-1385707399717\cache2\entries\6E2E555496351B053B316EA91588ECF3CFA9C7CE C:\Users\User\AppData\Local\Temp\DMR\ C:\Users\User\AppData\Local\Temp\is1158881826\ C:\Users\User\Downloads\AVG Remover 2015 - CHIP-Installer.exe C:\Users\User\Downloads\FreeYouTubeToMP3Converter_3.12.31.325.exe C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.30_0\plugins\npDefaultTabSearch.dll C:\Windows\System32\config\systemprofile\AppData\Local\Temp\nsg5FA0.tmp\Starter.exe C:\Windows\System32\config\systemprofile\AppData\Local\Temp\nsm2780.tmp\Starter.exe C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.30_0\plugins\npDefaultTabSearch.dll C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Temp\nsg5FA0.tmp\ C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Temp\nsm2780.tmp\ Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
OK So wie ich es sehe, haben wir damit alles Schadhafte entfernt. Deine Logs sind sauber. Abschließend räumen wir noch etwas auf, führen Updates durch und dann bekommst du noch etwas Lesestoff von mir. Schritt 1 Falls Du Malwarebytes-Antimalware und den ESET-Onlinescan nicht mehr benötigst, kannst Du beide Programme einfach über die Programmdeinstallation deinstallieren. Ich empfehle Dir aber zumindest Malwarebytes zu behalten, und damit einmal die Woche einen Kontrollscan zu machen. Schritt 2 Downloade dir bitte delfix auf deinen Desktop.
Updates / Programme aktualisieren
Deinstalliere Deinen Reader und lade Dir die neueste Version von hier herunter. Schaue, ob sich noch etwas mit installieren möchte und entferne den Haken gegebenenfalls. Nun zum Schluss noch ein paar Tipps zur Absicherung deines Systems. Ändere regelmäßig alle deine Passwörter, jetzt, nach der Bereinigung ist ein idealer Zeitpunkt dafür
Aktualität des Systems Es ist extrem wichtig, dass sowohl dein System als auch die darauf installierte sicherheitsrelevante Software (Flash Player, PDF-Reader und besonders Java, sofern vorhanden) aktuell sind.
Falls du Java doch unbedingt benötigst, dann
Dazu:
Hier findest du eine Anleitung dazu. Antivirensoftware
Zusätzlicher Schutz
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der Internet Explorer, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Systemleistung Lösche regelmäßig deine temporären Dateien. Ich empfehle hierzu die Datenträgerbereinigung von Windows. Windows Vista
Windows 7
Windows 8
Halte dich fern von jeglichen Registry Cleanern. Diese schaden deinem System mehr als dass sie es schneller machen. Verhaltensregeln zum sichereren Surfen
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen. Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind. Falls Du Lob oder Kritik abgeben möchtest, kannst Du das sehr gerne hier tun. Wenn Du etwas für das Forum und unsere Arbeit spenden möchtest, so kannst Du das hier tun. |
Themen zu Windows 7: DealPLy.G, vorher Linkey, von G Data gefunden |
besondere, browser-fenster, data, entfern, entfernt, falle, falsche, falschen, g data, gefunde, hoffe, installiere, installieren, klick, neue, popups, poste, posten, scans, schnell, spende, versuche, website, websites, windows, windows 7 |