|
Log-Analyse und Auswertung: Windows 7: im neuen Tab öffnet sich omiga-plus.comWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
03.02.2015, 13:02 | #1 |
| Windows 7: im neuen Tab öffnet sich omiga-plus.com Liebes Trojaner-Board Team, wie im Titel schon gesagt, öffnet sich bei mir immer die Seite omiga-plus.com, statt meiner eingestellten Startseite. Vielen Dank schon mal im Voraus bei der Behebung des Problems LG Jooker defogger Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1) Log created at 12:18 on 03/02/2015 (Charly) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2015 Ran by Charly (administrator) on CHARLY-PC on 03-02-2015 12:26:11 Running from C:\Users\Charly\Desktop Loaded Profiles: Charly (Available profiles: Charly & Gast) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Intel Corporation) C:\WINDOWS\System32\hkcmd.exe (Intel Corporation) C:\WINDOWS\System32\igfxpers.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe (Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Microsoft Corporation) C:\WINDOWS\System32\rundll32.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE (Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) C:\WINDOWS\System32\StikyNot.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe (Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe () C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Microsoft Corporation) C:\WINDOWS\System32\wlanext.exe (Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe (STab_Down) C:\Users\Charly\AppData\Local\Temp\Wtmp1432676756\tmp\STab_Down_6.0.6.6.exe (SysTool PasSame LIMITED) C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) C:\WINDOWS\SysWOW64\wbem\WmiPrvSE.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [525312 2011-01-25] (IDT, Inc.) HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [609144 2011-04-13] (Alps Electric Co., Ltd.) HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [3666800 2011-01-22] (Dell Inc.) HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1933584 2010-12-17] (Intel(R) Corporation) HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp HKLM\...\Run: [Stage Remote] => C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe -Quiet HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch HKLM\...\Run: [DellStage] => C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe [2195824 2012-02-01] () HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [503942 2011-04-13] (Creative Technology Ltd) HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-06] (Intel Corporation) HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation) HKLM-x32\...\Run: [RoxWatchTray] => c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions) HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation) HKLM-x32\...\Run: [Desktop Disc Tool] => c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] () HKLM-x32\...\Run: [AccuWeatherWidget] => C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe [968048 2012-02-01] () HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-10] (AVAST Software) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation) HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2015-01-14] (Samsung Electronics Co., Ltd.) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) HKLM-x32\...\Run: [] => [X] Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-1885151078-40185133-285767259-1000\...\Run: [Facebook Update] => C:\Users\Charly\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-12] (Facebook Inc.) HKU\S-1-5-21-1885151078-40185133-285767259-1000\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2014-10-14] (Microsoft Corporation) HKU\S-1-5-21-1885151078-40185133-285767259-1000\...\Run: [HP Officejet 6600 (NET)] => C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.) HKU\S-1-5-21-1885151078-40185133-285767259-1000\...\Run: [RESTART_STICKY_NOTES] => C:\WINDOWS\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation) HKU\S-1-5-21-1885151078-40185133-285767259-1000\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1565504 2015-01-14] (Samsung) HKU\S-1-5-21-1885151078-40185133-285767259-1000\...\Policies\system: [LogonHoursAction] 2 HKU\S-1-5-21-1885151078-40185133-285767259-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia) Startup: C:\Users\Charly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://isearch.omiga-plus.com/?type=hp&ts=1422807498&from=tugs&uid=ST9500420AS_5VJDGZW8XXXX5VJDGZW8 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://isearch.omiga-plus.com/?type=hp&ts=1422807498&from=tugs&uid=ST9500420AS_5VJDGZW8XXXX5VJDGZW8 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1422807498&from=tugs&uid=ST9500420AS_5VJDGZW8XXXX5VJDGZW8&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1422807498&from=tugs&uid=ST9500420AS_5VJDGZW8XXXX5VJDGZW8&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://isearch.omiga-plus.com/?type=hp&ts=1422807498&from=tugs&uid=ST9500420AS_5VJDGZW8XXXX5VJDGZW8 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://isearch.omiga-plus.com/?type=hp&ts=1422807498&from=tugs&uid=ST9500420AS_5VJDGZW8XXXX5VJDGZW8 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1422807498&from=tugs&uid=ST9500420AS_5VJDGZW8XXXX5VJDGZW8&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1422807498&from=tugs&uid=ST9500420AS_5VJDGZW8XXXX5VJDGZW8&q={searchTerms} HKU\S-1-5-21-1885151078-40185133-285767259-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://isearch.omiga-plus.com/?type=hp&ts=1422807498&from=tugs&uid=ST9500420AS_5VJDGZW8XXXX5VJDGZW8 HKU\S-1-5-21-1885151078-40185133-285767259-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://isearch.omiga-plus.com/?type=hp&ts=1422807498&from=tugs&uid=ST9500420AS_5VJDGZW8XXXX5VJDGZW8 SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1422807498&from=tugs&uid=ST9500420AS_5VJDGZW8XXXX5VJDGZW8&q={searchTerms} SearchScopes: HKLM -> {2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1422807498&from=tugs&uid=ST9500420AS_5VJDGZW8XXXX5VJDGZW8&q={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1422807498&from=tugs&uid=ST9500420AS_5VJDGZW8XXXX5VJDGZW8&q={searchTerms} SearchScopes: HKLM-x32 -> {2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1422807498&from=tugs&uid=ST9500420AS_5VJDGZW8XXXX5VJDGZW8&q={searchTerms} SearchScopes: HKU\S-1-5-21-1885151078-40185133-285767259-1000 -> {2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} URL = BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File DPF: HKLM-x32 {6C269571-C6D7-4818-BCA4-32A035E8C884} hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15118/CTPID.cab Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 172.29.11.1 StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://isearch.omiga-plus.com/?type=sc&ts=1422807498&from=tugs&uid=ST9500420AS_5VJDGZW8XXXX5VJDGZW8 FireFox: ======== FF ProfilePath: C:\Users\Charly\AppData\Roaming\Mozilla\Firefox\Profiles\rl566buh.default FF NewTab: hxxp://isearch.omiga-plus.com/newtab/?type=nt&ts=1422807498&from=tugs&uid=ST9500420AS_5VJDGZW8XXXX5VJDGZW8 FF Homepage: hxxp://isearch.omiga-plus.com/?type=hp&ts=1422807498&from=tugs&uid=ST9500420AS_5VJDGZW8XXXX5VJDGZW8 FF NetworkProxy: "backup.ftp", "172.27.10.1" FF NetworkProxy: "backup.ftp_port", 8080 FF NetworkProxy: "backup.socks", "172.27.10.1" FF NetworkProxy: "backup.socks_port", 8080 FF NetworkProxy: "backup.ssl", "172.27.10.1" FF NetworkProxy: "backup.ssl_port", 8080 FF NetworkProxy: "ftp", "172.27.10.1" FF NetworkProxy: "ftp_port", 8080 FF NetworkProxy: "http", "172.27.10.1" FF NetworkProxy: "http_port", 8080 FF NetworkProxy: "share_proxy_settings", true FF NetworkProxy: "socks", "172.27.10.1" FF NetworkProxy: "socks_port", 8080 FF NetworkProxy: "ssl", "172.27.10.1" FF NetworkProxy: "ssl_port", 8080 FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll () FF Plugin: @java.com/DTPlugin,version=1.6.0_41 -> C:\windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1205146.dll (Adobe Systems, Inc.) FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-1885151078-40185133-285767259-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Charly\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF Plugin HKU\S-1-5-21-1885151078-40185133-285767259-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Charly\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF SearchPlugin: C:\Users\Charly\AppData\Roaming\Mozilla\Firefox\Profiles\rl566buh.default\searchplugins\duckduckgo.xml FF SearchPlugin: C:\Users\Charly\AppData\Roaming\Mozilla\Firefox\Profiles\rl566buh.default\searchplugins\dudende-suche.xml FF SearchPlugin: C:\Users\Charly\AppData\Roaming\Mozilla\Firefox\Profiles\rl566buh.default\searchplugins\ixquick-ssl.xml FF SearchPlugin: C:\Users\Charly\AppData\Roaming\Mozilla\Firefox\Profiles\rl566buh.default\searchplugins\leo-deu-fra.xml FF SearchPlugin: C:\Users\Charly\AppData\Roaming\Mozilla\Firefox\Profiles\rl566buh.default\searchplugins\openthesaurus.xml FF SearchPlugin: C:\Users\Charly\AppData\Roaming\Mozilla\Firefox\Profiles\rl566buh.default\searchplugins\ponscom--franzsisch--deutsch.xml FF SearchPlugin: C:\Users\Charly\AppData\Roaming\Mozilla\Firefox\Profiles\rl566buh.default\searchplugins\visualbee.xml FF SearchPlugin: C:\Users\Charly\AppData\Roaming\Mozilla\Firefox\Profiles\rl566buh.default\searchplugins\wettercom.xml FF Extension: Web Developer - C:\Users\Charly\AppData\Roaming\Mozilla\Firefox\Profiles\rl566buh.default\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2014-11-16] FF Extension: Adblock Plus - C:\Users\Charly\AppData\Roaming\Mozilla\Firefox\Profiles\rl566buh.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-09-06] FF Extension: Tab Mix Plus - C:\Users\Charly\AppData\Roaming\Mozilla\Firefox\Profiles\rl566buh.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2011-09-06] FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCore FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-12-16] FF HKLM-x32\...\Firefox\Extensions: [fftoolbar2014@etech.com] - C:\Users\Charly\AppData\Roaming\Mozilla\Firefox\Profiles\rl566buh.default\extensions\fftoolbar2014@etech.com FF HKLM-x32\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\Charly\AppData\Roaming\Mozilla\Firefox\Profiles\rl566buh.default\extensions\faststartff@gmail.com FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK FF HKU\S-1-5-21-1885151078-40185133-285767259-1000\...\Firefox\Extensions: [mail@gutscheinrausch.de] - C:\Users\Charly\AppData\Roaming\Mozilla\Firefox\Profiles\rl566buh.default\extensions\mail@gutscheinrausch.de Chrome: ======= CHR Profile: C:\Users\Charly\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Docs) - C:\Users\Charly\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-03-20] CHR Extension: (Google Drive) - C:\Users\Charly\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-03-20] CHR Extension: (YouTube) - C:\Users\Charly\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-03-20] CHR Extension: (Google-Suche) - C:\Users\Charly\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-03-20] CHR Extension: (Google Mail) - C:\Users\Charly\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-03-20] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-14] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-14] (AVAST Software) R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-12-14] (Avast Software) R2 Bluetooth Device Monitor; C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [897088 2010-11-03] (Intel Corporation) [File not signed] R3 Bluetooth Media Service; C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [1298496 2010-11-03] (Intel Corporation) [File not signed] S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed] S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-12-17] () S2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1225312 2012-11-26] (Secunia) R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [659040 2012-11-26] (Secunia) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [464384 2015-02-01] (SysTool PasSame LIMITED) [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-12-14] () R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [22600 2013-03-07] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-12-14] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-12-14] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-12-14] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-12-14] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-12-14] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-12-14] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-12-14] () R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2014-12-14] (Avast Software) R1 qrnfd_1_10_0_8; system32\drivers\qrnfd_1_10_0_8.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-03 12:25 - 2015-02-03 12:26 - 00039289 _____ () C:\Users\Charly\Desktop\Addition.txt 2015-02-03 12:24 - 2015-02-03 12:26 - 00025515 _____ () C:\Users\Charly\Desktop\FRST.txt 2015-02-03 12:23 - 2015-02-03 12:26 - 00000000 ____D () C:\FRST 2015-02-03 12:21 - 2015-02-03 12:22 - 02131456 _____ (Farbar) C:\Users\Charly\Desktop\FRST64.exe 2015-02-03 12:18 - 2015-02-03 12:18 - 00000474 _____ () C:\Users\Charly\Desktop\defogger_disable.log 2015-02-03 12:18 - 2015-02-03 12:18 - 00000000 _____ () C:\Users\Charly\defogger_reenable 2015-02-03 12:07 - 2015-02-03 12:07 - 00050477 _____ () C:\Users\Charly\Desktop\Defogger.exe 2015-02-01 17:36 - 2015-02-01 17:36 - 00004018 _____ () C:\windows\System32\Tasks\LaunchSignup 2015-02-01 17:20 - 2015-02-01 17:20 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect 2015-02-01 17:19 - 2015-02-01 17:20 - 00000000 ____D () C:\Users\Charly\Documents\ProPCCleaner 2015-02-01 17:19 - 2015-02-01 17:19 - 00003200 _____ () C:\windows\System32\Tasks\ProPCCleaner_Start 2015-02-01 17:19 - 2015-02-01 17:19 - 00000000 ____D () C:\Users\Charly\AppData\Local\Pro_PC_Cleaner 2015-02-01 17:18 - 2015-02-03 11:53 - 00001340 _____ () C:\windows\Tasks\DAPXB.job 2015-02-01 17:18 - 2015-02-03 11:53 - 00001338 _____ () C:\windows\Tasks\OAMZ.job 2015-02-01 17:18 - 2015-02-01 17:19 - 00004370 _____ () C:\windows\System32\Tasks\DAPXB 2015-02-01 17:18 - 2015-02-01 17:18 - 01960408 _____ (VenturesMPlayer) C:\Users\Charly\AppData\Roaming\OAMZ.exe 2015-02-01 17:18 - 2015-02-01 17:18 - 01482200 _____ (VenturesMPlayer) C:\Users\Charly\AppData\Roaming\DAPXB.exe 2015-02-01 17:18 - 2015-02-01 17:18 - 00004368 _____ () C:\windows\System32\Tasks\OAMZ 2015-02-01 17:18 - 2015-02-01 17:18 - 00000000 ____D () C:\Users\Charly\AppData\Local\globalUpdate 2015-02-01 17:18 - 2015-02-01 17:18 - 00000000 ____D () C:\Program Files (x86)\globalUpdate 2015-02-01 17:17 - 2015-02-01 17:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PepperZip 2015-01-27 20:20 - 2015-01-27 20:20 - 19029752 _____ () C:\Users\Charly\Downloads\Anhänge_2015127.zip 2015-01-27 18:29 - 2015-01-27 18:29 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-01-25 17:12 - 2015-01-25 17:12 - 00002086 _____ () C:\Users\Charly\AppData\Roaming\DAPXB 2015-01-25 17:12 - 2015-01-25 17:12 - 00001248 _____ () C:\Users\Charly\AppData\Roaming\OAMZ 2015-01-20 00:46 - 2015-01-20 00:47 - 00000000 ____D () C:\Users\Charly\Desktop\Neuer Ordner 2015-01-18 21:41 - 2015-01-18 21:41 - 00247739 _____ () C:\Users\Charly\Downloads\video-1421609768.mp4.mp4 2015-01-18 21:41 - 2015-01-18 21:41 - 00247739 _____ () C:\Users\Charly\Downloads\video-1421609768.mp4(1).mp4 2015-01-18 12:33 - 2015-01-18 12:33 - 00000000 ____D () C:\windows\Hewlett-Packard 2015-01-16 03:22 - 2015-01-16 03:22 - 00000197 _____ () C:\windows\system32\2015-01-16-02-22-30.004-AvastVBoxSVC.exe-168.log 2015-01-15 20:39 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxdav.sys 2015-01-15 03:34 - 2015-01-15 03:34 - 00000197 _____ () C:\windows\system32\2015-01-15-02-34-10.058-AvastVBoxSVC.exe-4068.log 2015-01-14 17:33 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\profsvc.dll 2015-01-14 17:33 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe 2015-01-14 17:33 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll 2015-01-14 17:33 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe 2015-01-14 17:33 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe 2015-01-14 17:33 - 2014-12-11 18:47 - 00052736 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe 2015-01-14 17:33 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\windows\system32\nlasvc.dll 2015-01-14 17:33 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncsi.dll 2015-01-14 17:33 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\windows\SysWOW64\nlaapi.dll 2015-01-14 17:32 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe 2015-01-14 17:32 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll 2015-01-14 17:32 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll 2015-01-13 13:52 - 2015-01-13 13:52 - 00000197 _____ () C:\windows\system32\2015-01-13-12-52-06.058-AvastVBoxSVC.exe-2148.log 2015-01-12 21:12 - 2015-01-12 21:12 - 00000197 _____ () C:\windows\system32\2015-01-12-20-12-30.041-AvastVBoxSVC.exe-3500.log 2015-01-09 19:29 - 2015-01-09 19:29 - 00000197 _____ () C:\windows\system32\2015-01-09-18-29-29.054-AvastVBoxSVC.exe-3500.log 2015-01-08 23:19 - 2015-01-08 23:19 - 00000197 _____ () C:\windows\system32\2015-01-08-22-19-02.027-AvastVBoxSVC.exe-3576.log 2015-01-07 19:00 - 2015-01-07 19:00 - 00000197 _____ () C:\windows\system32\2015-01-07-18-00-25.075-AvastVBoxSVC.exe-3132.log 2015-01-07 16:45 - 2015-01-07 16:45 - 00000197 _____ () C:\windows\system32\2015-01-07-15-45-35.011-AvastVBoxSVC.exe-2380.log 2015-01-06 10:53 - 2015-01-06 10:54 - 46637686 _____ () C:\Users\Charly\Downloads\Come Now Is The Time To Worship.avi 2015-01-05 14:59 - 2015-01-05 14:59 - 00000197 _____ () C:\windows\system32\2015-01-05-13-59-14.095-AvastVBoxSVC.exe-3328.log ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-03 12:26 - 2009-07-14 05:45 - 00028576 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-02-03 12:26 - 2009-07-14 05:45 - 00028576 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-02-03 12:18 - 2011-09-06 09:23 - 00000000 ____D () C:\Users\Charly 2015-02-03 12:14 - 2013-11-18 15:41 - 00001157 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2015-02-03 12:14 - 2013-11-18 15:41 - 00001145 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2015-02-03 12:14 - 2011-09-06 09:33 - 00001419 _____ () C:\Users\Charly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-02-03 12:00 - 2011-08-30 00:01 - 01226817 _____ () C:\windows\WindowsUpdate.log 2015-02-03 11:59 - 2011-10-15 13:32 - 00001120 _____ () C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1885151078-40185133-285767259-1000Core.job 2015-02-03 11:53 - 2011-09-06 19:16 - 00001110 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-02-03 11:52 - 2012-12-16 19:35 - 00004182 _____ () C:\windows\System32\Tasks\avast! Emergency Update 2015-02-03 11:51 - 2012-04-03 13:10 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job 2015-02-03 11:51 - 2011-10-15 13:32 - 00001142 _____ () C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1885151078-40185133-285767259-1000UA.job 2015-02-01 18:16 - 2012-01-31 16:00 - 00003938 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{0F102A3C-CB48-4F24-80C8-D0792A79F8D8} 2015-02-01 17:36 - 2014-03-14 09:32 - 00835584 ___SH () C:\Users\Charly\Desktop\Thumbs.db 2015-01-29 15:31 - 2011-08-30 00:43 - 00000000 ____D () C:\ProgramData\Sonic 2015-01-28 20:07 - 2012-04-03 13:10 - 00701616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe 2015-01-28 20:07 - 2012-04-03 13:10 - 00003822 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater 2015-01-28 20:07 - 2011-09-06 20:44 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-01-25 23:24 - 2014-12-31 15:47 - 00000000 ____D () C:\Users\Charly\Desktop\Auslandsjahr 2015-01-20 16:17 - 2013-11-18 15:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-01-20 13:53 - 2011-08-30 02:51 - 00699666 _____ () C:\windows\system32\perfh007.dat 2015-01-20 13:53 - 2011-08-30 02:51 - 00149774 _____ () C:\windows\system32\perfc007.dat 2015-01-20 13:53 - 2009-07-14 06:13 - 01620612 _____ () C:\windows\system32\PerfStringBackup.INI 2015-01-18 20:11 - 2014-12-24 00:09 - 00000000 ____D () C:\Users\Charly\Documents\Outlook-Dateien 2015-01-18 20:10 - 2014-12-20 11:21 - 00000000 ____D () C:\Users\Charly\Documents\SelfMV 2015-01-18 12:34 - 2012-12-16 22:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP 2015-01-18 12:33 - 2012-06-04 11:33 - 00000000 ____D () C:\Users\Charly\AppData\Roaming\HpUpdate 2015-01-18 10:56 - 2014-10-21 19:01 - 00002000 _____ () C:\Users\Public\Desktop\Samsung Kies (Lite).lnk 2015-01-16 14:36 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\system32\NDF 2015-01-16 03:19 - 2009-07-14 06:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT 2015-01-16 03:00 - 2011-09-25 07:51 - 00000000 ____D () C:\windows\System32\Tasks\Games 2015-01-15 03:13 - 2013-07-27 02:01 - 00000000 ____D () C:\windows\system32\MRT 2015-01-15 03:01 - 2011-09-06 19:12 - 113365784 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe 2015-01-06 04:36 - 2010-11-21 04:27 - 00298120 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe ==================== Files in the root of some directories ======= 2015-01-25 17:12 - 2015-01-25 17:12 - 0002086 _____ () C:\Users\Charly\AppData\Roaming\DAPXB 2015-02-01 17:18 - 2015-02-01 17:18 - 1482200 _____ (VenturesMPlayer) C:\Users\Charly\AppData\Roaming\DAPXB.exe 2015-01-25 17:12 - 2015-01-25 17:12 - 0001248 _____ () C:\Users\Charly\AppData\Roaming\OAMZ 2015-02-01 17:18 - 2015-02-01 17:18 - 1960408 _____ (VenturesMPlayer) C:\Users\Charly\AppData\Roaming\OAMZ.exe 2011-09-06 21:35 - 2014-02-05 12:02 - 0055296 _____ () C:\Users\Charly\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2011-12-13 09:54 - 2011-12-13 09:58 - 0000000 _____ () C:\Users\Charly\AppData\Local\{1EEE3C18-D95C-46E1-AAAF-BA19D1E4E698} 2014-10-12 16:25 - 2014-10-12 16:25 - 0000000 _____ () C:\Users\Charly\AppData\Local\{4699457A-6CBE-4B5A-9265-C55F6C7BFF53} 2012-06-04 11:31 - 2012-06-04 11:31 - 0000057 _____ () C:\ProgramData\Ament.ini 2012-02-26 20:47 - 2012-02-26 20:47 - 0000056 ____H () C:\ProgramData\ezsidmv.dat 2012-05-14 17:21 - 2012-05-14 17:21 - 0000004 __RSH () C:\ProgramData\sysqcl1129139270.dat Files to move or delete: ==================== C:\ProgramData\sysqcl1129139270.dat Some content of TEMP: ==================== C:\Users\Charly\AppData\Local\Temp\BackupSetup.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-01-15 23:09 ==================== End Of Log ============================ addition Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-02-2015 Ran by Charly at 2015-02-03 12:27:15 Running from C:\Users\Charly\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 9.22beta (HKLM-x32\...\7-Zip) (Version: - ) Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.296 - Adobe Systems Incorporated) Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated) Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated) Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.5.146 - Adobe Systems, Inc.) Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd) Avast Free Antivirus (HKLM-x32\...\avast) (Version: 10.0.2208 - AVAST Software) Bandicam (HKLM-x32\...\Bandicam) (Version: 2.0.3.674 - Bandisoft.com) Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version: - Bandisoft.com) Canon MG4100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG4100_series) (Version: - ) CCleaner (HKLM\...\CCleaner) (Version: 4.16 - Piriform) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Decouvertes 5 Sprachtrainer Kommunikation (HKLM-x32\...\{3D220981-ECF5-4DD6-AF2F-963580810B9E}) (Version: 1.00.000 - Klett) Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc) Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.) Dell MusicStage (HKLM-x32\...\{3255BC3F-32BA-41ED-93A0-B9AEB6CDD9E6}) (Version: 1.5.201.0 - Fingertapps) Dell PhotoStage (HKLM-x32\...\{E4335E82-17B3-460F-9E70-39D9BC269DB3}) (Version: 1.5.0.65 - ArcSoft) Dell Stage (HKLM-x32\...\{E2F57269-065E-4B19-8CDA-AB6C401FAF1A}) (Version: 1.7.209.0 - Fingertapps) Dell Stage Remote (HKLM-x32\...\{AF4D3C63-009B-4A17-B02E-D395065DD3F0}) (Version: 2.0.0.43 - ArcSoft) Dell Support Center (HKLM\...\PC-Doctor for Windows) (Version: 3.2.6032.102 - PC-Doctor, Inc.) Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1209.101.204 - ALPS ELECTRIC CO., LTD.) Dell VideoStage (HKLM-x32\...\InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}) (Version: 1.2.0.1712 - CyberLink Corp.) Dell VideoStage (x32 Version: 1.2.0.1712 - CyberLink Corp.) Hidden Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 2.00.44 - Creative Technology Ltd) Die*Sims™*3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.0.631 - Electronic Arts) DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden Facebook Video Calling 1.2.0.287 (HKLM-x32\...\{B92C5909-1D37-4C51-8397-A28BB28E5DC3}) (Version: 1.2.287 - Skype Limited) Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited) FirstClass® Client (HKLM-x32\...\{2869279D-7AE2-4A13-96B8-46078BA3F75B}) (Version: 11.0 (build 11.042) - Open Text Corporation.) Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden GutscheinRausch.de - AddOn für Firefox (HKLM-x32\...\{2B11BA9C-7F97-4C16-970F-1491FD77969B}_is1) (Version: 2.81 - GutscheinRausch.de) HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard) HP Officejet 6600 - Grundlegende Software für das Gerät (HKLM\...\{F58934BD-F483-43EB-B307-CFFD88B18455}) (Version: 28.0.1315.0 - Hewlett-Packard Co.) HP Officejet 6600 Hilfe (HKLM-x32\...\{2FA81482-5570-4CF0-9A10-D61D2F164916}) (Version: 140.0.2.2 - Hewlett Packard) HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.9572 - HP) HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard) HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP) IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6324.0 - IDT) Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2361 - Intel Corporation) Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{7CE8BE79-ABC3-4B2C-9543-28ED2B0A9EA8}) (Version: 1.0.0.0454 - Intel Corporation) Intel(R) PROSet/Wireless WiFi-Software (HKLM\...\{290D4DB2-F1B4-4B8E-918D-D71EF29A001B}) (Version: 14.00.1000 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation) Intel(R) WiDi (HKLM-x32\...\{25680C01-6753-4FE9-A891-7857F26457C1}) (Version: 2.1.35.0 - Intel Corporation) Intel(R) Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version: - ) Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle) Klett Lernsoftware Mathematik - Lambacher Schweizer (6. Lernjah (HKLM-x32\...\Klett Lernsoftware Mathematik - Lambacher Schwei~1FADBBB4_is1) (Version: - ) LEGO MINDSTORMS NXT - (Deutsch) Sprachenpaket (HKLM-x32\...\{611ED207-22E5-4543-B9D3-E73096759A4F}) (Version: 2.0.100.0 - The LEGO Group) LEGO MINDSTORMS NXT Driver for x64 (HKLM\...\{74E85F31-573F-45BF-8939-4D2BCDCC2083}) (Version: 1.17.770 - LEGO) LEGO MINDSTORMS NXT Migration Package (HKLM-x32\...\{6C1D47CC-682C-4673-8CA8-DEE659628599}) (Version: 1.2.8.0 - LEGO) LEGO MINDSTORMS NXT Software v2.0 (HKLM-x32\...\{CB263F8D-EF2D-4EB5-A368-A27056EE92D4}) (Version: 2.0.108.0 - LEGO) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.) Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Mozilla Firefox 35.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) MyFreeCodec (HKU\S-1-5-21-1885151078-40185133-285767259-1000\...\MyFreeCodec) (Version: - ) PC Inspector File Recovery (HKLM-x32\...\{0DD140D3-9563-481E-AA75-BA457CBDAEF2}) (Version: 4.0 - ) PhotoShowExpress (x32 Version: 2.0.063 - Sonic Solutions) Hidden Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.09.20 - Dell Inc.) RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.31.1025.2010 - Realtek) Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30126 - Realtek Semiconductor Corp.) Recuva (HKLM\...\Recuva) (Version: 1.42 - Piriform) Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation) Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.32.0 - Renesas Electronics Corporation) Hidden Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio) Roxio File Backup (Version: 1.3.2 - Roxio) Hidden Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.14044_17 - Samsung Electronics Co., Ltd.) Samsung Kies (x32 Version: 2.6.3.14044_17 - Samsung Electronics Co., Ltd.) Hidden SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.49.0 - SAMSUNG Electronics Co., Ltd.) Secunia PSI (3.0.0.6001) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.6001 - Secunia) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee) Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.) Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden Sprachtrainer Fonts (HKLM-x32\...\{FBCF2ED3-AFB5-475E-BF9A-30BEAD366FBC}) (Version: 1.00.01 - Ernst Klett Verlag GmbH) StreamTransport version: 1.1.0.2 (HKLM-x32\...\{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1) (Version: - ) Studie zur Verbesserung von HP Officejet 6600 Produkten (HKLM\...\{E1A11879-5771-4E52-BA2E-CD5DD65BF970}) (Version: 28.0.1315.0 - Hewlett-Packard Co.) swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Tippfix1_1 (HKLM-x32\...\{FEB690DE-045C-4FAF-A6A6-4DC7376E24EE}) (Version: 1.1.0.0 - ) UBitMenuDE (HKLM-x32\...\{CBCFD97D-FE82-43F4-A978-996CACF71E6B}_is1) (Version: 01.04 - UBit Schweiz AG) Unity Web Player (HKU\S-1-5-21-1885151078-40185133-285767259-1000\...\UnityWebPlayer) (Version: - Unity Technologies ApS) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation) Zinio Reader 4 (HKLM-x32\...\ZinioReader4) (Version: 4.2.4164 - Zinio LLC) Zinio Reader 4 (x32 Version: 4.2.4164 - Zinio LLC) Hidden Zoo Empire (HKLM-x32\...\InstallShield_{242BCCDC-B37B-4792-A52C-BCDDB1030AF9}) (Version: 1.00 - Enlight Software) Zoo Empire (x32 Version: 1.00 - Enlight Software) Hidden ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 17-11-2014 03:00:57 Windows Update 19-11-2014 03:00:26 Windows Update 25-11-2014 19:27:14 Windows Update 28-11-2014 22:28:29 Windows Update 02-12-2014 16:55:36 Windows Update 09-12-2014 22:30:09 Windows Update 11-12-2014 02:00:17 Windows Update 14-12-2014 03:00:28 Windows Update 14-12-2014 13:50:48 avast! antivirus system restore point 17-12-2014 17:37:38 Windows Update 21-12-2014 03:01:45 Windows Update 24-12-2014 03:00:43 Windows Update 27-12-2014 10:56:39 Windows Update 30-12-2014 17:01:02 Windows Update 06-01-2015 17:03:18 Windows Update 09-01-2015 19:52:07 Windows Update 14-01-2015 17:32:28 Windows Update 15-01-2015 03:00:41 Windows Update 16-01-2015 03:00:27 Windows Update 18-01-2015 12:33:17 Installed HP Update. 20-01-2015 17:56:42 Windows Update 27-01-2015 16:59:43 Windows Update 31-01-2015 16:49:54 Windows Update 01-02-2015 17:18:43 Uniblue DriverScanner installation ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {022E17CD-88B1-4993-ABC4-F1F5FE7830EA} - System32\Tasks\ProPCCleaner_Start => C:\Program Files (x86)\Pro PC Cleaner\ProPCCleaner.exe Task: {10F7DCF1-B638-49E9-B0B8-6ECF9A913871} - System32\Tasks\PCDEventLauncher => C:\Program Files\Dell Support Center\sessionchecker.exe [2012-11-30] (PC-Doctor, Inc.) Task: {16244C64-FD36-4C03-9392-85C21442DD2E} - System32\Tasks\{2DBD0BE9-228D-4709-B7A8-1ABAA66554A6} => pcalua.exe -a E:\eagle-win-5.11.0.exe -d E:\ Task: {17CFBAFA-3FB4-4D7A-B78E-7041A8E4DEF4} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated) Task: {2F2D47A7-15AC-4224-8728-335B1F0C7C88} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe Task: {34EEE8A7-8663-4555-B8A0-744CA61B99DA} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1885151078-40185133-285767259-1000UA => C:\Users\Charly\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.) Task: {36ED0340-B405-4899-8CED-CA555B1838A9} - System32\Tasks\HPCustParticipation HP Officejet 6600 => C:\Program Files\HP\HP Officejet 6600\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.) Task: {4B6E4C8D-7250-410B-AE2F-C3F5B21249B0} - System32\Tasks\{5923F9D2-C4DF-4E6C-A56C-9D44DF76E510} => pcalua.exe -a C:\Users\Charly\Desktop\SamsungDrucker20.07.2007.exe -d C:\Users\Charly\Desktop Task: {5676A1BC-7E68-45F5-8D15-07E5B34E6E68} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc Task: {5D95D023-633E-4F6F-B91B-3F98846784F5} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-12-14] (AVAST Software) Task: {617A462C-A873-4136-B366-36768448CA05} - System32\Tasks\Dealply => C:\Users\Charly\AppData\Roaming\Dealply\UPDATE~1\UPDATE~1.EXE <==== ATTENTION Task: {6E04475C-89FC-45BA-968B-F41A8D1E20CB} - System32\Tasks\OAMZ => C:\Users\Charly\AppData\Roaming\OAMZ.exe [2015-02-01] (VenturesMPlayer) <==== ATTENTION Task: {822E83A1-BB9F-441F-A31B-F9A9480A6959} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-28] (Adobe Systems Incorporated) Task: {904E9075-1CD3-4C14-94CA-1D4F9EE5E441} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1885151078-40185133-285767259-1000Core => C:\Users\Charly\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.) Task: {921F9CDB-11BC-414B-A1DF-2F4D9EA7B820} - System32\Tasks\{ABF30231-F573-4948-BCD9-15EF0CC86584} => Firefox.exe hxxp://ui.skype.com/ui/0/6.6.0.106/de/abandoninstall?page=tsPlugin Task: {9AF1EAF0-9AEB-4AAB-9B32-0E969F421431} - System32\Tasks\DAPXB => C:\Users\Charly\AppData\Roaming\DAPXB.exe [2015-02-01] (VenturesMPlayer) <==== ATTENTION Task: {AE68D4AF-AC25-460E-9B0A-7FBA5CA7E0AD} - System32\Tasks\{0FFF9BE5-FFF0-4B43-AFDC-640B7357C855} => pcalua.exe -a C:\Users\Charly\Downloads\Minecraft_Client-3.0.2\mcorg_client.exe -d C:\Users\Charly\Downloads\Minecraft_Client-3.0.2 Task: {B65E526A-65B1-4D14-B622-55761BF3AEE1} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-07-23] (Piriform Ltd) Task: {B8FAF197-98C0-43C3-995C-4072239AF8B7} - System32\Tasks\PCDoctorBackgroundMonitorTask-Delay => C:\Program Files\Dell Support Center\uaclauncher.exe [2012-11-30] (PC-Doctor, Inc.) Task: {C31044DD-9933-4D28-B935-AD99CF620707} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-23] (Google Inc.) Task: {CD1374FE-7841-41B4-9F36-2DFD393BAEF2} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell Support Center\uaclauncher.exe [2012-11-30] (PC-Doctor, Inc.) Task: {E7AAC0B9-A5B5-4B3F-ABAA-298F7E571035} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-23] (Google Inc.) Task: {EDCC8E3E-5DAD-46C1-81BF-AB4C18A8AAC0} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\windows\Tasks\DAPXB.job => C:\Users\Charly\AppData\Roaming\DAPXB.exe <==== ATTENTION Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1885151078-40185133-285767259-1000Core.job => C:\Users\Charly\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1885151078-40185133-285767259-1000UA.job => C:\Users\Charly\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\windows\Tasks\OAMZ.job => C:\Users\Charly\AppData\Roaming\OAMZ.exe <==== ATTENTION ==================== Loaded Modules (whitelisted) ============= 2010-12-17 19:53 - 2010-12-17 19:53 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll 2014-12-14 13:53 - 2014-12-14 13:53 - 00388208 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDDU.dll 2014-12-14 13:53 - 2014-12-14 13:53 - 05851328 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxRT.dll 2011-08-30 02:29 - 2011-04-10 19:40 - 00094208 _____ () C:\WINDOWS\System32\IccLibDll_x64.dll 2010-12-17 19:53 - 2010-12-17 19:53 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll 2010-11-17 16:35 - 2010-11-17 16:35 - 00514544 _____ () C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe 2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF 2015-01-15 11:40 - 2015-01-15 11:40 - 02910720 _____ () C:\Program Files\AVAST Software\Avast\defs\15011500\algo.dll 2014-12-14 13:53 - 2014-12-14 13:53 - 04495336 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\x86\VBoxRT-x86.dll 2015-01-16 07:30 - 2015-01-16 07:30 - 02910720 _____ () C:\Program Files\AVAST Software\Avast\defs\15011502\algo.dll 2015-02-03 11:54 - 2015-02-03 11:54 - 02913280 _____ () C:\Program Files\AVAST Software\Avast\defs\15020300\algo.dll 2014-10-22 02:59 - 2014-10-22 02:59 - 00169472 _____ () C:\windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\93182e9779b8be0f688fd0784df6d7fb\IsdiInterop.ni.dll 2011-08-30 00:08 - 2010-11-06 05:50 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll 2010-11-25 04:44 - 2010-11-25 04:44 - 00375280 _____ () c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll 2014-12-14 13:53 - 2014-12-14 13:53 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF 2012-09-23 19:43 - 2012-09-23 19:43 - 00313992 _____ () C:\Program Files (x86)\Adobe\Reader 11.0\Reader\sqlite.dll 2013-05-11 11:37 - 2013-05-11 11:37 - 14588632 _____ () C:\Program Files (x86)\Adobe\Reader 11.0\Reader\NPSWF32.dll 2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf 2015-01-27 18:29 - 2015-01-27 18:29 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ========================= Accounts: ========================== Administrator (S-1-5-21-1885151078-40185133-285767259-500 - Administrator - Disabled) Charly (S-1-5-21-1885151078-40185133-285767259-1000 - Administrator - Enabled) => C:\Users\Charly Gast (S-1-5-21-1885151078-40185133-285767259-501 - Limited - Disabled) => C:\Users\Gast HomeGroupUser$ (S-1-5-21-1885151078-40185133-285767259-1006 - Limited - Enabled) ==================== Faulty Device Manager Devices ============= Name: Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Adapter Description: Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Adapter Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974} Manufacturer: Intel Corporation Service: BTHUSB Problem: : Windows has stopped this device because it has reported problems. (Code 43) Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. ==================== Event log errors: ========================= Application errors: ================== Error: (02/03/2015 00:11:57 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: qrsvc.exe, Version: 1.10.0.8, Zeitstempel: 0x54c00034 Name des fehlerhaften Moduls: qrsvc.exe, Version: 1.10.0.8, Zeitstempel: 0x54c00034 Ausnahmecode: 0x40000015 Fehleroffset: 0x000250fc ID des fehlerhaften Prozesses: 0x87dc Startzeit der fehlerhaften Anwendung: 0xqrsvc.exe0 Pfad der fehlerhaften Anwendung: qrsvc.exe1 Pfad des fehlerhaften Moduls: qrsvc.exe2 Berichtskennung: qrsvc.exe3 Error: (02/03/2015 00:10:23 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 35.0.1.5500, Zeitstempel: 0x54c1f9f3 Name des fehlerhaften Moduls: mozalloc.dll, Version: 35.0.1.5500, Zeitstempel: 0x54c1f224 Ausnahmecode: 0x80000003 Fehleroffset: 0x00001425 ID des fehlerhaften Prozesses: 0x6074 Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0 Pfad der fehlerhaften Anwendung: plugin-container.exe1 Pfad des fehlerhaften Moduls: plugin-container.exe2 Berichtskennung: plugin-container.exe3 Error: (02/01/2015 05:17:48 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 35.0.0.5486, Zeitstempel: 0x54af7153 Name des fehlerhaften Moduls: mozalloc.dll, Version: 35.0.0.5486, Zeitstempel: 0x54af69d4 Ausnahmecode: 0x80000003 Fehleroffset: 0x00001425 ID des fehlerhaften Prozesses: 0x1e38 Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0 Pfad der fehlerhaften Anwendung: plugin-container.exe1 Pfad des fehlerhaften Moduls: plugin-container.exe2 Berichtskennung: plugin-container.exe3 Error: (02/01/2015 04:26:59 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567, Zeitstempel: 0x4d672ee4 Name des fehlerhaften Moduls: EXPLORERFRAME.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7c6a8 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000000000030a0d ID des fehlerhaften Prozesses: 0xafc Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0 Pfad der fehlerhaften Anwendung: Explorer.EXE1 Pfad des fehlerhaften Moduls: Explorer.EXE2 Berichtskennung: Explorer.EXE3 Error: (01/28/2015 09:30:31 AM) (Source: Google Update) (EventID: 20) (User: Charly-PC) Description: Network Request Error. Error: 0x80072ee7. Http status code: 0. Url=https://www.facebook.com/omaha/update.php Trying config: source=FireFox, direct connection. trying CUP:WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying CUP:iexplore. Send request returned 0x80004005. Http status code 0. Trying config: source=auto, wpad=1, script=. trying CUP:WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying CUP:iexplore. Send request returned 0x80004005. Http status code 0. Trying config: source=FireFox, direct connection. trying CUP:WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying CUP:iexplore. Send request returned 0x80004005. Http status code 0. Trying config: source=IE, wpad=1, script=. trying CUP:WinHTTP. Send request returned 0x Error: (01/24/2015 05:16:52 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: jusched.exe, Version: 2.1.67.1, Zeitstempel: 0x53d2a1f4 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000 ID des fehlerhaften Prozesses: 0x16e8 Startzeit der fehlerhaften Anwendung: 0xjusched.exe0 Pfad der fehlerhaften Anwendung: jusched.exe1 Pfad des fehlerhaften Moduls: jusched.exe2 Berichtskennung: jusched.exe3 Error: (01/24/2015 05:16:52 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: PSIA.exe, Version: 3.0.0.6001, Zeitstempel: 0x50b35946 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000 ID des fehlerhaften Prozesses: 0x910 Startzeit der fehlerhaften Anwendung: 0xPSIA.exe0 Pfad der fehlerhaften Anwendung: PSIA.exe1 Pfad des fehlerhaften Moduls: PSIA.exe2 Berichtskennung: PSIA.exe3 Error: (01/18/2015 00:40:56 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: ) Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - 1>Failed to compile: C:\Program Files (x86)\Samsung\Kies\Kies.exe . Error code = 0x80131f07 Error: (01/18/2015 00:40:56 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: ) Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - 1>Failed to compile: C:\Program Files (x86)\Samsung\Kies\Kies.exe . Error code = 0x80131f07 Error: (01/17/2015 10:18:38 PM) (Source: Google Update) (EventID: 20) (User: Charly-PC) Description: Network Request Error. Error: 0x80072ee7. Http status code: 0. Url=https://www.facebook.com/omaha/update.php Trying config: source=FireFox, direct connection. trying CUP:WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying CUP:iexplore. Send request returned 0x80004005. Http status code 0. Trying config: source=IE, wpad=1, script=. trying CUP:WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying CUP:iexplore. Send request returned 0x80004005. Http status code 0. Trying config: source=FireFox, direct connection. trying CUP:WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying CUP:iexplore. Send request returned 0x80004005. Http status code 0. Trying config: source=IE, wpad=1, script=. trying CUP:WinHTTP. Send request returned 0x80 System errors: ============= Error: (02/03/2015 11:50:31 AM) (Source: DCOM) (EventID: 10010) (User: ) Description: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623} Error: (02/01/2015 06:14:19 PM) (Source: bowser) (EventID: 8003) (User: ) Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "FINN-HP625-NB", der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{09DE0DEA-86DD-431D-AE9E-79C704B84016}-Transport zu sein scheint. Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen. Error: (02/01/2015 05:21:57 PM) (Source: bowser) (EventID: 8003) (User: ) Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "FINN-HP625-NB", der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{09DE0DEA-86DD-431D-AE9E-79C704B84016}-Transport zu sein scheint. Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen. Error: (02/01/2015 04:02:38 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623} Error: (01/30/2015 05:20:48 PM) (Source: bowser) (EventID: 8003) (User: ) Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "SMILEY", der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{09DE0DEA-86DD-431D-AE9E-79C704B84016}-Transport zu sein scheint. Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen. Error: (01/30/2015 05:10:47 PM) (Source: bowser) (EventID: 8003) (User: ) Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "SMILEY", der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{09DE0DEA-86DD-431D-AE9E-79C704B84016}-Transport zu sein scheint. Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen. Error: (01/30/2015 04:46:39 PM) (Source: bowser) (EventID: 8003) (User: ) Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "SMILEY", der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{09DE0DEA-86DD-431D-AE9E-79C704B84016}-Transport zu sein scheint. Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen. Error: (01/30/2015 04:40:33 PM) (Source: bowser) (EventID: 8003) (User: ) Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "SMILEY", der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{09DE0DEA-86DD-431D-AE9E-79C704B84016}-Transport zu sein scheint. Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen. Error: (01/30/2015 04:35:33 PM) (Source: bowser) (EventID: 8003) (User: ) Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "SMILEY", der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{09DE0DEA-86DD-431D-AE9E-79C704B84016}-Transport zu sein scheint. Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen. Error: (01/30/2015 02:55:39 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623} Microsoft Office Sessions: ========================= Error: (02/03/2015 00:11:57 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: qrsvc.exe1.10.0.854c00034qrsvc.exe1.10.0.854c0003440000015000250fc87dc01d03e3aa6bd6377C:\Program Files (x86)\QuickRef_1.10.0.8\Service\qrsvc.exeC:\Program Files (x86)\QuickRef_1.10.0.8\Service\qrsvc.exe7718d061-ab95-11e4-b89a-ac72893b3926 Error: (02/03/2015 00:10:23 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: plugin-container.exe35.0.1.550054c1f9f3mozalloc.dll35.0.1.550054c1f2248000000300001425607401d03e3cf29512daC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll3f03bbcc-ab95-11e4-b89a-ac72893b3926 Error: (02/01/2015 05:17:48 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: plugin-container.exe35.0.0.548654af7153mozalloc.dll35.0.0.548654af69d480000003000014251e3801d03e30209dda22C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dlldc86a1b9-aa2d-11e4-b89a-ac72893b3926 Error: (02/01/2015 04:26:59 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Explorer.EXE6.1.7601.175674d672ee4EXPLORERFRAME.dll6.1.7601.175144ce7c6a8c00000050000000000030a0dafc01d03191144f2bd1C:\windows\Explorer.EXEC:\windows\system32\EXPLORERFRAME.dllc31ae4ef-aa26-11e4-b89a-ac72893b3926 Error: (01/28/2015 09:30:31 AM) (Source: Google Update) (EventID: 20) (User: Charly-PC) Description: Network Request Error. Error: 0x80072ee7. Http status code: 0. Url=https://www.facebook.com/omaha/update.php Trying config: source=FireFox, direct connection. trying CUP:WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying CUP:iexplore. Send request returned 0x80004005. Http status code 0. Trying config: source=auto, wpad=1, script=. trying CUP:WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying CUP:iexplore. Send request returned 0x80004005. Http status code 0. Trying config: source=FireFox, direct connection. trying CUP:WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying CUP:iexplore. Send request returned 0x80004005. Http status code 0. Trying config: source=IE, wpad=1, script=. trying CUP:WinHTTP. Send request returned 0x Error: (01/24/2015 05:16:52 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: jusched.exe2.1.67.153d2a1f4unknown0.0.0.000000000c00000050000000016e801d031912790eda9C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeunknown6797352f-a3e4-11e4-b89a-ac72893b3926 Error: (01/24/2015 05:16:52 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: PSIA.exe3.0.0.600150b35946unknown0.0.0.000000000c00000050000000091001d03132dba64299C:\Program Files (x86)\Secunia\PSI\PSIA.exeunknown67970e1f-a3e4-11e4-b89a-ac72893b3926 Error: (01/18/2015 00:40:56 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: ) Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - 1>Failed to compile: C:\Program Files (x86)\Samsung\Kies\Kies.exe . Error code = 0x80131f07 C:\Program Files (x86)\Samsung\Kies\Kies.exe Error: (01/18/2015 00:40:56 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: ) Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - 1>Failed to compile: C:\Program Files (x86)\Samsung\Kies\Kies.exe . Error code = 0x80131f07 C:\Program Files (x86)\Samsung\Kies\Kies.exe Error: (01/17/2015 10:18:38 PM) (Source: Google Update) (EventID: 20) (User: Charly-PC) Description: Network Request Error. Error: 0x80072ee7. Http status code: 0. Url=https://www.facebook.com/omaha/update.php Trying config: source=FireFox, direct connection. trying CUP:WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying CUP:iexplore. Send request returned 0x80004005. Http status code 0. Trying config: source=IE, wpad=1, script=. trying CUP:WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying CUP:iexplore. Send request returned 0x80004005. Http status code 0. Trying config: source=FireFox, direct connection. trying CUP:WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying CUP:iexplore. Send request returned 0x80004005. Http status code 0. Trying config: source=IE, wpad=1, script=. trying CUP:WinHTTP. Send request returned 0x80 ==================== Memory info =========================== Processor: Intel(R) Core(TM) i3-2310M CPU @ 2.10GHz Percentage of memory in use: 54% Total physical RAM: 4003.17 MB Available physical RAM: 1837.61 MB Total Pagefile: 8004.53 MB Available Pagefile: 3725.26 MB Total Virtual: 8192 MB Available Virtual: 8191.84 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:451.01 GB) (Free:226.51 GB) NTFS Drive e: () (Removable) (Total:1.88 GB) (Free:0.03 GB) FAT ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: E4219F81) Partition 1: (Not Active) - (Size=100 MB) - (Type=DE) Partition 2: (Active) - (Size=14.6 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=451 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 1.9 GB) (Disk ID: 00000000) Partition: GPT Partition Type. ==================== End Of Log ============================ Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net Rootkit scan 2015-02-03 12:47:48 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST950042 rev.D005 465,76GB Running: Gmer-19357.exe; Driver: C:\Users\Charly\AppData\Local\Temp\kxdirpob.sys ---- Kernel code sections - GMER 2.1 ---- INITKDBG C:\windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 448 fffff80003609000 76 bytes [E4, 80, 91, 92, 80, 91, 93, ...] INITKDBG C:\windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 527 fffff8000360904f 65 bytes [3B, 96, 9C, 80, 91, 9C, 80, ...] ---- User code sections - GMER 2.1 ---- .text C:\Program Files\AVAST Software\Avast\avastui.exe[5772] C:\windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000076728791 8 bytes [31, C0, C2, 04, 00, 90, 90, ...] ---- Threads - GMER 2.1 ---- Thread [1532:1628] 0000000077972e65 Thread [1532:1632] 0000000077973e85 Thread [1532:1636] 0000000074c5f28e Thread [1532:1648] 0000000075797587 Thread [1532:1656] 00000000743d7390 Thread [1532:1660] 0000000074432240 Thread [1532:1688] 0000000074296780 Thread [1532:1692] 0000000074295c30 Thread [1532:1924] 0000000074c5f28e Thread [1532:1184] 000000007427e070 Thread [1532:1136] 000000007427e070 Thread [1532:1204] 000000007427e070 Thread [1532:1220] 000000007427e070 Thread [1532:1256] 000000007427e070 Thread [1532:1276] 000000007427f630 Thread [1532:1280] 000000007427f630 Thread [1532:1292] 000000007427e7d0 Thread [1532:1296] 00000000742ec860 Thread [1532:1316] 00000000742ead70 Thread [1532:1324] 00000000742eb2d0 Thread [1532:1272] 00000000742823a0 Thread [1532:1332] 00000000742823a0 Thread [1532:1356] 00000000742823a0 Thread [1532:1348] 00000000742823a0 Thread [1532:1444] 00000000742823a0 Thread [1532:1480] 00000000742820e0 Thread [1532:1476] 00000000731a1080 Thread [1532:1552] 00000000731714b0 Thread [1532:1620] 0000000074297700 Thread [1532:1616] 0000000074281830 Thread [1532:1600] 000000007719d864 Thread [1532:1612] 0000000074c5f28e Thread [1532:1604] 00000000729052c9 Thread [1532:1772] 00000000743085f0 Thread [1532:1980] 0000000074047740 Thread [1532:1132] 0000000074c5f28e Thread [1532:1188] 0000000074c5f28e Thread [1532:1596] 0000000074c5f28e Thread [1532:2020] 0000000074c5f28e Thread [1532:1428] 0000000074c5f28e Thread [1532:2052] 0000000074c5f28e Thread [1532:2088] 00000000725c8670 Thread [1532:2112] 0000000073f40480 Thread [1532:2116] 0000000074c5f28e Thread [1532:2124] 00000000744365e0 Thread [1532:2128] 0000000074439850 Thread [1532:2132] 0000000074c5f28e Thread [1532:2204] 0000000074c5f28e Thread [1532:2216] 000000007432bae0 Thread [1532:2220] 0000000074c5f28e Thread [1532:2224] 0000000074c5f28e Thread [1532:2252] 0000000074c5f28e Thread [1532:3496] 000000007719d864 Thread [1532:3640] 00000000730613b0 Thread [1532:4100] 0000000074c5f28e Thread [1532:33704] 0000000074c5f28e Thread [1532:24832] 0000000074c5f28e Thread [1532:23032] 00000000756e42ed Thread [1532:52372] 0000000077973e85 Thread [1532:35520] 0000000077973e85 Thread [1532:23048] 00000000733362ee Thread [1532:61168] 0000000074c5f28e Thread [1532:63404] 0000000074c5f28e Thread [1532:31876] 0000000077973e85 Thread [1532:61596] 0000000077973e85 Thread [1532:33844] 0000000077973e85 Thread [1532:54852] 0000000077973e85 Thread [1532:61692] 0000000077973e85 Thread [1532:48436] 0000000077973e85 Thread [1532:60268] 0000000077973e85 Thread [1532:61356] 0000000077973e85 Thread [1532:63004] 0000000074c5f28e Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [788:3080] 000007fefb7d2bf8 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [788:3096] 000007fef4464830 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [788:2168] 000007fef4464830 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [788:3460] 000007fef8cd5124 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [788:9080] 000007fef43e9d90 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [788:13108] 000007fef4464830 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [788:16612] 000007fef5c93a18 ---- Processes - GMER 2.1 ---- Process C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe (*** suspicious ***) @ C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [49656] (Windows SysTool Service/SysTool PasSame LIMITED)(2015-02-01 16:20:28) 0000000000aa0000 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{4E00D654-6C07-4CD6-AD65-2F147A85E4D4}\Connection@Name isatap.{A586EDF0-8AA4-4F91-AB3D-B3E7423BFA56} Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Bind \Device\{93158D43-A689-4E9D-BA9D-D4349620E5E8}?\Device\{4E00D654-6C07-4CD6-AD65-2F147A85E4D4}?\Device\{88E0244C-573D-4272-9F26-C6BFD1E3223E}?\Device\{9892A028-2D9C-478E-92F0-0DEF19FA44B1}? Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Route "{93158D43-A689-4E9D-BA9D-D4349620E5E8}"?"{4E00D654-6C07-4CD6-AD65-2F147A85E4D4}"?"{88E0244C-573D-4272-9F26-C6BFD1E3223E}"?"{9892A028-2D9C-478E-92F0-0DEF19FA44B1}"? Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Export \Device\TCPIP6TUNNEL_{93158D43-A689-4E9D-BA9D-D4349620E5E8}?\Device\TCPIP6TUNNEL_{4E00D654-6C07-4CD6-AD65-2F147A85E4D4}?\Device\TCPIP6TUNNEL_{88E0244C-573D-4272-9F26-C6BFD1E3223E}?\Device\TCPIP6TUNNEL_{9892A028-2D9C-478E-92F0-0DEF19FA44B1}? Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0015007f6c3b Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\ac72893b3926 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\ac72893b3926@a00798404576 0x37 0x92 0x84 0x40 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\ac72893b3926@001ddfcd0f8c 0x5B 0x9D 0x7D 0xD9 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\ac72893b3926@b85e7b25aa4c 0xBB 0x6D 0x19 0x35 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\bc7737048afc Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{4E00D654-6C07-4CD6-AD65-2F147A85E4D4}@InterfaceName isatap.{A586EDF0-8AA4-4F91-AB3D-B3E7423BFA56} Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{4E00D654-6C07-4CD6-AD65-2F147A85E4D4}@ReusableType 0 Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0015007f6c3b (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\ac72893b3926 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\ac72893b3926@a00798404576 0x37 0x92 0x84 0x40 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\ac72893b3926@001ddfcd0f8c 0x5B 0x9D 0x7D 0xD9 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\ac72893b3926@b85e7b25aa4c 0xBB 0x6D 0x19 0x35 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\bc7737048afc (not active ControlSet) ---- EOF - GMER 2.1 ---- |
03.02.2015, 13:10 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Windows 7: im neuen Tab öffnet sich omiga-plus.com Hi,
__________________Adware/Junkware/Toolbars entfernen (alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen auf den Desktop!) 1. Schritt: adwCleaner Downloade Dir bitte AdwCleaner auf deinen Desktop.
2. Schritt: JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
3. Schritt: Frisches Log mit FRST Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
03.02.2015, 13:56 | #3 |
| Windows 7: im neuen Tab öffnet sich omiga-plus.com Hi,
__________________danke für die schnelle Antwort! AdwCleaner Code:
ATTFilter # AdwCleaner v4.109 - Bericht erstellt am 03/02/2015 um 13:21:57 # Aktualisiert 24/01/2015 von Xplode # Database : 2015-02-02.1 [Live] # Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits) # Benutzername : Charly - CHARLY-PC # Gestartet von : C:\Users\Charly\Desktop\AdwCleaner_4.109.exe # Option : Löschen ***** [ Dienste ] ***** Dienst Gelöscht : WindowsMangerProtect ***** [ Dateien / Ordner ] ***** Ordner Gelöscht : C:\ProgramData\WindowsMangerProtect Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PepperZip Ordner Gelöscht : C:\Program Files (x86)\globalUpdate Ordner Gelöscht : C:\Users\Charly\AppData\Local\globalUpdate Ordner Gelöscht : C:\Users\Charly\AppData\Local\Pro_PC_Cleaner Ordner Gelöscht : C:\Users\Charly\Documents\ProPCCleaner Datei Gelöscht : C:\Users\Charly\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Startfenster.lnk Datei Gelöscht : C:\Users\Charly\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Startfenster.lnk Datei Gelöscht : C:\Users\Charly\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Startfenster.lnk Datei Gelöscht : C:\Users\Charly\AppData\Roaming\Mozilla\Firefox\Profiles\rl566buh.default\searchplugins\visualbee.xml ***** [ Tasks ] ***** Task Gelöscht : Dealply Task Gelöscht : LaunchSignup Task Gelöscht : ProPCCleaner_Start ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [faststartff@gmail.com] Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [fftoolbar2014@etech.com] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\driverscanner Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1 Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10 Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4 Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect Schlüssel Gelöscht : HKCU\Software\Mozilla\Extends Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{72D89EBF-0C5D-4190-91FD-398E45F1D007} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{065C1A21-97F8-45FB-A9F0-861B60FACEC8} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3204358F-5904-46A6-841F-D6B5BE3EF4E3} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3AE67737-0E3E-44AA-AA5E-46A68BF017FF} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3EE5B726-044A-48D2-AA7B-049BD9A0F62A} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{60FBBE03-57FF-49D8-B38E-053D3F489825} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6A5182F1-C0B8-42B8-96CC-7F329CD46913} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6C153418-8E4D-4FAF-AF27-5201E38463A7} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A26A2F05-AC4D-4A1E-9531-9125F7309B78} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CC5D6240-7DF0-435D-9B9B-F8586A99DE86} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F343045E-E20A-46E1-82D8-9962C43EFC9E} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FBB360DC-CB6C-4D6A-808A-2C773151BFFF} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FFD7DDAC-EC28-42A5-8D39-917B9078604B} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE} Daten Wiederhergestellt : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} Schlüssel Gelöscht : HKCU\Software\GlobalUpdate Schlüssel Gelöscht : HKCU\Software\Myfree Codec Schlüssel Gelöscht : HKCU\Software\OCS Schlüssel Gelöscht : HKCU\Software\StormWatchApp Schlüssel Gelöscht : HKCU\Software\ProPCCleanerLanguage Schlüssel Gelöscht : HKLM\SOFTWARE\GlobalUpdate Schlüssel Gelöscht : HKLM\SOFTWARE\Myfree Codec Schlüssel Gelöscht : HKLM\SOFTWARE\omiga-plusSoftware Schlüssel Gelöscht : HKLM\SOFTWARE\supWindowsMangerProtect Schlüssel Gelöscht : HKLM\SOFTWARE\Uniblue Schlüssel Gelöscht : HKLM\SOFTWARE\VBMZ Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local> ***** [ Browser ] ***** -\\ Internet Explorer v11.0.9600.17496 Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL] Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] -\\ Mozilla Firefox v35.0.1 (x86 de) [rl566buh.default\prefs.js] - Zeile gelöscht : user_pref("browser.newtab.url", "hxxp://isearch.omiga-plus.com/newtab/?type=nt&ts=1422807498&from=tugs&uid=ST9500420AS_5VJDGZW8XXXX5VJDGZW8"); [rl566buh.default\prefs.js] - Zeile gelöscht : user_pref("browser.search.searchengine.alias", "omiga-plus"); [rl566buh.default\prefs.js] - Zeile gelöscht : user_pref("browser.search.searchengine.iconURL", "hxxp://isearch.omiga-plus.com/favicon.ico"); [rl566buh.default\prefs.js] - Zeile gelöscht : user_pref("browser.search.searchengine.name", "omiga-plus"); [rl566buh.default\prefs.js] - Zeile gelöscht : user_pref("browser.search.searchengine.url", "hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1422807498&from=tugs&uid=ST9500420AS_5VJDGZW8XXXX5VJDGZW8&q={searchTerms}"); [rl566buh.default\prefs.js] - Zeile gelöscht : user_pref("browser.startup.homepage", "hxxp://isearch.omiga-plus.com/?type=hp&ts=1422807498&from=tugs&uid=ST9500420AS_5VJDGZW8XXXX5VJDGZW8"); [rl566buh.default\prefs.js] - Zeile gelöscht : user_pref("extensions.ffxtlbr@visualbee.com.install-event-fired", true); [rl566buh.default\prefs.js] - Zeile gelöscht : user_pref("extensions.visualbee.admin", false); [rl566buh.default\prefs.js] - Zeile gelöscht : user_pref("extensions.visualbee.aflt", "babsst"); [rl566buh.default\prefs.js] - Zeile gelöscht : user_pref("extensions.visualbee.appId", "{9C69AD01-2505-4FA3-BF08-38DCFB0BF6B3}"); [rl566buh.default\prefs.js] - Zeile gelöscht : user_pref("extensions.visualbee.autoRvrt", "false"); [rl566buh.default\prefs.js] - Zeile gelöscht : user_pref("extensions.visualbee.dfltLng", "en"); [rl566buh.default\prefs.js] - Zeile gelöscht : user_pref("extensions.visualbee.excTlbr", false); [rl566buh.default\prefs.js] - Zeile gelöscht : user_pref("extensions.visualbee.id", "b237ad23000000000000ac72893b3923"); [rl566buh.default\prefs.js] - Zeile gelöscht : user_pref("extensions.visualbee.instlDay", "15909"); [rl566buh.default\prefs.js] - Zeile gelöscht : user_pref("extensions.visualbee.instlRef", "sst"); [rl566buh.default\prefs.js] - Zeile gelöscht : user_pref("extensions.visualbee.newTab", false); [rl566buh.default\prefs.js] - Zeile gelöscht : user_pref("extensions.visualbee.prdct", "visualbee"); [rl566buh.default\prefs.js] - Zeile gelöscht : user_pref("extensions.visualbee.prtnrId", "visualbee"); [rl566buh.default\prefs.js] - Zeile gelöscht : user_pref("extensions.visualbee.rvrt", "false"); [rl566buh.default\prefs.js] - Zeile gelöscht : user_pref("extensions.visualbee.smplGrp", "none"); [rl566buh.default\prefs.js] - Zeile gelöscht : user_pref("extensions.visualbee.tlbrId", "vbeeyh"); [rl566buh.default\prefs.js] - Zeile gelöscht : user_pref("extensions.visualbee.tlbrSrchUrl", ""); [rl566buh.default\prefs.js] - Zeile gelöscht : user_pref("extensions.visualbee.vrsn", "1.8.9.1"); [rl566buh.default\prefs.js] - Zeile gelöscht : user_pref("extensions.visualbee.vrsnTs", "1.8.9.110:08:30"); [rl566buh.default\prefs.js] - Zeile gelöscht : user_pref("extensions.visualbee.vrsni", "1.8.9.1"); -\\ Google Chrome v [C:\Users\Charly\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://visualbee.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=B237AC72893B3923&affID=121377&tsp=4952 [C:\Users\Charly\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://visualbee.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=B237AC72893B3923&affID=121377&tsp=4952 ************************* AdwCleaner[R0].txt - [16022 octets] - [03/02/2015 13:16:27] AdwCleaner[S0].txt - [14710 octets] - [03/02/2015 13:21:57] ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [14771 octets] ########## Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.4.2 (02.02.2015:1) OS: Windows 7 Home Premium x64 Ran by Charly on 03.02.2015 at 13:41:01,51 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders Failed to delete: [Folder] "C:\ProgramData\pcdr" Successfully deleted: [Folder] "C:\Users\Charly\AppData\Roaming\pcdr" Successfully deleted: [Folder] "C:\Program Files (x86)\myfree codec" ~~~ FireFox Successfully deleted the following from C:\Users\Charly\AppData\Roaming\mozilla\firefox\profiles\rl566buh.default\prefs.js user_pref("browser.search.searchengine.desc", "this is my first firefox searchEngine"); user_pref("browser.search.searchengine.ptid", "tugs"); user_pref("browser.search.searchengine.uid", "ST9500420AS_5VJDGZW8XXXX5VJDGZW8"); Emptied folder: C:\Users\Charly\AppData\Roaming\mozilla\firefox\profiles\rl566buh.default\minidumps [52 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 03.02.2015 at 13:47:23,22 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2015 Ran by Charly (administrator) on CHARLY-PC on 03-02-2015 13:50:03 Running from C:\Users\Charly\Desktop Loaded Profiles: Charly (Available profiles: Charly & Gast) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Microsoft Corporation) C:\WINDOWS\System32\wlanext.exe (Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Intel Corporation) C:\WINDOWS\System32\hkcmd.exe (Intel Corporation) C:\WINDOWS\System32\igfxpers.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe (Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE (Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) C:\WINDOWS\System32\StikyNot.exe (Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe (Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe () C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngtool.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe (Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\ng\mftutil.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [525312 2011-01-25] (IDT, Inc.) HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [609144 2011-04-13] (Alps Electric Co., Ltd.) HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [3666800 2011-01-22] (Dell Inc.) HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1933584 2010-12-17] (Intel(R) Corporation) HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp HKLM\...\Run: [Stage Remote] => C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe -Quiet HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch HKLM\...\Run: [DellStage] => C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe [2195824 2012-02-01] () HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [503942 2011-04-13] (Creative Technology Ltd) HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-06] (Intel Corporation) HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation) HKLM-x32\...\Run: [RoxWatchTray] => c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions) HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation) HKLM-x32\...\Run: [Desktop Disc Tool] => c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] () HKLM-x32\...\Run: [AccuWeatherWidget] => C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe [968048 2012-02-01] () HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-02-01] (AVAST Software) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation) HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2015-01-14] (Samsung Electronics Co., Ltd.) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) HKLM-x32\...\Run: [] => [X] Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-1885151078-40185133-285767259-1000\...\Run: [Facebook Update] => C:\Users\Charly\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-12] (Facebook Inc.) HKU\S-1-5-21-1885151078-40185133-285767259-1000\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2014-10-14] (Microsoft Corporation) HKU\S-1-5-21-1885151078-40185133-285767259-1000\...\Run: [HP Officejet 6600 (NET)] => C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.) HKU\S-1-5-21-1885151078-40185133-285767259-1000\...\Run: [RESTART_STICKY_NOTES] => C:\WINDOWS\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation) HKU\S-1-5-21-1885151078-40185133-285767259-1000\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1565504 2015-01-14] (Samsung) HKU\S-1-5-21-1885151078-40185133-285767259-1000\...\Policies\system: [LogonHoursAction] 2 HKU\S-1-5-21-1885151078-40185133-285767259-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia) Startup: C:\Users\Charly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com SearchScopes: HKLM -> {2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox SearchScopes: HKLM-x32 -> {2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1885151078-40185133-285767259-1000 -> {2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} URL = BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File DPF: HKLM-x32 {6C269571-C6D7-4818-BCA4-32A035E8C884} hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15118/CTPID.cab Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 172.29.11.1 FireFox: ======== FF ProfilePath: C:\Users\Charly\AppData\Roaming\Mozilla\Firefox\Profiles\rl566buh.default FF NetworkProxy: "backup.ftp", "172.27.10.1" FF NetworkProxy: "backup.ftp_port", 8080 FF NetworkProxy: "backup.socks", "172.27.10.1" FF NetworkProxy: "backup.socks_port", 8080 FF NetworkProxy: "backup.ssl", "172.27.10.1" FF NetworkProxy: "backup.ssl_port", 8080 FF NetworkProxy: "ftp", "172.27.10.1" FF NetworkProxy: "ftp_port", 8080 FF NetworkProxy: "http", "172.27.10.1" FF NetworkProxy: "http_port", 8080 FF NetworkProxy: "share_proxy_settings", true FF NetworkProxy: "socks", "172.27.10.1" FF NetworkProxy: "socks_port", 8080 FF NetworkProxy: "ssl", "172.27.10.1" FF NetworkProxy: "ssl_port", 8080 FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll () FF Plugin: @java.com/DTPlugin,version=1.6.0_41 -> C:\windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1205146.dll (Adobe Systems, Inc.) FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-1885151078-40185133-285767259-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Charly\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF Plugin HKU\S-1-5-21-1885151078-40185133-285767259-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Charly\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF SearchPlugin: C:\Users\Charly\AppData\Roaming\Mozilla\Firefox\Profiles\rl566buh.default\searchplugins\duckduckgo.xml FF SearchPlugin: C:\Users\Charly\AppData\Roaming\Mozilla\Firefox\Profiles\rl566buh.default\searchplugins\dudende-suche.xml FF SearchPlugin: C:\Users\Charly\AppData\Roaming\Mozilla\Firefox\Profiles\rl566buh.default\searchplugins\ixquick-ssl.xml FF SearchPlugin: C:\Users\Charly\AppData\Roaming\Mozilla\Firefox\Profiles\rl566buh.default\searchplugins\leo-deu-fra.xml FF SearchPlugin: C:\Users\Charly\AppData\Roaming\Mozilla\Firefox\Profiles\rl566buh.default\searchplugins\openthesaurus.xml FF SearchPlugin: C:\Users\Charly\AppData\Roaming\Mozilla\Firefox\Profiles\rl566buh.default\searchplugins\ponscom--franzsisch--deutsch.xml FF SearchPlugin: C:\Users\Charly\AppData\Roaming\Mozilla\Firefox\Profiles\rl566buh.default\searchplugins\wettercom.xml FF Extension: Web Developer - C:\Users\Charly\AppData\Roaming\Mozilla\Firefox\Profiles\rl566buh.default\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2014-11-16] FF Extension: Adblock Plus - C:\Users\Charly\AppData\Roaming\Mozilla\Firefox\Profiles\rl566buh.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-09-06] FF Extension: Tab Mix Plus - C:\Users\Charly\AppData\Roaming\Mozilla\Firefox\Profiles\rl566buh.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2011-09-06] FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCore FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-12-16] FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK FF HKU\S-1-5-21-1885151078-40185133-285767259-1000\...\Firefox\Extensions: [mail@gutscheinrausch.de] - C:\Users\Charly\AppData\Roaming\Mozilla\Firefox\Profiles\rl566buh.default\extensions\mail@gutscheinrausch.de Chrome: ======= CHR Profile: C:\Users\Charly\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Docs) - C:\Users\Charly\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-03-20] CHR Extension: (Google Drive) - C:\Users\Charly\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-03-20] CHR Extension: (YouTube) - C:\Users\Charly\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-03-20] CHR Extension: (Google-Suche) - C:\Users\Charly\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-03-20] CHR Extension: (Google Mail) - C:\Users\Charly\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-03-20] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-14] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-14] (AVAST Software) R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-12-14] (Avast Software) R2 Bluetooth Device Monitor; C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [897088 2010-11-03] (Intel Corporation) [File not signed] R3 Bluetooth Media Service; C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [1298496 2010-11-03] (Intel Corporation) [File not signed] S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed] S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-12-17] () R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1225312 2012-11-26] (Secunia) R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [659040 2012-11-26] (Secunia) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-12-14] () R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [22600 2013-03-07] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-12-14] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-12-14] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-12-14] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-12-14] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-12-14] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-12-14] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-12-14] () R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2014-12-14] (Avast Software) S1 qrnfd_1_10_0_8; system32\drivers\qrnfd_1_10_0_8.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-03 13:47 - 2015-02-03 13:47 - 00001306 _____ () C:\Users\Charly\Desktop\JRT.txt 2015-02-03 13:39 - 2015-02-03 13:39 - 01388274 _____ (Thisisu) C:\Users\Charly\Desktop\JRT.exe 2015-02-03 13:33 - 2015-02-03 13:33 - 644974565 _____ () C:\windows\MEMORY.DMP 2015-02-03 13:33 - 2015-02-03 13:33 - 00472976 _____ () C:\windows\Minidump\020315-26956-01.dmp 2015-02-03 13:33 - 2015-02-03 13:33 - 00005990 _____ () C:\windows\PFRO.log 2015-02-03 13:33 - 2015-02-03 13:33 - 00000056 _____ () C:\windows\setupact.log 2015-02-03 13:33 - 2015-02-03 13:33 - 00000000 _____ () C:\windows\setuperr.log 2015-02-03 13:21 - 2015-02-03 13:22 - 00014880 _____ () C:\Users\Charly\Desktop\AdwCleaner[S0].txt 2015-02-03 13:16 - 2015-02-03 13:39 - 00000000 ____D () C:\AdwCleaner 2015-02-03 13:15 - 2015-02-03 13:15 - 02194432 _____ () C:\Users\Charly\Desktop\AdwCleaner_4.109.exe 2015-02-03 12:47 - 2015-02-03 12:47 - 00027016 _____ () C:\Users\Charly\Desktop\Gmer.log 2015-02-03 12:33 - 2015-02-03 12:33 - 00380416 _____ () C:\Users\Charly\Desktop\Gmer-19357.exe 2015-02-03 12:25 - 2015-02-03 12:27 - 00039289 _____ () C:\Users\Charly\Desktop\Addition.txt 2015-02-03 12:24 - 2015-02-03 13:50 - 00021943 _____ () C:\Users\Charly\Desktop\FRST.txt 2015-02-03 12:23 - 2015-02-03 13:50 - 00000000 ____D () C:\FRST 2015-02-03 12:21 - 2015-02-03 12:22 - 02131456 _____ (Farbar) C:\Users\Charly\Desktop\FRST64.exe 2015-02-03 12:18 - 2015-02-03 12:18 - 00000474 _____ () C:\Users\Charly\Desktop\defogger_disable.log 2015-02-03 12:18 - 2015-02-03 12:18 - 00000000 _____ () C:\Users\Charly\defogger_reenable 2015-02-03 12:07 - 2015-02-03 12:07 - 00050477 _____ () C:\Users\Charly\Desktop\Defogger.exe 2015-02-01 17:18 - 2015-02-03 13:34 - 00001340 _____ () C:\windows\Tasks\DAPXB.job 2015-02-01 17:18 - 2015-02-03 13:34 - 00001338 _____ () C:\windows\Tasks\OAMZ.job 2015-02-01 17:18 - 2015-02-01 17:19 - 00004370 _____ () C:\windows\System32\Tasks\DAPXB 2015-02-01 17:18 - 2015-02-01 17:18 - 01960408 _____ (VenturesMPlayer) C:\Users\Charly\AppData\Roaming\OAMZ.exe 2015-02-01 17:18 - 2015-02-01 17:18 - 01482200 _____ (VenturesMPlayer) C:\Users\Charly\AppData\Roaming\DAPXB.exe 2015-02-01 17:18 - 2015-02-01 17:18 - 00004368 _____ () C:\windows\System32\Tasks\OAMZ 2015-01-27 20:20 - 2015-01-27 20:20 - 19029752 _____ () C:\Users\Charly\Downloads\Anhänge_2015127.zip 2015-01-27 18:29 - 2015-01-27 18:29 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-01-25 17:12 - 2015-01-25 17:12 - 00002086 _____ () C:\Users\Charly\AppData\Roaming\DAPXB 2015-01-25 17:12 - 2015-01-25 17:12 - 00001248 _____ () C:\Users\Charly\AppData\Roaming\OAMZ 2015-01-20 00:46 - 2015-01-20 00:47 - 00000000 ____D () C:\Users\Charly\Desktop\Neuer Ordner 2015-01-18 21:41 - 2015-01-18 21:41 - 00247739 _____ () C:\Users\Charly\Downloads\video-1421609768.mp4.mp4 2015-01-18 21:41 - 2015-01-18 21:41 - 00247739 _____ () C:\Users\Charly\Downloads\video-1421609768.mp4(1).mp4 2015-01-18 12:33 - 2015-01-18 12:33 - 00000000 ____D () C:\windows\Hewlett-Packard 2015-01-16 03:22 - 2015-01-16 03:22 - 00000197 _____ () C:\windows\system32\2015-01-16-02-22-30.004-AvastVBoxSVC.exe-168.log 2015-01-15 20:39 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxdav.sys 2015-01-15 03:34 - 2015-01-15 03:34 - 00000197 _____ () C:\windows\system32\2015-01-15-02-34-10.058-AvastVBoxSVC.exe-4068.log 2015-01-14 17:33 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\profsvc.dll 2015-01-14 17:33 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe 2015-01-14 17:33 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll 2015-01-14 17:33 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe 2015-01-14 17:33 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe 2015-01-14 17:33 - 2014-12-11 18:47 - 00052736 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe 2015-01-14 17:33 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\windows\system32\nlasvc.dll 2015-01-14 17:33 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncsi.dll 2015-01-14 17:33 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\windows\SysWOW64\nlaapi.dll 2015-01-14 17:32 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe 2015-01-14 17:32 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll 2015-01-14 17:32 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll 2015-01-13 13:52 - 2015-01-13 13:52 - 00000197 _____ () C:\windows\system32\2015-01-13-12-52-06.058-AvastVBoxSVC.exe-2148.log 2015-01-12 21:12 - 2015-01-12 21:12 - 00000197 _____ () C:\windows\system32\2015-01-12-20-12-30.041-AvastVBoxSVC.exe-3500.log 2015-01-09 19:29 - 2015-01-09 19:29 - 00000197 _____ () C:\windows\system32\2015-01-09-18-29-29.054-AvastVBoxSVC.exe-3500.log 2015-01-08 23:19 - 2015-01-08 23:19 - 00000197 _____ () C:\windows\system32\2015-01-08-22-19-02.027-AvastVBoxSVC.exe-3576.log 2015-01-07 19:00 - 2015-01-07 19:00 - 00000197 _____ () C:\windows\system32\2015-01-07-18-00-25.075-AvastVBoxSVC.exe-3132.log 2015-01-07 16:45 - 2015-01-07 16:45 - 00000197 _____ () C:\windows\system32\2015-01-07-15-45-35.011-AvastVBoxSVC.exe-2380.log 2015-01-06 10:53 - 2015-01-06 10:54 - 46637686 _____ () C:\Users\Charly\Downloads\Come Now Is The Time To Worship.avi 2015-01-05 14:59 - 2015-01-05 14:59 - 00000197 _____ () C:\windows\system32\2015-01-05-13-59-14.095-AvastVBoxSVC.exe-3328.log ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-03 13:49 - 2012-04-03 13:10 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job 2015-02-03 13:47 - 2011-09-06 19:16 - 00001110 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-02-03 13:44 - 2012-01-31 16:00 - 00003938 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{0F102A3C-CB48-4F24-80C8-D0792A79F8D8} 2015-02-03 13:43 - 2009-07-14 05:45 - 00028576 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-02-03 13:43 - 2009-07-14 05:45 - 00028576 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-02-03 13:42 - 2011-09-16 15:49 - 00000000 ____D () C:\ProgramData\PCDr 2015-02-03 13:41 - 2011-08-30 00:01 - 01255498 _____ () C:\windows\WindowsUpdate.log 2015-02-03 13:40 - 2011-08-30 02:51 - 00699666 _____ () C:\windows\system32\perfh007.dat 2015-02-03 13:40 - 2011-08-30 02:51 - 00149774 _____ () C:\windows\system32\perfc007.dat 2015-02-03 13:40 - 2009-07-14 06:13 - 01620612 _____ () C:\windows\system32\PerfStringBackup.INI 2015-02-03 13:36 - 2011-08-30 00:43 - 00000000 ____D () C:\ProgramData\Sonic 2015-02-03 13:33 - 2013-11-18 15:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-02-03 13:33 - 2011-12-08 17:57 - 00000000 ____D () C:\windows\Minidump 2015-02-03 13:33 - 2009-07-14 06:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT 2015-02-03 12:18 - 2011-09-06 09:23 - 00000000 ____D () C:\Users\Charly 2015-02-03 12:14 - 2013-11-18 15:41 - 00001157 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2015-02-03 12:14 - 2013-11-18 15:41 - 00001145 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2015-02-03 12:14 - 2011-09-06 09:33 - 00001419 _____ () C:\Users\Charly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-02-03 11:59 - 2011-10-15 13:32 - 00001120 _____ () C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1885151078-40185133-285767259-1000Core.job 2015-02-03 11:52 - 2012-12-16 19:35 - 00004182 _____ () C:\windows\System32\Tasks\avast! Emergency Update 2015-02-03 11:51 - 2011-10-15 13:32 - 00001142 _____ () C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1885151078-40185133-285767259-1000UA.job 2015-02-01 17:36 - 2014-03-14 09:32 - 00835584 ___SH () C:\Users\Charly\Desktop\Thumbs.db 2015-01-28 20:07 - 2012-04-03 13:10 - 00701616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe 2015-01-28 20:07 - 2012-04-03 13:10 - 00003822 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater 2015-01-28 20:07 - 2011-09-06 20:44 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-01-25 23:24 - 2014-12-31 15:47 - 00000000 ____D () C:\Users\Charly\Desktop\Auslandsjahr 2015-01-18 20:11 - 2014-12-24 00:09 - 00000000 ____D () C:\Users\Charly\Documents\Outlook-Dateien 2015-01-18 20:10 - 2014-12-20 11:21 - 00000000 ____D () C:\Users\Charly\Documents\SelfMV 2015-01-18 12:34 - 2012-12-16 22:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP 2015-01-18 12:33 - 2012-06-04 11:33 - 00000000 ____D () C:\Users\Charly\AppData\Roaming\HpUpdate 2015-01-18 10:56 - 2014-10-21 19:01 - 00002000 _____ () C:\Users\Public\Desktop\Samsung Kies (Lite).lnk 2015-01-16 14:36 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\system32\NDF 2015-01-16 03:00 - 2011-09-25 07:51 - 00000000 ____D () C:\windows\System32\Tasks\Games 2015-01-15 03:13 - 2013-07-27 02:01 - 00000000 ____D () C:\windows\system32\MRT 2015-01-15 03:01 - 2011-09-06 19:12 - 113365784 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe 2015-01-06 04:36 - 2010-11-21 04:27 - 00298120 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe ==================== Files in the root of some directories ======= 2015-01-25 17:12 - 2015-01-25 17:12 - 0002086 _____ () C:\Users\Charly\AppData\Roaming\DAPXB 2015-02-01 17:18 - 2015-02-01 17:18 - 1482200 _____ (VenturesMPlayer) C:\Users\Charly\AppData\Roaming\DAPXB.exe 2015-01-25 17:12 - 2015-01-25 17:12 - 0001248 _____ () C:\Users\Charly\AppData\Roaming\OAMZ 2015-02-01 17:18 - 2015-02-01 17:18 - 1960408 _____ (VenturesMPlayer) C:\Users\Charly\AppData\Roaming\OAMZ.exe 2011-09-06 21:35 - 2014-02-05 12:02 - 0055296 _____ () C:\Users\Charly\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2011-12-13 09:54 - 2011-12-13 09:58 - 0000000 _____ () C:\Users\Charly\AppData\Local\{1EEE3C18-D95C-46E1-AAAF-BA19D1E4E698} 2014-10-12 16:25 - 2014-10-12 16:25 - 0000000 _____ () C:\Users\Charly\AppData\Local\{4699457A-6CBE-4B5A-9265-C55F6C7BFF53} 2012-06-04 11:31 - 2012-06-04 11:31 - 0000057 _____ () C:\ProgramData\Ament.ini 2012-02-26 20:47 - 2012-02-26 20:47 - 0000056 ____H () C:\ProgramData\ezsidmv.dat 2012-05-14 17:21 - 2012-05-14 17:21 - 0000004 __RSH () C:\ProgramData\sysqcl1129139270.dat Files to move or delete: ==================== C:\ProgramData\sysqcl1129139270.dat Some content of TEMP: ==================== C:\Users\Charly\AppData\Local\Temp\BackupSetup.exe C:\Users\Charly\AppData\Local\Temp\Quarantine.exe C:\Users\Charly\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-01-15 23:09 ==================== End Of Log ============================ Addition Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-02-2015 Ran by Charly at 2015-02-03 13:50:42 Running from C:\Users\Charly\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 9.22beta (HKLM-x32\...\7-Zip) (Version: - ) Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.296 - Adobe Systems Incorporated) Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated) Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated) Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.5.146 - Adobe Systems, Inc.) Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd) Avast Free Antivirus (HKLM-x32\...\avast) (Version: 10.0.2208 - AVAST Software) Bandicam (HKLM-x32\...\Bandicam) (Version: 2.0.3.674 - Bandisoft.com) Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version: - Bandisoft.com) Canon MG4100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG4100_series) (Version: - ) CCleaner (HKLM\...\CCleaner) (Version: 4.16 - Piriform) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Decouvertes 5 Sprachtrainer Kommunikation (HKLM-x32\...\{3D220981-ECF5-4DD6-AF2F-963580810B9E}) (Version: 1.00.000 - Klett) Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc) Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.) Dell MusicStage (HKLM-x32\...\{3255BC3F-32BA-41ED-93A0-B9AEB6CDD9E6}) (Version: 1.5.201.0 - Fingertapps) Dell PhotoStage (HKLM-x32\...\{E4335E82-17B3-460F-9E70-39D9BC269DB3}) (Version: 1.5.0.65 - ArcSoft) Dell Stage (HKLM-x32\...\{E2F57269-065E-4B19-8CDA-AB6C401FAF1A}) (Version: 1.7.209.0 - Fingertapps) Dell Stage Remote (HKLM-x32\...\{AF4D3C63-009B-4A17-B02E-D395065DD3F0}) (Version: 2.0.0.43 - ArcSoft) Dell Support Center (HKLM\...\PC-Doctor for Windows) (Version: 3.2.6032.102 - PC-Doctor, Inc.) Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1209.101.204 - ALPS ELECTRIC CO., LTD.) Dell VideoStage (HKLM-x32\...\InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}) (Version: 1.2.0.1712 - CyberLink Corp.) Dell VideoStage (x32 Version: 1.2.0.1712 - CyberLink Corp.) Hidden Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 2.00.44 - Creative Technology Ltd) Die*Sims™*3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.0.631 - Electronic Arts) DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden Facebook Video Calling 1.2.0.287 (HKLM-x32\...\{B92C5909-1D37-4C51-8397-A28BB28E5DC3}) (Version: 1.2.287 - Skype Limited) Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited) FirstClass® Client (HKLM-x32\...\{2869279D-7AE2-4A13-96B8-46078BA3F75B}) (Version: 11.0 (build 11.042) - Open Text Corporation.) Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden GutscheinRausch.de - AddOn für Firefox (HKLM-x32\...\{2B11BA9C-7F97-4C16-970F-1491FD77969B}_is1) (Version: 2.81 - GutscheinRausch.de) HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard) HP Officejet 6600 - Grundlegende Software für das Gerät (HKLM\...\{F58934BD-F483-43EB-B307-CFFD88B18455}) (Version: 28.0.1315.0 - Hewlett-Packard Co.) HP Officejet 6600 Hilfe (HKLM-x32\...\{2FA81482-5570-4CF0-9A10-D61D2F164916}) (Version: 140.0.2.2 - Hewlett Packard) HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.9572 - HP) HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard) HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP) IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6324.0 - IDT) Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2361 - Intel Corporation) Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{7CE8BE79-ABC3-4B2C-9543-28ED2B0A9EA8}) (Version: 1.0.0.0454 - Intel Corporation) Intel(R) PROSet/Wireless WiFi-Software (HKLM\...\{290D4DB2-F1B4-4B8E-918D-D71EF29A001B}) (Version: 14.00.1000 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation) Intel(R) WiDi (HKLM-x32\...\{25680C01-6753-4FE9-A891-7857F26457C1}) (Version: 2.1.35.0 - Intel Corporation) Intel(R) Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version: - ) Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle) Klett Lernsoftware Mathematik - Lambacher Schweizer (6. Lernjah (HKLM-x32\...\Klett Lernsoftware Mathematik - Lambacher Schwei~1FADBBB4_is1) (Version: - ) LEGO MINDSTORMS NXT - (Deutsch) Sprachenpaket (HKLM-x32\...\{611ED207-22E5-4543-B9D3-E73096759A4F}) (Version: 2.0.100.0 - The LEGO Group) LEGO MINDSTORMS NXT Driver for x64 (HKLM\...\{74E85F31-573F-45BF-8939-4D2BCDCC2083}) (Version: 1.17.770 - LEGO) LEGO MINDSTORMS NXT Migration Package (HKLM-x32\...\{6C1D47CC-682C-4673-8CA8-DEE659628599}) (Version: 1.2.8.0 - LEGO) LEGO MINDSTORMS NXT Software v2.0 (HKLM-x32\...\{CB263F8D-EF2D-4EB5-A368-A27056EE92D4}) (Version: 2.0.108.0 - LEGO) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.) Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Mozilla Firefox 35.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) MyFreeCodec (HKU\S-1-5-21-1885151078-40185133-285767259-1000\...\MyFreeCodec) (Version: - ) PC Inspector File Recovery (HKLM-x32\...\{0DD140D3-9563-481E-AA75-BA457CBDAEF2}) (Version: 4.0 - ) PhotoShowExpress (x32 Version: 2.0.063 - Sonic Solutions) Hidden Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.09.20 - Dell Inc.) RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.31.1025.2010 - Realtek) Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30126 - Realtek Semiconductor Corp.) Recuva (HKLM\...\Recuva) (Version: 1.42 - Piriform) Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation) Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.32.0 - Renesas Electronics Corporation) Hidden Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio) Roxio File Backup (Version: 1.3.2 - Roxio) Hidden Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.14044_17 - Samsung Electronics Co., Ltd.) Samsung Kies (x32 Version: 2.6.3.14044_17 - Samsung Electronics Co., Ltd.) Hidden SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.49.0 - SAMSUNG Electronics Co., Ltd.) Secunia PSI (3.0.0.6001) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.6001 - Secunia) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee) Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.) Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden Sprachtrainer Fonts (HKLM-x32\...\{FBCF2ED3-AFB5-475E-BF9A-30BEAD366FBC}) (Version: 1.00.01 - Ernst Klett Verlag GmbH) StreamTransport version: 1.1.0.2 (HKLM-x32\...\{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1) (Version: - ) Studie zur Verbesserung von HP Officejet 6600 Produkten (HKLM\...\{E1A11879-5771-4E52-BA2E-CD5DD65BF970}) (Version: 28.0.1315.0 - Hewlett-Packard Co.) swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Tippfix1_1 (HKLM-x32\...\{FEB690DE-045C-4FAF-A6A6-4DC7376E24EE}) (Version: 1.1.0.0 - ) UBitMenuDE (HKLM-x32\...\{CBCFD97D-FE82-43F4-A978-996CACF71E6B}_is1) (Version: 01.04 - UBit Schweiz AG) Unity Web Player (HKU\S-1-5-21-1885151078-40185133-285767259-1000\...\UnityWebPlayer) (Version: - Unity Technologies ApS) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation) Zinio Reader 4 (HKLM-x32\...\ZinioReader4) (Version: 4.2.4164 - Zinio LLC) Zinio Reader 4 (x32 Version: 4.2.4164 - Zinio LLC) Hidden Zoo Empire (HKLM-x32\...\InstallShield_{242BCCDC-B37B-4792-A52C-BCDDB1030AF9}) (Version: 1.00 - Enlight Software) Zoo Empire (x32 Version: 1.00 - Enlight Software) Hidden ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 17-11-2014 03:00:57 Windows Update 19-11-2014 03:00:26 Windows Update 25-11-2014 19:27:14 Windows Update 28-11-2014 22:28:29 Windows Update 02-12-2014 16:55:36 Windows Update 09-12-2014 22:30:09 Windows Update 11-12-2014 02:00:17 Windows Update 14-12-2014 03:00:28 Windows Update 14-12-2014 13:50:48 avast! antivirus system restore point 17-12-2014 17:37:38 Windows Update 21-12-2014 03:01:45 Windows Update 24-12-2014 03:00:43 Windows Update 27-12-2014 10:56:39 Windows Update 30-12-2014 17:01:02 Windows Update 06-01-2015 17:03:18 Windows Update 09-01-2015 19:52:07 Windows Update 14-01-2015 17:32:28 Windows Update 15-01-2015 03:00:41 Windows Update 16-01-2015 03:00:27 Windows Update 18-01-2015 12:33:17 Installed HP Update. 20-01-2015 17:56:42 Windows Update 27-01-2015 16:59:43 Windows Update 31-01-2015 16:49:54 Windows Update 01-02-2015 17:18:43 Uniblue DriverScanner installation ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {10F7DCF1-B638-49E9-B0B8-6ECF9A913871} - System32\Tasks\PCDEventLauncher => C:\Program Files\Dell Support Center\sessionchecker.exe [2012-11-30] (PC-Doctor, Inc.) Task: {16244C64-FD36-4C03-9392-85C21442DD2E} - System32\Tasks\{2DBD0BE9-228D-4709-B7A8-1ABAA66554A6} => pcalua.exe -a E:\eagle-win-5.11.0.exe -d E:\ Task: {17CFBAFA-3FB4-4D7A-B78E-7041A8E4DEF4} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated) Task: {2F2D47A7-15AC-4224-8728-335B1F0C7C88} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe Task: {34EEE8A7-8663-4555-B8A0-744CA61B99DA} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1885151078-40185133-285767259-1000UA => C:\Users\Charly\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.) Task: {36ED0340-B405-4899-8CED-CA555B1838A9} - System32\Tasks\HPCustParticipation HP Officejet 6600 => C:\Program Files\HP\HP Officejet 6600\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.) Task: {4B6E4C8D-7250-410B-AE2F-C3F5B21249B0} - System32\Tasks\{5923F9D2-C4DF-4E6C-A56C-9D44DF76E510} => pcalua.exe -a C:\Users\Charly\Desktop\SamsungDrucker20.07.2007.exe -d C:\Users\Charly\Desktop Task: {5676A1BC-7E68-45F5-8D15-07E5B34E6E68} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc Task: {5D95D023-633E-4F6F-B91B-3F98846784F5} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-12-14] (AVAST Software) Task: {6E04475C-89FC-45BA-968B-F41A8D1E20CB} - System32\Tasks\OAMZ => C:\Users\Charly\AppData\Roaming\OAMZ.exe [2015-02-01] (VenturesMPlayer) <==== ATTENTION Task: {822E83A1-BB9F-441F-A31B-F9A9480A6959} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-28] (Adobe Systems Incorporated) Task: {904E9075-1CD3-4C14-94CA-1D4F9EE5E441} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1885151078-40185133-285767259-1000Core => C:\Users\Charly\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.) Task: {921F9CDB-11BC-414B-A1DF-2F4D9EA7B820} - System32\Tasks\{ABF30231-F573-4948-BCD9-15EF0CC86584} => Firefox.exe hxxp://ui.skype.com/ui/0/6.6.0.106/de/abandoninstall?page=tsPlugin Task: {9AF1EAF0-9AEB-4AAB-9B32-0E969F421431} - System32\Tasks\DAPXB => C:\Users\Charly\AppData\Roaming\DAPXB.exe [2015-02-01] (VenturesMPlayer) <==== ATTENTION Task: {AE68D4AF-AC25-460E-9B0A-7FBA5CA7E0AD} - System32\Tasks\{0FFF9BE5-FFF0-4B43-AFDC-640B7357C855} => pcalua.exe -a C:\Users\Charly\Downloads\Minecraft_Client-3.0.2\mcorg_client.exe -d C:\Users\Charly\Downloads\Minecraft_Client-3.0.2 Task: {B65E526A-65B1-4D14-B622-55761BF3AEE1} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-07-23] (Piriform Ltd) Task: {B8FAF197-98C0-43C3-995C-4072239AF8B7} - System32\Tasks\PCDoctorBackgroundMonitorTask-Delay => C:\Program Files\Dell Support Center\uaclauncher.exe [2012-11-30] (PC-Doctor, Inc.) Task: {C31044DD-9933-4D28-B935-AD99CF620707} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-23] (Google Inc.) Task: {CD1374FE-7841-41B4-9F36-2DFD393BAEF2} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell Support Center\uaclauncher.exe [2012-11-30] (PC-Doctor, Inc.) Task: {E7AAC0B9-A5B5-4B3F-ABAA-298F7E571035} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-23] (Google Inc.) Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\windows\Tasks\DAPXB.job => C:\Users\Charly\AppData\Roaming\DAPXB.exe <==== ATTENTION Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1885151078-40185133-285767259-1000Core.job => C:\Users\Charly\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1885151078-40185133-285767259-1000UA.job => C:\Users\Charly\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\windows\Tasks\OAMZ.job => C:\Users\Charly\AppData\Roaming\OAMZ.exe <==== ATTENTION ==================== Loaded Modules (whitelisted) ============= 2010-12-17 19:53 - 2010-12-17 19:53 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll 2011-08-30 02:29 - 2011-04-10 19:40 - 00094208 _____ () C:\WINDOWS\System32\IccLibDll_x64.dll 2010-12-17 19:53 - 2010-12-17 19:53 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll 2010-11-17 16:35 - 2010-11-17 16:35 - 00514544 _____ () C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe 2014-12-14 13:53 - 2014-12-14 13:53 - 05851328 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxRT.dll 2014-12-14 13:53 - 2014-12-14 13:53 - 00388208 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDDU.dll 2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF 2015-02-03 11:54 - 2015-02-03 11:54 - 02913280 _____ () C:\Program Files\AVAST Software\Avast\defs\15020300\algo.dll 2014-12-14 13:53 - 2014-12-14 13:53 - 04495336 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\x86\VBoxRT-x86.dll 2010-11-25 04:44 - 2010-11-25 04:44 - 00375280 _____ () c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll 2014-10-22 02:59 - 2014-10-22 02:59 - 00169472 _____ () C:\windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\93182e9779b8be0f688fd0784df6d7fb\IsdiInterop.ni.dll 2011-08-30 00:08 - 2010-11-06 05:50 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll 2014-12-14 13:53 - 2014-12-14 13:53 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2015-01-27 18:29 - 2015-01-27 18:29 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ========================= Accounts: ========================== Administrator (S-1-5-21-1885151078-40185133-285767259-500 - Administrator - Disabled) Charly (S-1-5-21-1885151078-40185133-285767259-1000 - Administrator - Enabled) => C:\Users\Charly Gast (S-1-5-21-1885151078-40185133-285767259-501 - Limited - Disabled) => C:\Users\Gast HomeGroupUser$ (S-1-5-21-1885151078-40185133-285767259-1006 - Limited - Enabled) ==================== Faulty Device Manager Devices ============= Name: qrnfd_1_10_0_8 Description: qrnfd_1_10_0_8 Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: qrnfd_1_10_0_8 Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Event log errors: ========================= Application errors: ================== System errors: ============= Microsoft Office Sessions: ========================= ==================== Memory info =========================== Processor: Intel(R) Core(TM) i3-2310M CPU @ 2.10GHz Percentage of memory in use: 52% Total physical RAM: 4003.17 MB Available physical RAM: 1896.5 MB Total Pagefile: 8004.53 MB Available Pagefile: 5579.63 MB Total Virtual: 8192 MB Available Virtual: 8191.85 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:451.01 GB) (Free:224.39 GB) NTFS Drive e: () (Removable) (Total:1.88 GB) (Free:0.03 GB) FAT ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: E4219F81) Partition 1: (Not Active) - (Size=100 MB) - (Type=DE) Partition 2: (Active) - (Size=14.6 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=451 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 1.9 GB) (Disk ID: 00000000) Partition: GPT Partition Type. ==================== End Of Log ============================ |
03.02.2015, 14:09 | #4 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Windows 7: im neuen Tab öffnet sich omiga-plus.comZitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
04.02.2015, 13:00 | #5 |
| Windows 7: im neuen Tab öffnet sich omiga-plus.com Der erste Proxy FF NetworkProxy: "http", "172.27.10.1", ist mir nicht bekannt, der zweit FF NetworkProxy: "http_port", 8080 ist unser Schulproxy. Mittlerweile öffnet sich die Seite nicht mehr, aber ich weiß ja nicht, was da im Hintergrund trotzdem noch gespeichert oder vorhanden ist. |
04.02.2015, 13:02 | #6 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Windows 7: im neuen Tab öffnet sich omiga-plus.com 8080 ist kein Proxy bzw keine IP-Adresse. Sondern der verwendete Port. Entweder ist 172.27.10.1 der Schulproxy oder nicht. Das kannst nur du wissen.
__________________ --> Windows 7: im neuen Tab öffnet sich omiga-plus.com |
04.02.2015, 22:07 | #7 |
| Windows 7: im neuen Tab öffnet sich omiga-plus.com Hi, ich habe gerade mal nachgeschaut, also das ist unser Schulproxy. |
04.02.2015, 23:47 | #8 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Windows 7: im neuen Tab öffnet sich omiga-plus.com Dann geht das i.O. Jetzt bitte Virenscanner deaktivieren, aktive Virenscanner nerven meist nur wenn man mit JRT oder adwCleaner die Junkware entfernen will Adware/Junkware/Toolbars entfernen (alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen auf den Desktop!) 1. Schritt: adwCleaner Downloade Dir bitte AdwCleaner auf deinen Desktop.
2. Schritt: JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
3. Schritt: Frisches Log mit FRST Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ Logfiles bitte immer in CODE-Tags posten |
05.02.2015, 15:21 | #9 |
| Windows 7: im neuen Tab öffnet sich omiga-plus.com AdwCleaner Code:
ATTFilter # AdwCleaner v4.109 - Bericht erstellt am 05/02/2015 um 14:21:05 # Aktualisiert 24/01/2015 von Xplode # Database : 2015-02-04.1 [Live] # Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits) # Benutzername : Charly - CHARLY-PC # Gestartet von : C:\Users\Charly\Desktop\AdwCleaner_4.109.exe # Option : Löschen ***** [ Dienste ] ***** ***** [ Dateien / Ordner ] ***** ***** [ Tasks ] ***** ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** ***** [ Browser ] ***** -\\ Internet Explorer v11.0.9600.17496 -\\ Mozilla Firefox v35.0.1 (x86 de) -\\ Google Chrome v ************************* AdwCleaner[R0].txt - [16022 octets] - [03/02/2015 13:16:27] AdwCleaner[R1].txt - [868 octets] - [05/02/2015 14:18:07] AdwCleaner[S1].txt - [790 octets] - [05/02/2015 14:21:05] ########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [849 octets] ########## Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.4.2 (02.02.2015:1) OS: Windows 7 Home Premium x64 Ran by Charly on 05.02.2015 at 15:09:46,39 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\ProgramData\pcdr" ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 05.02.2015 at 15:14:14,54 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2015 Ran by Charly (administrator) on CHARLY-PC on 05-02-2015 15:15:16 Running from C:\Users\Charly\Desktop Loaded Profiles: Charly (Available profiles: Charly & Gast) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Microsoft Corporation) C:\WINDOWS\System32\wlanext.exe (Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe (Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Intel Corporation) C:\WINDOWS\System32\hkcmd.exe (Intel Corporation) C:\WINDOWS\System32\igfxpers.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe (Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Facebook Inc.) C:\Users\Charly\AppData\Local\Facebook\Update\FacebookUpdate.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE (Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) C:\WINDOWS\System32\StikyNot.exe (Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe (Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe (Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe () C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe (Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [525312 2011-01-25] (IDT, Inc.) HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [609144 2011-04-13] (Alps Electric Co., Ltd.) HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [3666800 2011-01-22] (Dell Inc.) HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1933584 2010-12-17] (Intel(R) Corporation) HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp HKLM\...\Run: [Stage Remote] => C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe -Quiet HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch HKLM\...\Run: [DellStage] => C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe [2195824 2012-02-01] () HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [503942 2011-04-13] (Creative Technology Ltd) HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-06] (Intel Corporation) HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation) HKLM-x32\...\Run: [RoxWatchTray] => c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions) HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation) HKLM-x32\...\Run: [Desktop Disc Tool] => c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] () HKLM-x32\...\Run: [AccuWeatherWidget] => C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe [968048 2012-02-01] () HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-02-01] (AVAST Software) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation) HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2015-01-14] (Samsung Electronics Co., Ltd.) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) HKLM-x32\...\Run: [] => [X] Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-1885151078-40185133-285767259-1000\...\Run: [Facebook Update] => C:\Users\Charly\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-12] (Facebook Inc.) HKU\S-1-5-21-1885151078-40185133-285767259-1000\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2014-10-14] (Microsoft Corporation) HKU\S-1-5-21-1885151078-40185133-285767259-1000\...\Run: [HP Officejet 6600 (NET)] => C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.) HKU\S-1-5-21-1885151078-40185133-285767259-1000\...\Run: [RESTART_STICKY_NOTES] => C:\WINDOWS\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation) HKU\S-1-5-21-1885151078-40185133-285767259-1000\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1565504 2015-01-14] (Samsung) HKU\S-1-5-21-1885151078-40185133-285767259-1000\...\Policies\system: [LogonHoursAction] 2 HKU\S-1-5-21-1885151078-40185133-285767259-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia) Startup: C:\Users\Charly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com SearchScopes: HKLM -> {2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox SearchScopes: HKLM-x32 -> {2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1885151078-40185133-285767259-1000 -> {2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} URL = BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File DPF: HKLM-x32 {6C269571-C6D7-4818-BCA4-32A035E8C884} hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15118/CTPID.cab Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 172.29.11.1 FireFox: ======== FF ProfilePath: C:\Users\Charly\AppData\Roaming\Mozilla\Firefox\Profiles\rl566buh.default FF NetworkProxy: "backup.ftp", "172.27.10.1" FF NetworkProxy: "backup.ftp_port", 8080 FF NetworkProxy: "backup.socks", "172.27.10.1" FF NetworkProxy: "backup.socks_port", 8080 FF NetworkProxy: "backup.ssl", "172.27.10.1" FF NetworkProxy: "backup.ssl_port", 8080 FF NetworkProxy: "ftp", "172.27.10.1" FF NetworkProxy: "ftp_port", 8080 FF NetworkProxy: "http", "172.27.10.1" FF NetworkProxy: "http_port", 8080 FF NetworkProxy: "share_proxy_settings", true FF NetworkProxy: "socks", "172.27.10.1" FF NetworkProxy: "socks_port", 8080 FF NetworkProxy: "ssl", "172.27.10.1" FF NetworkProxy: "ssl_port", 8080 FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll () FF Plugin: @java.com/DTPlugin,version=1.6.0_41 -> C:\windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1205146.dll (Adobe Systems, Inc.) FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-1885151078-40185133-285767259-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Charly\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF Plugin HKU\S-1-5-21-1885151078-40185133-285767259-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Charly\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF SearchPlugin: C:\Users\Charly\AppData\Roaming\Mozilla\Firefox\Profiles\rl566buh.default\searchplugins\duckduckgo.xml FF SearchPlugin: C:\Users\Charly\AppData\Roaming\Mozilla\Firefox\Profiles\rl566buh.default\searchplugins\dudende-suche.xml FF SearchPlugin: C:\Users\Charly\AppData\Roaming\Mozilla\Firefox\Profiles\rl566buh.default\searchplugins\ixquick-ssl.xml FF SearchPlugin: C:\Users\Charly\AppData\Roaming\Mozilla\Firefox\Profiles\rl566buh.default\searchplugins\leo-deu-fra.xml FF SearchPlugin: C:\Users\Charly\AppData\Roaming\Mozilla\Firefox\Profiles\rl566buh.default\searchplugins\openthesaurus.xml FF SearchPlugin: C:\Users\Charly\AppData\Roaming\Mozilla\Firefox\Profiles\rl566buh.default\searchplugins\ponscom--franzsisch--deutsch.xml FF SearchPlugin: C:\Users\Charly\AppData\Roaming\Mozilla\Firefox\Profiles\rl566buh.default\searchplugins\wettercom.xml FF Extension: YouTube Unblocker - C:\Users\Charly\AppData\Roaming\Mozilla\Firefox\Profiles\rl566buh.default\Extensions\youtubeunblocker@unblocker.yt [2015-02-03] FF Extension: Web Developer - C:\Users\Charly\AppData\Roaming\Mozilla\Firefox\Profiles\rl566buh.default\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2014-11-16] FF Extension: Adblock Plus - C:\Users\Charly\AppData\Roaming\Mozilla\Firefox\Profiles\rl566buh.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-09-06] FF Extension: Tab Mix Plus - C:\Users\Charly\AppData\Roaming\Mozilla\Firefox\Profiles\rl566buh.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2011-09-06] FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCore FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-12-16] FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK FF HKU\S-1-5-21-1885151078-40185133-285767259-1000\...\Firefox\Extensions: [mail@gutscheinrausch.de] - C:\Users\Charly\AppData\Roaming\Mozilla\Firefox\Profiles\rl566buh.default\extensions\mail@gutscheinrausch.de Chrome: ======= CHR Profile: C:\Users\Charly\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Docs) - C:\Users\Charly\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-03-20] CHR Extension: (Google Drive) - C:\Users\Charly\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-03-20] CHR Extension: (YouTube) - C:\Users\Charly\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-03-20] CHR Extension: (Google-Suche) - C:\Users\Charly\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-03-20] CHR Extension: (Google Mail) - C:\Users\Charly\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-03-20] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-14] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-14] (AVAST Software) R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-12-14] (Avast Software) R2 Bluetooth Device Monitor; C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [897088 2010-11-03] (Intel Corporation) [File not signed] R3 Bluetooth Media Service; C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [1298496 2010-11-03] (Intel Corporation) [File not signed] S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed] S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-12-17] () R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1225312 2012-11-26] (Secunia) R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [659040 2012-11-26] (Secunia) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-12-14] () R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [22600 2013-03-07] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-12-14] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-12-14] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-12-14] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-12-14] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-12-14] (AVAST Software) S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-12-14] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-12-14] () R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2014-12-14] (Avast Software) S1 qrnfd_1_10_0_8; system32\drivers\qrnfd_1_10_0_8.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-05 15:14 - 2015-02-05 15:14 - 00000682 _____ () C:\Users\Charly\Desktop\JRT.txt 2015-02-05 14:24 - 2015-02-05 14:24 - 00000197 _____ () C:\windows\system32\2015-02-05-13-24-43.069-AvastVBoxSVC.exe-2136.log 2015-02-05 14:21 - 2015-02-05 14:21 - 00000928 _____ () C:\Users\Charly\Desktop\AdwCleaner[S1].txt 2015-02-03 14:05 - 2015-02-03 14:05 - 00000247 _____ () C:\windows\system32\2015-02-03-13-05-17.099-aswFe.exe-5952.log 2015-02-03 13:53 - 2015-02-03 14:05 - 00000247 _____ () C:\windows\system32\2015-02-03-12-53-57.029-aswFe.exe-4972.log 2015-02-03 13:53 - 2015-02-03 13:53 - 00000197 _____ () C:\windows\system32\2015-02-03-12-53-49.053-AvastVBoxSVC.exe-6508.log 2015-02-03 13:39 - 2015-02-03 13:39 - 01388274 _____ (Thisisu) C:\Users\Charly\Desktop\JRT.exe 2015-02-03 13:33 - 2015-02-05 14:22 - 00006296 _____ () C:\windows\PFRO.log 2015-02-03 13:33 - 2015-02-05 14:22 - 00000112 _____ () C:\windows\setupact.log 2015-02-03 13:33 - 2015-02-03 13:33 - 644974565 _____ () C:\windows\MEMORY.DMP 2015-02-03 13:33 - 2015-02-03 13:33 - 00472976 _____ () C:\windows\Minidump\020315-26956-01.dmp 2015-02-03 13:33 - 2015-02-03 13:33 - 00000000 _____ () C:\windows\setuperr.log 2015-02-03 13:21 - 2015-02-03 13:22 - 00014880 _____ () C:\Users\Charly\Desktop\AdwCleaner[S0].txt 2015-02-03 13:16 - 2015-02-05 15:08 - 00000000 ____D () C:\AdwCleaner 2015-02-03 13:15 - 2015-02-03 13:15 - 02194432 _____ () C:\Users\Charly\Desktop\AdwCleaner_4.109.exe 2015-02-03 12:47 - 2015-02-03 12:47 - 00027016 _____ () C:\Users\Charly\Desktop\Gmer.log 2015-02-03 12:33 - 2015-02-03 12:33 - 00380416 _____ () C:\Users\Charly\Desktop\Gmer-19357.exe 2015-02-03 12:25 - 2015-02-03 13:51 - 00024138 _____ () C:\Users\Charly\Desktop\Addition.txt 2015-02-03 12:24 - 2015-02-05 15:15 - 00022050 _____ () C:\Users\Charly\Desktop\FRST.txt 2015-02-03 12:23 - 2015-02-05 15:15 - 00000000 ____D () C:\FRST 2015-02-03 12:21 - 2015-02-03 12:22 - 02131456 _____ (Farbar) C:\Users\Charly\Desktop\FRST64.exe 2015-02-03 12:18 - 2015-02-03 12:18 - 00000474 _____ () C:\Users\Charly\Desktop\defogger_disable.log 2015-02-03 12:18 - 2015-02-03 12:18 - 00000000 _____ () C:\Users\Charly\defogger_reenable 2015-02-03 12:07 - 2015-02-03 12:07 - 00050477 _____ () C:\Users\Charly\Desktop\Defogger.exe 2015-02-01 17:18 - 2015-02-05 15:04 - 00001338 _____ () C:\windows\Tasks\OAMZ.job 2015-02-01 17:18 - 2015-02-05 14:59 - 00001340 _____ () C:\windows\Tasks\DAPXB.job 2015-02-01 17:18 - 2015-02-01 17:19 - 00004370 _____ () C:\windows\System32\Tasks\DAPXB 2015-02-01 17:18 - 2015-02-01 17:18 - 01960408 _____ (VenturesMPlayer) C:\Users\Charly\AppData\Roaming\OAMZ.exe 2015-02-01 17:18 - 2015-02-01 17:18 - 01482200 _____ (VenturesMPlayer) C:\Users\Charly\AppData\Roaming\DAPXB.exe 2015-02-01 17:18 - 2015-02-01 17:18 - 00004368 _____ () C:\windows\System32\Tasks\OAMZ 2015-01-27 20:20 - 2015-01-27 20:20 - 19029752 _____ () C:\Users\Charly\Downloads\Anhänge_2015127.zip 2015-01-27 18:29 - 2015-01-27 18:29 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-01-25 17:12 - 2015-01-25 17:12 - 00002086 _____ () C:\Users\Charly\AppData\Roaming\DAPXB 2015-01-25 17:12 - 2015-01-25 17:12 - 00001248 _____ () C:\Users\Charly\AppData\Roaming\OAMZ 2015-01-20 00:46 - 2015-01-20 00:47 - 00000000 ____D () C:\Users\Charly\Desktop\Neuer Ordner 2015-01-18 21:41 - 2015-01-18 21:41 - 00247739 _____ () C:\Users\Charly\Downloads\video-1421609768.mp4.mp4 2015-01-18 21:41 - 2015-01-18 21:41 - 00247739 _____ () C:\Users\Charly\Downloads\video-1421609768.mp4(1).mp4 2015-01-18 12:33 - 2015-01-18 12:33 - 00000000 ____D () C:\windows\Hewlett-Packard 2015-01-16 03:22 - 2015-01-16 03:22 - 00000197 _____ () C:\windows\system32\2015-01-16-02-22-30.004-AvastVBoxSVC.exe-168.log 2015-01-15 20:39 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxdav.sys 2015-01-15 03:34 - 2015-01-15 03:34 - 00000197 _____ () C:\windows\system32\2015-01-15-02-34-10.058-AvastVBoxSVC.exe-4068.log 2015-01-14 17:33 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\profsvc.dll 2015-01-14 17:33 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe 2015-01-14 17:33 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll 2015-01-14 17:33 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe 2015-01-14 17:33 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe 2015-01-14 17:33 - 2014-12-11 18:47 - 00052736 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe 2015-01-14 17:33 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\windows\system32\nlasvc.dll 2015-01-14 17:33 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncsi.dll 2015-01-14 17:33 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\windows\SysWOW64\nlaapi.dll 2015-01-14 17:32 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe 2015-01-14 17:32 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll 2015-01-14 17:32 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll 2015-01-13 13:52 - 2015-01-13 13:52 - 00000197 _____ () C:\windows\system32\2015-01-13-12-52-06.058-AvastVBoxSVC.exe-2148.log 2015-01-12 21:12 - 2015-01-12 21:12 - 00000197 _____ () C:\windows\system32\2015-01-12-20-12-30.041-AvastVBoxSVC.exe-3500.log 2015-01-09 19:29 - 2015-01-09 19:29 - 00000197 _____ () C:\windows\system32\2015-01-09-18-29-29.054-AvastVBoxSVC.exe-3500.log 2015-01-08 23:19 - 2015-01-08 23:19 - 00000197 _____ () C:\windows\system32\2015-01-08-22-19-02.027-AvastVBoxSVC.exe-3576.log 2015-01-07 19:00 - 2015-01-07 19:00 - 00000197 _____ () C:\windows\system32\2015-01-07-18-00-25.075-AvastVBoxSVC.exe-3132.log 2015-01-07 16:45 - 2015-01-07 16:45 - 00000197 _____ () C:\windows\system32\2015-01-07-15-45-35.011-AvastVBoxSVC.exe-2380.log 2015-01-06 10:53 - 2015-01-06 10:54 - 46637686 _____ () C:\Users\Charly\Downloads\Come Now Is The Time To Worship.avi ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-05 15:10 - 2011-08-30 00:01 - 01361120 _____ () C:\windows\WindowsUpdate.log 2015-02-05 14:59 - 2012-04-03 13:10 - 00701616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe 2015-02-05 14:59 - 2012-04-03 13:10 - 00003822 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater 2015-02-05 14:59 - 2012-04-03 13:10 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job 2015-02-05 14:59 - 2011-10-15 13:32 - 00001142 _____ () C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1885151078-40185133-285767259-1000UA.job 2015-02-05 14:59 - 2011-09-06 20:44 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-02-05 14:59 - 2011-09-06 19:16 - 00001110 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-02-05 14:30 - 2009-07-14 05:45 - 00028576 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-02-05 14:30 - 2009-07-14 05:45 - 00028576 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-02-05 14:28 - 2011-08-30 02:51 - 00699666 _____ () C:\windows\system32\perfh007.dat 2015-02-05 14:28 - 2011-08-30 02:51 - 00149774 _____ () C:\windows\system32\perfc007.dat 2015-02-05 14:28 - 2009-07-14 06:13 - 01620612 _____ () C:\windows\system32\PerfStringBackup.INI 2015-02-05 14:22 - 2009-07-14 06:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT 2015-02-05 12:42 - 2011-10-15 13:32 - 00001120 _____ () C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1885151078-40185133-285767259-1000Core.job 2015-02-04 21:56 - 2012-01-31 16:00 - 00003938 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{0F102A3C-CB48-4F24-80C8-D0792A79F8D8} 2015-02-04 00:15 - 2012-08-27 13:25 - 00003488 _____ () C:\windows\System32\Tasks\PCDEventLauncher 2015-02-03 13:36 - 2011-08-30 00:43 - 00000000 ____D () C:\ProgramData\Sonic 2015-02-03 13:33 - 2013-11-18 15:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-02-03 13:33 - 2011-12-08 17:57 - 00000000 ____D () C:\windows\Minidump 2015-02-03 12:18 - 2011-09-06 09:23 - 00000000 ____D () C:\Users\Charly 2015-02-03 12:14 - 2013-11-18 15:41 - 00001157 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2015-02-03 12:14 - 2013-11-18 15:41 - 00001145 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2015-02-03 12:14 - 2011-09-06 09:33 - 00001419 _____ () C:\Users\Charly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-02-03 11:52 - 2012-12-16 19:35 - 00004182 _____ () C:\windows\System32\Tasks\avast! Emergency Update 2015-02-01 17:36 - 2014-03-14 09:32 - 00835584 ___SH () C:\Users\Charly\Desktop\Thumbs.db 2015-01-25 23:24 - 2014-12-31 15:47 - 00000000 ____D () C:\Users\Charly\Desktop\Auslandsjahr 2015-01-18 20:11 - 2014-12-24 00:09 - 00000000 ____D () C:\Users\Charly\Documents\Outlook-Dateien 2015-01-18 20:10 - 2014-12-20 11:21 - 00000000 ____D () C:\Users\Charly\Documents\SelfMV 2015-01-18 12:34 - 2012-12-16 22:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP 2015-01-18 12:33 - 2012-06-04 11:33 - 00000000 ____D () C:\Users\Charly\AppData\Roaming\HpUpdate 2015-01-18 10:56 - 2014-10-21 19:01 - 00002000 _____ () C:\Users\Public\Desktop\Samsung Kies (Lite).lnk 2015-01-16 14:36 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\system32\NDF 2015-01-16 03:00 - 2011-09-25 07:51 - 00000000 ____D () C:\windows\System32\Tasks\Games 2015-01-15 03:13 - 2013-07-27 02:01 - 00000000 ____D () C:\windows\system32\MRT 2015-01-15 03:01 - 2011-09-06 19:12 - 113365784 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe 2015-01-06 04:36 - 2010-11-21 04:27 - 00298120 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe ==================== Files in the root of some directories ======= 2015-01-25 17:12 - 2015-01-25 17:12 - 0002086 _____ () C:\Users\Charly\AppData\Roaming\DAPXB 2015-02-01 17:18 - 2015-02-01 17:18 - 1482200 _____ (VenturesMPlayer) C:\Users\Charly\AppData\Roaming\DAPXB.exe 2015-01-25 17:12 - 2015-01-25 17:12 - 0001248 _____ () C:\Users\Charly\AppData\Roaming\OAMZ 2015-02-01 17:18 - 2015-02-01 17:18 - 1960408 _____ (VenturesMPlayer) C:\Users\Charly\AppData\Roaming\OAMZ.exe 2011-09-06 21:35 - 2014-02-05 12:02 - 0055296 _____ () C:\Users\Charly\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2011-12-13 09:54 - 2011-12-13 09:58 - 0000000 _____ () C:\Users\Charly\AppData\Local\{1EEE3C18-D95C-46E1-AAAF-BA19D1E4E698} 2014-10-12 16:25 - 2014-10-12 16:25 - 0000000 _____ () C:\Users\Charly\AppData\Local\{4699457A-6CBE-4B5A-9265-C55F6C7BFF53} 2012-06-04 11:31 - 2012-06-04 11:31 - 0000057 _____ () C:\ProgramData\Ament.ini 2012-02-26 20:47 - 2012-02-26 20:47 - 0000056 ____H () C:\ProgramData\ezsidmv.dat 2012-05-14 17:21 - 2012-05-14 17:21 - 0000004 __RSH () C:\ProgramData\sysqcl1129139270.dat Files to move or delete: ==================== C:\ProgramData\sysqcl1129139270.dat Some content of TEMP: ==================== C:\Users\Charly\AppData\Local\Temp\BackupSetup.exe C:\Users\Charly\AppData\Local\Temp\Quarantine.exe C:\Users\Charly\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-01-15 23:09 ==================== End Of Log ============================ Addition Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-02-2015 Ran by Charly at 2015-02-05 15:16:17 Running from C:\Users\Charly\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 9.22beta (HKLM-x32\...\7-Zip) (Version: - ) Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated) Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated) Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated) Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.5.146 - Adobe Systems, Inc.) Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd) Avast Free Antivirus (HKLM-x32\...\avast) (Version: 10.0.2208 - AVAST Software) Bandicam (HKLM-x32\...\Bandicam) (Version: 2.0.3.674 - Bandisoft.com) Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version: - Bandisoft.com) Canon MG4100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG4100_series) (Version: - ) CCleaner (HKLM\...\CCleaner) (Version: 4.16 - Piriform) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Decouvertes 5 Sprachtrainer Kommunikation (HKLM-x32\...\{3D220981-ECF5-4DD6-AF2F-963580810B9E}) (Version: 1.00.000 - Klett) Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc) Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.) Dell MusicStage (HKLM-x32\...\{3255BC3F-32BA-41ED-93A0-B9AEB6CDD9E6}) (Version: 1.5.201.0 - Fingertapps) Dell PhotoStage (HKLM-x32\...\{E4335E82-17B3-460F-9E70-39D9BC269DB3}) (Version: 1.5.0.65 - ArcSoft) Dell Stage (HKLM-x32\...\{E2F57269-065E-4B19-8CDA-AB6C401FAF1A}) (Version: 1.7.209.0 - Fingertapps) Dell Stage Remote (HKLM-x32\...\{AF4D3C63-009B-4A17-B02E-D395065DD3F0}) (Version: 2.0.0.43 - ArcSoft) Dell Support Center (HKLM\...\PC-Doctor for Windows) (Version: 3.2.6032.102 - PC-Doctor, Inc.) Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1209.101.204 - ALPS ELECTRIC CO., LTD.) Dell VideoStage (HKLM-x32\...\InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}) (Version: 1.2.0.1712 - CyberLink Corp.) Dell VideoStage (x32 Version: 1.2.0.1712 - CyberLink Corp.) Hidden Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 2.00.44 - Creative Technology Ltd) Die*Sims™*3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.0.631 - Electronic Arts) DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden Facebook Video Calling 1.2.0.287 (HKLM-x32\...\{B92C5909-1D37-4C51-8397-A28BB28E5DC3}) (Version: 1.2.287 - Skype Limited) Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited) FirstClass® Client (HKLM-x32\...\{2869279D-7AE2-4A13-96B8-46078BA3F75B}) (Version: 11.0 (build 11.042) - Open Text Corporation.) Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden GutscheinRausch.de - AddOn für Firefox (HKLM-x32\...\{2B11BA9C-7F97-4C16-970F-1491FD77969B}_is1) (Version: 2.81 - GutscheinRausch.de) HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard) HP Officejet 6600 - Grundlegende Software für das Gerät (HKLM\...\{F58934BD-F483-43EB-B307-CFFD88B18455}) (Version: 28.0.1315.0 - Hewlett-Packard Co.) HP Officejet 6600 Hilfe (HKLM-x32\...\{2FA81482-5570-4CF0-9A10-D61D2F164916}) (Version: 140.0.2.2 - Hewlett Packard) HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.9572 - HP) HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard) HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP) IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6324.0 - IDT) Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2361 - Intel Corporation) Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{7CE8BE79-ABC3-4B2C-9543-28ED2B0A9EA8}) (Version: 1.0.0.0454 - Intel Corporation) Intel(R) PROSet/Wireless WiFi-Software (HKLM\...\{290D4DB2-F1B4-4B8E-918D-D71EF29A001B}) (Version: 14.00.1000 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation) Intel(R) WiDi (HKLM-x32\...\{25680C01-6753-4FE9-A891-7857F26457C1}) (Version: 2.1.35.0 - Intel Corporation) Intel(R) Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version: - ) Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle) Klett Lernsoftware Mathematik - Lambacher Schweizer (6. Lernjah (HKLM-x32\...\Klett Lernsoftware Mathematik - Lambacher Schwei~1FADBBB4_is1) (Version: - ) LEGO MINDSTORMS NXT - (Deutsch) Sprachenpaket (HKLM-x32\...\{611ED207-22E5-4543-B9D3-E73096759A4F}) (Version: 2.0.100.0 - The LEGO Group) LEGO MINDSTORMS NXT Driver for x64 (HKLM\...\{74E85F31-573F-45BF-8939-4D2BCDCC2083}) (Version: 1.17.770 - LEGO) LEGO MINDSTORMS NXT Migration Package (HKLM-x32\...\{6C1D47CC-682C-4673-8CA8-DEE659628599}) (Version: 1.2.8.0 - LEGO) LEGO MINDSTORMS NXT Software v2.0 (HKLM-x32\...\{CB263F8D-EF2D-4EB5-A368-A27056EE92D4}) (Version: 2.0.108.0 - LEGO) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.) Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Mozilla Firefox 35.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) MyFreeCodec (HKU\S-1-5-21-1885151078-40185133-285767259-1000\...\MyFreeCodec) (Version: - ) PC Inspector File Recovery (HKLM-x32\...\{0DD140D3-9563-481E-AA75-BA457CBDAEF2}) (Version: 4.0 - ) PhotoShowExpress (x32 Version: 2.0.063 - Sonic Solutions) Hidden Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.09.20 - Dell Inc.) RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.31.1025.2010 - Realtek) Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30126 - Realtek Semiconductor Corp.) Recuva (HKLM\...\Recuva) (Version: 1.42 - Piriform) Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation) Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.32.0 - Renesas Electronics Corporation) Hidden Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio) Roxio File Backup (Version: 1.3.2 - Roxio) Hidden Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.14044_17 - Samsung Electronics Co., Ltd.) Samsung Kies (x32 Version: 2.6.3.14044_17 - Samsung Electronics Co., Ltd.) Hidden SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.49.0 - SAMSUNG Electronics Co., Ltd.) Secunia PSI (3.0.0.6001) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.6001 - Secunia) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee) Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.) Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden Sprachtrainer Fonts (HKLM-x32\...\{FBCF2ED3-AFB5-475E-BF9A-30BEAD366FBC}) (Version: 1.00.01 - Ernst Klett Verlag GmbH) StreamTransport version: 1.1.0.2 (HKLM-x32\...\{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1) (Version: - ) Studie zur Verbesserung von HP Officejet 6600 Produkten (HKLM\...\{E1A11879-5771-4E52-BA2E-CD5DD65BF970}) (Version: 28.0.1315.0 - Hewlett-Packard Co.) swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Tippfix1_1 (HKLM-x32\...\{FEB690DE-045C-4FAF-A6A6-4DC7376E24EE}) (Version: 1.1.0.0 - ) UBitMenuDE (HKLM-x32\...\{CBCFD97D-FE82-43F4-A978-996CACF71E6B}_is1) (Version: 01.04 - UBit Schweiz AG) Unity Web Player (HKU\S-1-5-21-1885151078-40185133-285767259-1000\...\UnityWebPlayer) (Version: - Unity Technologies ApS) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation) Zinio Reader 4 (HKLM-x32\...\ZinioReader4) (Version: 4.2.4164 - Zinio LLC) Zinio Reader 4 (x32 Version: 4.2.4164 - Zinio LLC) Hidden Zoo Empire (HKLM-x32\...\InstallShield_{242BCCDC-B37B-4792-A52C-BCDDB1030AF9}) (Version: 1.00 - Enlight Software) Zoo Empire (x32 Version: 1.00 - Enlight Software) Hidden ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 17-11-2014 03:00:57 Windows Update 19-11-2014 03:00:26 Windows Update 25-11-2014 19:27:14 Windows Update 28-11-2014 22:28:29 Windows Update 02-12-2014 16:55:36 Windows Update 09-12-2014 22:30:09 Windows Update 11-12-2014 02:00:17 Windows Update 14-12-2014 03:00:28 Windows Update 14-12-2014 13:50:48 avast! antivirus system restore point 17-12-2014 17:37:38 Windows Update 21-12-2014 03:01:45 Windows Update 24-12-2014 03:00:43 Windows Update 27-12-2014 10:56:39 Windows Update 30-12-2014 17:01:02 Windows Update 06-01-2015 17:03:18 Windows Update 09-01-2015 19:52:07 Windows Update 14-01-2015 17:32:28 Windows Update 15-01-2015 03:00:41 Windows Update 16-01-2015 03:00:27 Windows Update 18-01-2015 12:33:17 Installed HP Update. 20-01-2015 17:56:42 Windows Update 27-01-2015 16:59:43 Windows Update 31-01-2015 16:49:54 Windows Update 01-02-2015 17:18:43 Uniblue DriverScanner installation 04-02-2015 00:19:41 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {10F7DCF1-B638-49E9-B0B8-6ECF9A913871} - System32\Tasks\PCDEventLauncher => C:\Program Files\Dell Support Center\sessionchecker.exe [2012-11-30] (PC-Doctor, Inc.) Task: {16244C64-FD36-4C03-9392-85C21442DD2E} - System32\Tasks\{2DBD0BE9-228D-4709-B7A8-1ABAA66554A6} => pcalua.exe -a E:\eagle-win-5.11.0.exe -d E:\ Task: {17CFBAFA-3FB4-4D7A-B78E-7041A8E4DEF4} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated) Task: {2F2D47A7-15AC-4224-8728-335B1F0C7C88} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe Task: {34EEE8A7-8663-4555-B8A0-744CA61B99DA} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1885151078-40185133-285767259-1000UA => C:\Users\Charly\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.) Task: {36ED0340-B405-4899-8CED-CA555B1838A9} - System32\Tasks\HPCustParticipation HP Officejet 6600 => C:\Program Files\HP\HP Officejet 6600\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.) Task: {4B6E4C8D-7250-410B-AE2F-C3F5B21249B0} - System32\Tasks\{5923F9D2-C4DF-4E6C-A56C-9D44DF76E510} => pcalua.exe -a C:\Users\Charly\Desktop\SamsungDrucker20.07.2007.exe -d C:\Users\Charly\Desktop Task: {5676A1BC-7E68-45F5-8D15-07E5B34E6E68} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc Task: {5D95D023-633E-4F6F-B91B-3F98846784F5} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-12-14] (AVAST Software) Task: {6E04475C-89FC-45BA-968B-F41A8D1E20CB} - System32\Tasks\OAMZ => C:\Users\Charly\AppData\Roaming\OAMZ.exe [2015-02-01] (VenturesMPlayer) <==== ATTENTION Task: {822E83A1-BB9F-441F-A31B-F9A9480A6959} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated) Task: {904E9075-1CD3-4C14-94CA-1D4F9EE5E441} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1885151078-40185133-285767259-1000Core => C:\Users\Charly\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.) Task: {921F9CDB-11BC-414B-A1DF-2F4D9EA7B820} - System32\Tasks\{ABF30231-F573-4948-BCD9-15EF0CC86584} => Firefox.exe hxxp://ui.skype.com/ui/0/6.6.0.106/de/abandoninstall?page=tsPlugin Task: {9AF1EAF0-9AEB-4AAB-9B32-0E969F421431} - System32\Tasks\DAPXB => C:\Users\Charly\AppData\Roaming\DAPXB.exe [2015-02-01] (VenturesMPlayer) <==== ATTENTION Task: {AE68D4AF-AC25-460E-9B0A-7FBA5CA7E0AD} - System32\Tasks\{0FFF9BE5-FFF0-4B43-AFDC-640B7357C855} => pcalua.exe -a C:\Users\Charly\Downloads\Minecraft_Client-3.0.2\mcorg_client.exe -d C:\Users\Charly\Downloads\Minecraft_Client-3.0.2 Task: {B65E526A-65B1-4D14-B622-55761BF3AEE1} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-07-23] (Piriform Ltd) Task: {B8FAF197-98C0-43C3-995C-4072239AF8B7} - System32\Tasks\PCDoctorBackgroundMonitorTask-Delay => C:\Program Files\Dell Support Center\uaclauncher.exe [2012-11-30] (PC-Doctor, Inc.) Task: {C31044DD-9933-4D28-B935-AD99CF620707} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-23] (Google Inc.) Task: {CD1374FE-7841-41B4-9F36-2DFD393BAEF2} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell Support Center\uaclauncher.exe [2012-11-30] (PC-Doctor, Inc.) Task: {E7AAC0B9-A5B5-4B3F-ABAA-298F7E571035} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-23] (Google Inc.) Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\windows\Tasks\DAPXB.job => C:\Users\Charly\AppData\Roaming\DAPXB.exe <==== ATTENTION Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1885151078-40185133-285767259-1000Core.job => C:\Users\Charly\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1885151078-40185133-285767259-1000UA.job => C:\Users\Charly\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\windows\Tasks\OAMZ.job => C:\Users\Charly\AppData\Roaming\OAMZ.exe <==== ATTENTION ==================== Loaded Modules (whitelisted) ============= 2010-12-17 19:53 - 2010-12-17 19:53 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll 2014-12-14 13:53 - 2014-12-14 13:53 - 00388208 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDDU.dll 2014-12-14 13:53 - 2014-12-14 13:53 - 05851328 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxRT.dll 2011-08-30 02:29 - 2011-04-10 19:40 - 00094208 _____ () C:\WINDOWS\System32\IccLibDll_x64.dll 2010-12-17 19:53 - 2010-12-17 19:53 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll 2010-11-17 16:35 - 2010-11-17 16:35 - 00514544 _____ () C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe 2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF 2015-02-05 12:31 - 2015-02-05 12:31 - 02913280 _____ () C:\Program Files\AVAST Software\Avast\defs\15020500\algo.dll 2014-12-14 13:53 - 2014-12-14 13:53 - 04495336 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\x86\VBoxRT-x86.dll 2014-10-22 02:59 - 2014-10-22 02:59 - 00169472 _____ () C:\windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\93182e9779b8be0f688fd0784df6d7fb\IsdiInterop.ni.dll 2011-08-30 00:08 - 2010-11-06 05:50 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll 2010-11-25 04:44 - 2010-11-25 04:44 - 00375280 _____ () c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll 2014-12-14 13:53 - 2014-12-14 13:53 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ========================= Accounts: ========================== Administrator (S-1-5-21-1885151078-40185133-285767259-500 - Administrator - Disabled) Charly (S-1-5-21-1885151078-40185133-285767259-1000 - Administrator - Enabled) => C:\Users\Charly Gast (S-1-5-21-1885151078-40185133-285767259-501 - Limited - Disabled) => C:\Users\Gast HomeGroupUser$ (S-1-5-21-1885151078-40185133-285767259-1006 - Limited - Enabled) ==================== Faulty Device Manager Devices ============= Name: qrnfd_1_10_0_8 Description: qrnfd_1_10_0_8 Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: qrnfd_1_10_0_8 Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Event log errors: ========================= Application errors: ================== System errors: ============= Microsoft Office Sessions: ========================= ==================== Memory info =========================== Processor: Intel(R) Core(TM) i3-2310M CPU @ 2.10GHz Percentage of memory in use: 37% Total physical RAM: 4003.17 MB Available physical RAM: 2507.24 MB Total Pagefile: 8004.53 MB Available Pagefile: 6350.72 MB Total Virtual: 8192 MB Available Virtual: 8191.84 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:451.01 GB) (Free:218.3 GB) NTFS Drive e: () (Removable) (Total:1.88 GB) (Free:0.03 GB) FAT ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: E4219F81) Partition 1: (Not Active) - (Size=100 MB) - (Type=DE) Partition 2: (Active) - (Size=14.6 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=451 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 1.9 GB) (Disk ID: 00000000) Partition: GPT Partition Type. ==================== End Of Log ============================ |
05.02.2015, 15:24 | #10 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Windows 7: im neuen Tab öffnet sich omiga-plus.com Virenscanner jetzt vor dem Fix bitte komplett deaktivieren! Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1885151078-40185133-285767259-1000 -> {2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} URL = FF HKU\S-1-5-21-1885151078-40185133-285767259-1000\...\Firefox\Extensions: [mail@gutscheinrausch.de] - C:\Users\Charly\AppData\Roaming\Mozilla\Firefox\Profiles\rl566buh.default\extensions\mail@gutscheinrausch.de Task: {6E04475C-89FC-45BA-968B-F41A8D1E20CB} - System32\Tasks\OAMZ => C:\Users\Charly\AppData\Roaming\OAMZ.exe [2015-02-01] (VenturesMPlayer) <==== ATTENTION Task: {9AF1EAF0-9AEB-4AAB-9B32-0E969F421431} - System32\Tasks\DAPXB => C:\Users\Charly\AppData\Roaming\DAPXB.exe [2015-02-01] (VenturesMPlayer) <==== ATTENTION Task: C:\windows\Tasks\DAPXB.job => C:\Users\Charly\AppData\Roaming\DAPXB.exe <==== ATTENTION Task: C:\windows\Tasks\OAMZ.job => C:\Users\Charly\AppData\Roaming\OAMZ.exe <==== ATTENTION C:\ProgramData\sysqcl1129139270.dat EmptyTemp: Hosts: Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
__________________ Logfiles bitte immer in CODE-Tags posten |
05.02.2015, 15:36 | #11 |
| Windows 7: im neuen Tab öffnet sich omiga-plus.com Hier das Fixlog: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 04-02-2015 01 Ran by Charly at 2015-02-05 15:31:03 Run:1 Running from C:\Users\Charly\Desktop Loaded Profiles: Charly (Available profiles: Charly & Gast) Boot Mode: Normal ============================================== Content of fixlist: ***************** SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1885151078-40185133-285767259-1000 -> {2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} URL = FF HKU\S-1-5-21-1885151078-40185133-285767259-1000\...\Firefox\Extensions: [mail@gutscheinrausch.de] - C:\Users\Charly\AppData\Roaming\Mozilla\Firefox\Profiles\rl566buh.default\extensions\mail@gutscheinrausch.de Task: {6E04475C-89FC-45BA-968B-F41A8D1E20CB} - System32\Tasks\OAMZ => C:\Users\Charly\AppData\Roaming\OAMZ.exe [2015-02-01] (VenturesMPlayer) <==== ATTENTION Task: {9AF1EAF0-9AEB-4AAB-9B32-0E969F421431} - System32\Tasks\DAPXB => C:\Users\Charly\AppData\Roaming\DAPXB.exe [2015-02-01] (VenturesMPlayer) <==== ATTENTION Task: C:\windows\Tasks\DAPXB.job => C:\Users\Charly\AppData\Roaming\DAPXB.exe <==== ATTENTION Task: C:\windows\Tasks\OAMZ.job => C:\Users\Charly\AppData\Roaming\OAMZ.exe <==== ATTENTION C:\ProgramData\sysqcl1129139270.dat EmptyTemp: Hosts: ***************** HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully. HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully. HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully. "HKU\S-1-5-21-1885151078-40185133-285767259-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2F1E335A-858A-4BE9-8F6B-D0AF1D018B53}" => Key deleted successfully. HKCR\CLSID\{2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} => Key not found. HKU\S-1-5-21-1885151078-40185133-285767259-1000\Software\Mozilla\Firefox\Extensions\\mail@gutscheinrausch.de => value deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6E04475C-89FC-45BA-968B-F41A8D1E20CB}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6E04475C-89FC-45BA-968B-F41A8D1E20CB}" => Key deleted successfully. C:\Windows\System32\Tasks\OAMZ => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OAMZ" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9AF1EAF0-9AEB-4AAB-9B32-0E969F421431}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9AF1EAF0-9AEB-4AAB-9B32-0E969F421431}" => Key deleted successfully. C:\Windows\System32\Tasks\DAPXB => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DAPXB" => Key deleted successfully. C:\windows\Tasks\DAPXB.job => Moved successfully. C:\windows\Tasks\OAMZ.job => Moved successfully. C:\ProgramData\sysqcl1129139270.dat => Moved successfully. C:\Windows\System32\Drivers\etc\hosts => Moved successfully. Hosts was reset successfully. EmptyTemp: => Removed 573.9 MB temporary data. The system needed a reboot. ==== End of Fixlog 15:31:19 ==== |
05.02.2015, 15:57 | #12 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Windows 7: im neuen Tab öffnet sich omiga-plus.com Okay, dann Kontrollscans mit MBAM und ESET bitte: Downloade Dir bitte Malwarebytes Anti-Malware
ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
Themen zu Windows 7: im neuen Tab öffnet sich omiga-plus.com |
adware, antivirus, browser, computer, cpu, down, failed, firefox, flash player, helper, home, homepage, iexplore.exe, monitor, mozilla, newtab, officejet, port, registry, rundll, scan, security, software, svchost.exe, system, tunnel, usb, windows |