|
Plagegeister aller Art und deren Bekämpfung: Fund bei Malwarebytes: OpenCandy und SpigotWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
11.02.2015, 22:04 | #16 |
Ruhe in Frieden † 2019 | Fund bei Malwarebytes: OpenCandy und Spigot Hallo Sabine, lad bitte Software nur beim Hersteller runter, Chip verteilt da gern Gratisbeigaben. ESET hat da ziemlich viel in deinen Backups gefunden, willst du die löschen (lassen)? Ansonsten Installer von Chip mit Werbung drin und die Ask-Toolbar die bei Avira bei ist. Ask sammelt benutzerbezogene Informationen, es wäre zu überlegen das Antivirus zu wechseln. Wenn ich dir die lösch, hast du keinen Browserschutz mehr. Schritt 1 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-132197110-3117043442-3119173927-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-4\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Schritt 2 Starte noch einmal FRST.
|
12.02.2015, 19:15 | #17 |
| Fund bei Malwarebytes: OpenCandy und Spigot Hallo Sandra,
__________________kurze Nachfrage, bezgl. der Schritte 1 und 2. Was meintest Du mit Browserschutz löschen? Avira wollte ich wechseln, wenn die gekaufte Lizenz ausläuft. Was passiert, wenn ich die letzten 2 Schritte ausführe? |
13.02.2015, 00:42 | #18 | |
Ruhe in Frieden † 2019 | Fund bei Malwarebytes: OpenCandy und Spigot Hallo Sabine,
__________________mit dem ersten Schritt werden Einschränkungen aufgehoben die die Bedienbarkeit der Einstellungen deines InternetExplorers betreffen.##Mit dem zweiten Schritt mache ich eine Kontrolle ob der Fix im ersten Schritt geklappt hat. Zitat:
__________________ |
13.02.2015, 13:12 | #19 |
| Fund bei Malwarebytes: OpenCandy und Spigot Hallo Sandra, ok verstanden, vielen Dank für die ausführliche Erklärung. Schritt 1 Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-02-2015 01 Ran by Sumsium at 2015-02-13 12:55:16 Run:3 Running from C:\Users\Sumsium\Desktop Loaded Profiles: Sumsium & (Available profiles: Sumsium & Sumsisum & Gast) Boot Mode: Normal ============================================== Content of fixlist: ***************** HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-132197110-3117043442-3119173927-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-4\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION ***************** "HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully. "HKU\S-1-5-21-132197110-3117043442-3119173927-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully. HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\Policies\Microsoft\Internet Explorer => Key not found. HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\SOFTWARE\Policies\Microsoft\Internet Explorer => Key not found. HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-4\SOFTWARE\Policies\Microsoft\Internet Explorer => Key not found. ==== End of Fixlog 12:55:16 ==== FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-02-2015 01 Ran by Sumsium (administrator) on SUMSISUM-PC on 13-02-2015 12:57:15 Running from C:\Users\Sumsium\Desktop Loaded Profiles: Sumsium & (Available profiles: Sumsium & Sumsisum & Gast) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\stacsv64.exe (Hewlett-Packard Company) C:\Windows\System32\hpservice.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe () C:\ProgramData\DatacardService\HWDeviceService64.exe (Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Nitro PDF Software) C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\WiselinkPro.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\http_ss_win_pro.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe () C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe (Samsung Electronics) C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe (TomTom) C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe (Nokia) C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe (Sigmatel) C:\Windows\system\w98eject.exe () C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe ( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe (Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (Samsung) C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (BlackBerry Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe (1und1 Mail und Media GmbH) C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe (ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (BlackBerry Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Nokia) C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Abelssoft) C:\Program Files (x86)\CheckDrive\CheckDriveBackgroundGuard.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe () C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (CyberLink) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated) HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [610872 2009-08-25] () HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-03-23] (IDT, Inc.) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-13] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM-x32\...\Run: [Corel File Shell Monitor] => C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe [15544 2009-08-25] () HKLM-x32\...\Run: [HPCam_Menu] => c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.) HKLM-x32\...\Run: [QlbCtrl.exe] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [322104 2009-08-20] ( Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard) HKLM-x32\...\Run: [WirelessAssistant] => C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [498744 2009-07-23] (Hewlett-Packard) HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.) HKLM-x32\...\Run: [AllShareAgent] => C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe [250768 2011-05-24] (Samsung) HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [310064 2014-05-28] (Samsung Electronics Co., Ltd.) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2015-01-09] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [443408 2014-02-07] (BlackBerry Limited) HKLM-x32\...\Run: [Magic Desktop for HP notification] => C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe [1243656 2013-12-07] (Easybits) HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-09-11] (DivX, LLC) HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2013-08-29] () HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.) HKLM-x32\...\Run: [Nikon Message Center 2] => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe [571392 2011-10-30] (Nikon Corporation) HKLM-x32\...\Run: [MailCheck IE Broker] => C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe [2135104 2014-11-17] (1und1 Mail und Media GmbH) HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\Direct3DVideoOutput.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\Direct3DVideoOutput.dll",DllRegisterServer HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DirectSoundAudioOutput.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DirectSoundAudioOutput.dll",DllRegisterServer HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DivXASPDecode.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DivXASPDecode.dll",DllRegisterServer HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DivXDeinterlaceFilter.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DivXDeinterlaceFilter.dll",DllRegisterServer HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\MP3SurroundDecode.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\MP3SurroundDecode.dll",DllRegisterServer HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DivXPlaybackModule.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DivXPlaybackModule.dll",DllRegisterServer HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXBannerAdPlugin.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXBannerAdPlugin.dll",DllRegisterServer HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXDownloadManagerPlugin.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXDownloadManagerPlugin.dll",DllRegisterServer HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll",DllRegisterServer HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXPlayerPlugin.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXPlayerPlugin.dll",DllRegisterServer HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXDFXAudioPlugin.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXDFXAudioPlugin.dll",DllRegisterServer HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DFXAudioPlugin.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DFXAudioPlugin.dll",DllRegisterServer HKU\S-1-5-21-132197110-3117043442-3119173927-1000\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2009-08-20] (Hewlett-Packard Company) HKU\S-1-5-21-132197110-3117043442-3119173927-1000\...\Run: [KiesPDLR] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [843568 2014-05-28] (Samsung) HKU\S-1-5-21-132197110-3117043442-3119173927-1000\...\Run: [KiesAirMessage] => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe [578560 2013-04-18] (Samsung Electronics) HKU\S-1-5-21-132197110-3117043442-3119173927-1000\...\Run: [MyTomTomSA.exe] => C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe [455608 2013-05-23] (TomTom) HKU\S-1-5-21-132197110-3117043442-3119173927-1000\...\Run: [NokiaSuite.exe] => C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [1092448 2014-11-19] (Nokia) HKU\S-1-5-21-132197110-3117043442-3119173927-1000\...\Policies\system: [DisableLockWorkstation] 0 HKU\S-1-5-21-132197110-3117043442-3119173927-1000\...\Policies\system: [DisableChangePassword] 0 HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2009-08-20] (Hewlett-Packard Company) HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [KiesPDLR] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [843568 2014-05-28] (Samsung) HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [KiesAirMessage] => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe [578560 2013-04-18] (Samsung Electronics) HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [MyTomTomSA.exe] => C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe [455608 2013-05-23] (TomTom) HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [NokiaSuite.exe] => C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [1092448 2014-11-19] (Nokia) HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [DisableLockWorkstation] 0 HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [DisableChangePassword] 0 HKU\S-1-5-21-132197110-3117043442-3119173927-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2009-08-20] (Hewlett-Packard Company) HKU\S-1-5-21-132197110-3117043442-3119173927-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [QuickTime Task] => "C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime HKU\S-1-5-21-132197110-3117043442-3119173927-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [AnyDVD] => C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe HKU\S-1-5-21-132197110-3117043442-3119173927-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [KiesPDLR] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [843568 2014-05-28] (Samsung) HKU\S-1-5-21-132197110-3117043442-3119173927-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [843568 2014-05-28] (Samsung) HKU\S-1-5-21-132197110-3117043442-3119173927-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [openvpntray.EXE] => C:\Users\Sumsisum\AppData\Roaming\Hotspot Shield\bin\openvpntray.EXE -nonadmin HKU\S-1-5-21-132197110-3117043442-3119173927-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Greenshot] => C:\Users\Sumsisum\AppData\Local\Greenshot\Greenshot.exe [495616 2013-12-12] (Greenshot) HKU\S-1-5-21-132197110-3117043442-3119173927-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [KiesPDLR.exe] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [843568 2014-05-28] (Samsung) HKU\S-1-5-21-132197110-3117043442-3119173927-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GoogleChromeAutoLaunch_CC7034B0FA467AF7CA332882BC1B199F] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [843592 2015-02-04] (Google Inc.) HKU\S-1-5-21-132197110-3117043442-3119173927-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [NokiaSuite.exe] => C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [1092448 2014-11-19] (Nokia) HKU\S-1-5-21-132197110-3117043442-3119173927-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [DisableLockWorkstation] 0 HKU\S-1-5-21-132197110-3117043442-3119173927-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [DisableChangePassword] 0 HKU\S-1-5-21-132197110-3117043442-3119173927-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {c8af9512-5273-11e1-86e7-d2106dcbbcc7} - G:\AutoRun.exe HKU\S-1-5-21-132197110-3117043442-3119173927-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {c8af9530-5273-11e1-86e7-d2106dcbbcc7} - G:\AutoRun.exe HKU\S-1-5-21-132197110-3117043442-3119173927-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2009-08-20] (Hewlett-Packard Company) HKU\S-1-5-21-132197110-3117043442-3119173927-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [NokiaSuite.exe] => C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [1092448 2014-11-19] (Nokia) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\w98Eject.lnk ShortcutTarget: w98Eject.lnk -> C:\Windows\system\w98eject.exe (Sigmatel) Startup: C:\Users\Sumsisum\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-132197110-3117043442-3119173927-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=BDT3&ocid=BDT3DHP&dt=072113 HKU\S-1-5-21-132197110-3117043442-3119173927-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=BDT3&ocid=BDT3DHP&dt=072113 HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-132197110-3117043442-3119173927-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.facebook.de/ HKU\S-1-5-21-132197110-3117043442-3119173927-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4 HKU\S-1-5-21-132197110-3117043442-3119173927-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = https://www.google.de/ hxxp://www.dict.cc/ HKU\S-1-5-21-132197110-3117043442-3119173927-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4 HKU\S-1-5-21-132197110-3117043442-3119173927-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.uk.msn.com/HPNOT/4 HKU\S-1-5-21-132197110-3117043442-3119173927-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4 SearchScopes: HKLM -> {230D7087-5842-4816-985C-8393ACBAC32D} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox SearchScopes: HKLM-x32 -> {230D7087-5842-4816-985C-8393ACBAC32D} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-132197110-3117043442-3119173927-1000 -> {230D7087-5842-4816-985C-8393ACBAC32D} URL = SearchScopes: HKU\S-1-5-21-132197110-3117043442-3119173927-1000 -> {56728EB4-149A-4AB9-845B-0CE539BFAF5F} URL = hxxp://go.web.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8 SearchScopes: HKU\S-1-5-21-132197110-3117043442-3119173927-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = SearchScopes: HKU\S-1-5-21-132197110-3117043442-3119173927-1000 -> {9FA66BE2-9B22-4EE4-845F-A8C2AEB43E93} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=827316&p={searchTerms} SearchScopes: HKU\S-1-5-21-132197110-3117043442-3119173927-1000 -> {A3B580D5-7A1E-47A6-8959-EDB56220911B} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8 SearchScopes: HKU\S-1-5-21-132197110-3117043442-3119173927-1000 -> {A8230883-C5FB-4BA4-B422-5AC627B247E4} URL = hxxp://go.gmx.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8 SearchScopes: HKU\S-1-5-21-132197110-3117043442-3119173927-1000 -> {B18110A6-0C60-4152-B054-7492AF998A53} URL = hxxp://go.mail.com/tb/en-us/ie_searchplugin/?q={searchTerms}&enc=UTF-8 SearchScopes: HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {230D7087-5842-4816-985C-8393ACBAC32D} URL = SearchScopes: HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {56728EB4-149A-4AB9-845B-0CE539BFAF5F} URL = hxxp://go.web.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8 SearchScopes: HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = SearchScopes: HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {9FA66BE2-9B22-4EE4-845F-A8C2AEB43E93} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=827316&p={searchTerms} SearchScopes: HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {A3B580D5-7A1E-47A6-8959-EDB56220911B} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8 SearchScopes: HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {A8230883-C5FB-4BA4-B422-5AC627B247E4} URL = hxxp://go.gmx.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8 SearchScopes: HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {B18110A6-0C60-4152-B054-7492AF998A53} URL = hxxp://go.mail.com/tb/en-us/ie_searchplugin/?q={searchTerms}&enc=UTF-8 SearchScopes: HKU\S-1-5-21-132197110-3117043442-3119173927-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {230D7087-5842-4816-985C-8393ACBAC32D} URL = SearchScopes: HKU\S-1-5-21-132197110-3117043442-3119173927-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {23E77356-E10E-46C5-AA24-2D9B7C1FB216} URL = hxxp://go.web.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8 SearchScopes: HKU\S-1-5-21-132197110-3117043442-3119173927-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {675FE16E-301D-44E6-8F1F-1D552559A19E} URL = hxxp://go.gmx.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8 SearchScopes: HKU\S-1-5-21-132197110-3117043442-3119173927-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = SearchScopes: HKU\S-1-5-21-132197110-3117043442-3119173927-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {D045F1E8-885E-482D-8207-5DD49111C39E} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8 SearchScopes: HKU\S-1-5-21-132197110-3117043442-3119173927-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {E9A1BA5E-CB6A-4F07-AD0F-DA446D7AD36B} URL = hxxp://go.mail.com/tb/en-us/ie_searchplugin/?q={searchTerms}&enc=UTF-8 SearchScopes: HKU\S-1-5-21-132197110-3117043442-3119173927-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.) BHO: WEB.DE MailCheck BHO -> {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} -> C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.) BHO-x32: WEB.DE MailCheck BHO -> {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} -> C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKU\S-1-5-21-132197110-3117043442-3119173927-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File Toolbar: HKU\S-1-5-21-132197110-3117043442-3119173927-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {C424171E-592A-415A-9EB1-DFD6D95D3530} - No File DPF: HKLM-x32 {1ABA5FAC-1417-422B-BA82-45C35E2C908B} hxxp://kitchenplanner.ikea.com/DE/Core/Player/2020PlayerAX_IKEA_Win32.cab DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.2.cab Handler: webde - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH) Handler-x32: webde - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH) Tcpip\Parameters: [DhcpNameServer] 192.168.0.2 Tcpip\..\Interfaces\{2DD74BF9-228A-47CA-9F74-06C1515BF58C}: [NameServer] 139.7.30.125 139.7.30.126 FireFox: ======== FF ProfilePath: C:\Users\Sumsium\AppData\Roaming\Mozilla\Firefox\Profiles\h8p7mo5w.default FF SelectedSearchEngine: Google FF Keyword.URL: hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=827316&p= FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC) FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @innoplus.de/ino3DViewer -> C:\Program Files (x86)\innoplus\3D-Viewer-innoPlus\npIno3DViewer.dll (INNOVA-engineering GmbH Dresden) FF Plugin-x32: @java.com/DTPlugin,version=10.9.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.9.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @nokia.com/EnablerPlugin -> C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( ) FF Plugin-x32: @pack.google.com/Google Updater;version=14 -> C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll () FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin-x32: NitroPDF -> C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll ( ) FF Plugin-x32: PDF Architect 2 -> C:\Program Files (x86)\PDF Architect 2\np-previewer.dll (pdfforge GmbH) FF Plugin HKU\S-1-5-21-132197110-3117043442-3119173927-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @Google.com/GoogleEarthPlugin -> C:\Users\Sumsisum\AppData\Local\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Extension: Download videos and MP3s from YouTube - C:\Users\Sumsium\AppData\Roaming\Mozilla\Firefox\Profiles\h8p7mo5w.default\Extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900} [2014-11-12] FF Extension: NoScript - C:\Users\Sumsium\AppData\Roaming\Mozilla\Firefox\Profiles\h8p7mo5w.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012-03-04] FF Extension: Adblock Plus - C:\Users\Sumsium\AppData\Roaming\Mozilla\Firefox\Profiles\h8p7mo5w.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-10-21] FF HKU\S-1-5-21-132197110-3117043442-3119173927-1000\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-11-12] FF HKU\S-1-5-21-132197110-3117043442-3119173927-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff Chrome: ======= CHR HomePage: Default -> hxxp://www.google.com/ CHR StartupUrls: Default -> "hxxp://www.google.com/" CHR Profile: C:\Users\Sumsium\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Sumsium\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-04] CHR Extension: (YouTube) - C:\Users\Sumsium\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-01] CHR Extension: (Adblock Plus) - C:\Users\Sumsium\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-03-01] CHR Extension: (Hide My Ass! Web Proxy) - C:\Users\Sumsium\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmgnmcnlncejehjlnhaglpnoolgbflbd [2014-06-13] CHR Extension: (Google-Suche) - C:\Users\Sumsium\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-01] CHR Extension: (Avira Browserschutz) - C:\Users\Sumsium\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-06-13] CHR Extension: (ScriptBlock) - C:\Users\Sumsium\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcdjknjpbnhdoabbngpmfekaecnpajba [2015-02-06] CHR Extension: (Google Wallet) - C:\Users\Sumsium\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-01] CHR Extension: (Google Mail) - C:\Users\Sumsium\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-01] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.) R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation) R2 AntiVirFirewallService; C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe [1044784 2014-11-25] (Avira Operations GmbH & Co. KG) R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [807672 2015-01-09] (Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2015-01-09] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2015-01-09] (Avira Operations GmbH & Co. KG) R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [993584 2015-01-09] (Avira Operations GmbH & Co. KG) R3 BlackBerry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [585728 2014-01-21] (BlackBerry Limited) [File not signed] R2 ezSharedSvc; C:\Windows\SysWOW64\ezsvc7.dll [129584 2009-02-22] (EasyBits Sofware AS) [File not signed] R2 HP Health Check Service; C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [120832 2009-10-15] (Hewlett-Packard) [File not signed] R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] () R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-08-20] (Hewlett-Packard Company) [File not signed] R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) R2 NitroReaderDriverReadSpool2; C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe [341296 2011-06-21] (Nitro PDF Software) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-13] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-13] (NVIDIA Corporation) S3 PDF Architect 2; C:\Program Files (x86)\PDF Architect 2\ws.exe [1716264 2014-04-30] (pdfforge GmbH) S3 pdfforge CrashHandler; C:\Program Files (x86)\PDF Architect 2\crash-handler-ws.exe [861736 2014-04-30] (pdfforge GmbH) R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-07-06] () R2 SamsungAllShare; C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\WiselinkPro.exe [7237024 2011-05-24] () R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe [247808 2010-03-23] (IDT, Inc.) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R3 avfwim; C:\Windows\System32\DRIVERS\avfwim.sys [114608 2013-02-12] (Avira GmbH) R1 avfwot; C:\Windows\System32\DRIVERS\avfwot.sys [141376 2013-02-12] (Avira GmbH) R1 avfwot; C:\Windows\SysWOW64\DRIVERS\avfwot.sys [131336 2011-06-30] (Avira GmbH) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-01] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-01] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG) R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [43064 2014-10-01] (Avira Operations GmbH & Co. KG) S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-04-18] () [File not signed] R3 GEARAspiWDM; C:\Windows\SysWOW64\DRIVERS\GEARAspiWDM.sys [15664 2011-11-19] (GEAR Software Inc.) S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [212992 2012-02-13] (Huawei Technologies Co., Ltd.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-13] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-13] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation) S3 OV550I; C:\Windows\System32\Drivers\ov550ivx.sys [196992 2008-02-21] (Omnivision Technologies, Inc.) S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [79872 2013-12-02] (BlackBerry Limited) R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd) S3 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp.sys [145360 2010-02-12] (Sun Microsystems, Inc.) S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 dgderdrv; System32\drivers\dgderdrv.sys [X] S3 DlinkUDSMBus; SysWOW64\Drivers\DlinkUDSMBus.sys [X] S3 lvpepf64; system32\DRIVERS\lv302a64.sys [X] S3 LVPr2M64; system32\DRIVERS\LVPr2M64.sys [X] S3 LVRS64; system32\DRIVERS\lvrs64.sys [X] S3 PID_PEPI; system32\DRIVERS\LV302V64.SYS [X] S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X] S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-11 18:23 - 2015-02-11 18:23 - 00001007 _____ () C:\Users\Sumsium\Desktop\ESET_2015-02-11.txt 2015-02-11 12:28 - 2015-02-04 04:16 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2015-02-11 12:28 - 2015-02-04 04:16 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2015-02-11 12:28 - 2015-02-04 04:16 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2015-02-11 12:28 - 2015-02-04 04:16 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2015-02-11 12:28 - 2015-02-04 04:16 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2015-02-11 12:28 - 2015-02-04 04:16 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll 2015-02-11 12:28 - 2015-02-04 04:13 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2015-02-11 12:28 - 2015-01-28 00:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe 2015-02-11 12:28 - 2015-01-10 07:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2015-02-11 12:28 - 2015-01-10 07:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-02-11 12:28 - 2015-01-10 07:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2015-02-11 12:28 - 2015-01-10 07:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2015-02-11 12:28 - 2015-01-10 07:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2015-02-11 12:28 - 2015-01-10 07:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2015-02-11 12:28 - 2015-01-10 07:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2015-02-11 12:28 - 2015-01-10 07:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2015-02-11 12:28 - 2015-01-10 07:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2015-02-11 12:28 - 2015-01-10 07:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2015-02-11 12:28 - 2015-01-10 07:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2015-02-11 12:28 - 2015-01-10 07:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2015-02-11 12:28 - 2015-01-10 07:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2015-02-11 12:28 - 2015-01-10 07:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2015-02-11 12:27 - 2015-01-15 09:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2015-02-11 12:27 - 2015-01-15 09:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2015-02-11 12:27 - 2015-01-15 09:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2015-02-11 12:27 - 2015-01-15 09:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2015-02-11 12:27 - 2015-01-15 09:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2015-02-11 12:27 - 2015-01-15 09:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2015-02-11 12:27 - 2015-01-15 09:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2015-02-11 12:27 - 2015-01-15 09:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2015-02-11 12:27 - 2015-01-15 09:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2015-02-11 12:27 - 2015-01-15 09:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2015-02-11 12:27 - 2015-01-15 09:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2015-02-11 12:27 - 2015-01-15 08:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2015-02-11 12:27 - 2015-01-15 08:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2015-02-11 12:27 - 2015-01-15 08:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2015-02-11 12:27 - 2015-01-15 08:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2015-02-11 12:27 - 2015-01-15 08:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2015-02-11 12:27 - 2015-01-15 08:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2015-02-11 12:27 - 2015-01-15 05:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2015-02-11 12:27 - 2015-01-14 07:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-02-11 12:27 - 2015-01-14 07:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-02-11 12:27 - 2015-01-14 07:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-02-11 12:27 - 2015-01-14 07:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-02-11 12:27 - 2015-01-14 06:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-02-11 12:27 - 2015-01-14 06:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-02-11 12:27 - 2015-01-14 06:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-02-11 12:27 - 2015-01-14 06:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-02-11 12:27 - 2015-01-14 06:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2015-02-11 12:27 - 2015-01-13 04:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2015-02-11 12:27 - 2015-01-13 03:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2015-02-11 12:27 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-02-11 12:27 - 2015-01-12 04:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-02-11 12:27 - 2015-01-12 04:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2015-02-11 12:27 - 2015-01-12 03:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2015-02-11 12:27 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-02-11 12:27 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-02-11 12:27 - 2015-01-12 03:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2015-02-11 12:27 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-02-11 12:27 - 2015-01-12 03:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-02-11 12:27 - 2015-01-12 03:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2015-02-11 12:27 - 2015-01-12 03:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-02-11 12:27 - 2015-01-12 03:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-02-11 12:27 - 2015-01-12 03:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2015-02-11 12:27 - 2015-01-12 03:33 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2015-02-11 12:27 - 2015-01-12 03:32 - 06041088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-02-11 12:27 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-02-11 12:27 - 2015-01-12 03:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2015-02-11 12:27 - 2015-01-12 03:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2015-02-11 12:27 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-02-11 12:27 - 2015-01-12 03:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2015-02-11 12:27 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-02-11 12:27 - 2015-01-12 03:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-02-11 12:27 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-02-11 12:27 - 2015-01-12 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2015-02-11 12:27 - 2015-01-12 03:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2015-02-11 12:27 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2015-02-11 12:27 - 2015-01-12 03:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-02-11 12:27 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-02-11 12:27 - 2015-01-12 03:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2015-02-11 12:27 - 2015-01-12 02:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2015-02-11 12:27 - 2015-01-12 02:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2015-02-11 12:27 - 2015-01-12 02:55 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2015-02-11 12:27 - 2015-01-12 02:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2015-02-11 12:27 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-02-11 12:27 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-02-11 12:27 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-02-11 12:27 - 2015-01-12 02:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2015-02-11 12:27 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2015-02-11 12:27 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-02-11 12:27 - 2015-01-12 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2015-02-11 12:27 - 2015-01-12 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2015-02-11 12:27 - 2015-01-12 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2015-02-11 12:27 - 2015-01-12 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2015-02-11 12:27 - 2015-01-12 02:29 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-02-11 12:27 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-02-11 12:27 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-02-11 12:27 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-02-11 12:27 - 2015-01-12 02:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2015-02-11 12:27 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-02-11 12:27 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-02-11 12:27 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-02-11 12:27 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-02-11 12:27 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-02-11 12:27 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2015-02-11 12:27 - 2014-12-12 06:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2015-02-11 12:27 - 2014-12-12 06:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2015-02-11 12:27 - 2014-12-08 04:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll 2015-02-11 12:27 - 2014-12-08 03:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll 2015-02-11 12:27 - 2014-11-26 04:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll 2015-02-11 12:27 - 2014-11-26 04:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll 2015-02-11 12:27 - 2014-07-07 03:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll 2015-02-11 12:27 - 2014-07-07 03:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll 2015-02-11 12:27 - 2014-07-07 02:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll 2015-02-11 12:27 - 2014-07-07 02:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2015-02-11 12:26 - 2015-01-09 03:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-02-10 17:40 - 2015-02-10 17:40 - 02347384 _____ (ESET) C:\Users\Sumsium\Downloads\esetsmartinstaller_deu.exe 2015-02-10 17:25 - 2015-02-11 18:28 - 00000000 ____D () C:\Users\Sumsium\Desktop\FRST-OlderVersion 2015-02-08 21:32 - 2015-02-08 21:32 - 00033999 _____ () C:\Users\Sumsium\Desktop\08022015.txt 2015-02-08 19:02 - 2015-02-08 19:02 - 00033999 _____ () C:\ComboFix.txt 2015-02-08 18:42 - 2015-02-08 18:42 - 05609947 ____R (Swearware) C:\Users\Sumsium\Desktop\ComboFix.exe 2015-02-07 15:17 - 2015-02-11 18:28 - 02134016 _____ (Farbar) C:\Users\Sumsium\Desktop\FRST64.exe 2015-02-06 20:15 - 2015-02-06 20:15 - 00060042 _____ () C:\Users\Sumsium\Desktop\FRST_06022015.txt 2015-02-06 20:15 - 2015-02-06 20:15 - 00050179 _____ () C:\Users\Sumsium\Desktop\Addition_06022015.txt 2015-02-06 19:58 - 2015-02-06 19:58 - 00001209 _____ () C:\Users\Sumsium\Desktop\MWB_06.02.2015.txt 2015-02-06 19:11 - 2015-02-13 12:49 - 00000986 _____ () C:\Windows\Tasks\Google Software Updater.job 2015-02-06 19:11 - 2015-02-06 19:11 - 00003536 _____ () C:\Windows\System32\Tasks\Google Software Updater 2015-02-06 18:59 - 2015-02-06 18:59 - 02112512 _____ () C:\Users\Sumsium\Downloads\AdwCleaner_4.110.exe 2015-02-05 21:08 - 2015-02-05 21:08 - 00060051 _____ () C:\Users\Sumsium\Desktop\FRST_05.02.2015.txt 2015-02-05 21:08 - 2015-02-05 21:08 - 00049146 _____ () C:\Users\Sumsium\Desktop\Addition_05.02.2015.txt 2015-02-05 21:06 - 2015-02-07 15:20 - 00064689 _____ () C:\Users\Sumsium\Downloads\FRST.txt 2015-02-05 21:06 - 2015-02-06 20:02 - 00050179 _____ () C:\Users\Sumsium\Downloads\Addition.txt 2015-02-05 21:01 - 2015-02-05 21:01 - 00034595 _____ () C:\Users\Sumsium\Desktop\Combo_05022015.txt 2015-02-05 20:36 - 2015-02-08 19:02 - 00000000 ____D () C:\Qoobox 2015-02-05 20:36 - 2015-02-05 20:51 - 00000000 ____D () C:\Windows\erdnt 2015-02-05 20:36 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe 2015-02-05 20:36 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe 2015-02-05 20:36 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2015-02-05 20:36 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2015-02-05 20:36 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2015-02-05 20:36 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe 2015-02-05 20:36 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe 2015-02-05 20:36 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe 2015-02-04 22:04 - 2015-02-04 22:05 - 00051768 _____ () C:\Users\Sumsium\Desktop\Addition.txt 2015-02-04 22:03 - 2015-02-13 12:57 - 00041256 _____ () C:\Users\Sumsium\Desktop\FRST.txt 2015-02-04 22:03 - 2015-02-13 12:57 - 00000000 ____D () C:\FRST 2015-02-04 22:03 - 2015-02-04 22:03 - 02131968 _____ (Farbar) C:\Users\Sumsium\Downloads\FRST64.exe 2015-02-04 21:39 - 2015-02-04 21:39 - 00001596 _____ () C:\Users\Sumsium\Desktop\MWB_04.02.2015.txt 2015-02-04 20:56 - 2015-02-13 12:50 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-02-04 20:56 - 2015-02-04 20:56 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-02-04 20:56 - 2015-02-04 20:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-02-04 20:56 - 2015-02-04 20:56 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-02-04 20:56 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-02-04 20:56 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-02-04 20:35 - 2015-02-04 20:35 - 02194432 _____ () C:\Users\Sumsium\Downloads\AdwCleaner09.exe 2015-02-04 20:31 - 2015-02-04 20:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WEB.DE MailCheck 2015-02-04 20:31 - 2015-02-04 20:31 - 00000000 ____D () C:\Program Files\WEB.DE MailCheck 2015-02-04 20:31 - 2015-02-04 20:31 - 00000000 ____D () C:\Program Files (x86)\WEB.DE MailCheck 2015-02-02 18:10 - 2015-02-02 18:11 - 00000000 ____D () C:\Users\Sumsisum\AppData\Local\{BCB7DE81-8D52-4792-B5AF-BEB777D12830} 2015-02-01 17:50 - 2015-02-01 17:50 - 00000000 ____D () C:\Users\Sumsisum\AppData\Local\{2EBA8608-3E96-4F27-92D9-C942EDED9FF6} 2015-01-31 18:50 - 2015-01-31 18:51 - 00000000 ____D () C:\Users\Sumsisum\AppData\Local\{BA1C8A95-E08D-458F-BFBB-3D4399D73349} 2015-01-28 19:44 - 2015-01-28 19:44 - 49464479 _____ () C:\Users\Sumsisum\Downloads\Sky_go_v.1.1.apk 2015-01-28 19:24 - 2015-01-28 19:27 - 00000000 ____D () C:\Users\Sumsisum\Desktop\kindle 2015-01-27 18:56 - 2015-01-27 18:56 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-01-26 18:42 - 2015-01-26 18:42 - 00003882 _____ () C:\Windows\System32\Tasks\Registration 1und1 Task 2015-01-26 18:42 - 2015-01-26 18:42 - 00000000 ____D () C:\ProgramData\UUdb 2015-01-26 11:02 - 2015-01-26 11:02 - 00022720 _____ () C:\Users\Sumsisum\KontakteNokia.7z 2015-01-26 10:57 - 2015-01-26 10:58 - 00000000 ____D () C:\Users\Sumsisum\KontakteNokia 2015-01-26 10:40 - 2015-01-26 10:52 - 00000000 ____D () C:\Users\Sumsium\KontakteNokia 2015-01-26 09:33 - 2015-01-26 09:33 - 00000000 ____D () C:\Users\Sumsium\AppData\Roaming\Windows Live Writer 2015-01-26 09:33 - 2015-01-26 09:33 - 00000000 ____D () C:\Users\Sumsium\AppData\Local\Windows Live Writer 2015-01-26 09:33 - 2015-01-26 09:33 - 00000000 ____D () C:\Users\Sumsium\AppData\Local\{8FFF0D90-6E4F-4354-8769-B7908F254471} 2015-01-26 09:33 - 2015-01-26 09:33 - 00000000 ____D () C:\Users\Sumsium\AppData\Local\{74770D46-27FE-443A-B9EF-4A06FDF3873F} 2015-01-26 08:33 - 2015-01-26 08:33 - 00000000 ____D () C:\Users\Sumsium\AppData\Roaming\Nokia Suite 2015-01-26 08:33 - 2015-01-26 08:33 - 00000000 ____D () C:\Users\Sumsium\AppData\Roaming\Nokia 2015-01-26 08:30 - 2015-01-26 08:30 - 00000000 __SHD () C:\Users\Sumsium\AppData\Local\EmieBrowserModeList 2015-01-26 08:26 - 2015-02-08 11:24 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7 2015-01-26 08:24 - 2015-01-26 08:24 - 00000000 ____D () C:\Users\Sumsium\AppData\Local\Apple Computer 2015-01-25 10:59 - 2015-01-25 10:59 - 00000000 ____D () C:\Users\Sumsisum\Desktop\Sigi Geburtstag 2015-01-23 20:58 - 2015-01-23 20:58 - 02470949 _____ () C:\Users\Sumsisum\Downloads\HollywoodTowers.mp4 2015-01-23 20:55 - 2015-01-23 20:55 - 02842206 _____ () C:\Users\Sumsisum\Downloads\SevenDwarfs.mp4 2015-01-23 19:23 - 2015-01-23 19:23 - 00000000 ____D () C:\Users\Gast\AppData\Local\Apple Computer 2015-01-23 19:23 - 2015-01-23 19:23 - 00000000 ____D () C:\ProgramData\Apple Computer 2015-01-23 19:23 - 2012-10-03 16:14 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys 2015-01-23 19:22 - 2015-02-08 11:23 - 00000000 ____D () C:\Program Files\Common Files\Apple 2015-01-23 19:21 - 2015-01-23 19:21 - 00000000 ____D () C:\Program Files\Bonjour 2015-01-23 19:21 - 2015-01-23 19:21 - 00000000 ____D () C:\Program Files (x86)\Bonjour 2015-01-23 19:20 - 2015-01-23 19:20 - 122418480 _____ (Apple Inc.) C:\Users\Gast\Downloads\iTunes64Setup.exe 2015-01-23 19:17 - 2015-01-23 19:17 - 00002247 _____ () C:\Users\Gast\Desktop\Google Chrome.lnk 2015-01-23 19:17 - 2015-01-23 19:17 - 00000000 ____D () C:\Users\Gast\AppData\Local\Google 2015-01-23 19:14 - 2015-01-23 19:14 - 00001270 _____ () C:\Users\Gast\Desktop\Kontakte - Verknüpfung.lnk 2015-01-23 19:09 - 2015-01-26 07:56 - 00000000 ____D () C:\Users\Gast\AppData\Roaming\Nokia 2015-01-23 19:09 - 2015-01-23 19:09 - 00000000 ____D () C:\Users\Gast\AppData\Roaming\Nokia Suite 2015-01-23 19:08 - 2015-01-26 07:52 - 00000000 ____D () C:\Users\Gast\AppData\Roaming\PC Suite 2015-01-23 19:08 - 2015-01-23 19:08 - 00000000 ____D () C:\Users\Gast\AppData\Local\Nokia 2015-01-23 11:57 - 2015-01-23 11:57 - 00002089 _____ () C:\Users\Public\Desktop\Nokia Suite.lnk 2015-01-23 11:57 - 2015-01-23 11:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nokia 2015-01-23 11:57 - 2015-01-23 11:57 - 00000000 ____D () C:\Program Files (x86)\PC Connectivity Solution 2015-01-23 11:57 - 2012-10-17 14:53 - 00026112 _____ (Nokia) C:\Windows\system32\Drivers\pccsmcfdx64.sys 2015-01-23 11:27 - 2015-01-23 11:27 - 01191200 _____ () C:\Users\Sumsisum\Downloads\Nokia Suite - CHIP-Installer.exe 2015-01-23 11:03 - 2014-12-11 18:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe 2015-01-21 17:25 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll 2015-01-21 17:25 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys 2015-01-21 17:25 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll 2015-01-21 17:25 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll 2015-01-21 17:25 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-13 12:49 - 2012-03-29 14:54 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-02-13 12:49 - 2010-05-23 14:32 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-02-13 12:49 - 2010-05-23 14:32 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-02-12 21:55 - 2010-03-12 01:19 - 01989130 _____ () C:\Windows\WindowsUpdate.log 2015-02-12 21:05 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache 2015-02-12 20:08 - 2009-07-14 05:45 - 00026192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-02-12 20:08 - 2009-07-14 05:45 - 00026192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-02-12 20:01 - 2011-05-04 16:32 - 00330778 _____ () C:\Windows\SysWOW64\http_ss.log 2015-02-12 20:01 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-02-12 20:01 - 2009-07-14 05:51 - 00210401 _____ () C:\Windows\setupact.log 2015-02-12 20:01 - 2009-07-14 05:45 - 00534272 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-02-12 20:00 - 2010-03-12 01:22 - 00666316 _____ () C:\Windows\PFRO.log 2015-02-12 19:58 - 2014-12-12 09:51 - 00000000 ____D () C:\Windows\system32\appraiser 2015-02-12 19:58 - 2014-05-07 09:15 - 00000000 ___SD () C:\Windows\system32\CompatTel 2015-02-12 19:38 - 2010-01-08 22:24 - 00000000 ____D () C:\ProgramData\Microsoft Help 2015-02-12 19:34 - 2013-07-21 11:26 - 00000000 ____D () C:\Windows\system32\MRT 2015-02-12 19:11 - 2010-11-19 20:38 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-02-08 18:59 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini 2015-02-08 11:18 - 2010-05-23 14:32 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-02-08 11:18 - 2010-05-23 14:32 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2015-02-07 15:16 - 2012-03-29 14:54 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-02-07 15:15 - 2012-03-29 14:54 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-02-07 15:15 - 2011-06-21 17:20 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-02-06 19:02 - 2013-11-30 08:58 - 00000000 ____D () C:\AdwCleaner 2015-02-05 20:52 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default 2015-02-04 20:56 - 2013-06-20 19:24 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware 2015-02-04 20:56 - 2012-03-04 12:38 - 00000000 ____D () C:\Users\Sumsium\AppData\Roaming\Malwarebytes 2015-02-04 20:56 - 2012-03-04 12:38 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-02-04 20:21 - 2012-09-24 10:34 - 00003954 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{61CDC14D-922F-48FB-A877-B41883A6DD8B} 2015-02-01 17:47 - 2014-08-27 19:26 - 00000000 ____D () C:\Users\Sumsisum\Documents\Wohnung 2015-01-31 18:51 - 2012-01-06 23:04 - 00000000 ____D () C:\Users\Sumsisum\AppData\Local\Windows Live 2015-01-31 12:38 - 2012-06-10 08:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-01-30 23:07 - 2010-01-09 06:07 - 09650414 _____ () C:\Windows\system32\perfh007.dat 2015-01-30 23:07 - 2010-01-09 06:07 - 03042540 _____ () C:\Windows\system32\perfc007.dat 2015-01-30 23:07 - 2009-07-14 06:13 - 00006504 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-01-26 18:42 - 2014-03-22 16:32 - 00000000 ____D () C:\Program Files (x86)\1und1Softwareaktualisierung 2015-01-26 11:02 - 2010-05-18 14:50 - 00000000 ____D () C:\Users\Sumsisum 2015-01-26 10:58 - 2012-07-21 18:33 - 00000000 ____D () C:\Users\Sumsisum\Documents\Rezepte 2015-01-26 10:40 - 2010-05-18 09:40 - 00000000 ____D () C:\Users\Sumsium 2015-01-26 09:33 - 2012-01-06 21:17 - 00000000 ____D () C:\Users\Sumsium\AppData\Local\Windows Live 2015-01-26 08:38 - 2012-01-07 23:18 - 00000000 ____D () C:\Users\Sumsium\AppData\Roaming\Apple Computer 2015-01-26 08:33 - 2012-10-23 18:23 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2015-01-26 08:32 - 2010-11-01 09:38 - 00000000 ____D () C:\Users\Sumsium\AppData\Roaming\PC Suite 2015-01-26 08:06 - 2014-01-21 19:59 - 00000000 ____D () C:\Users\Gast\AppData\Roaming\Apple Computer 2015-01-23 19:21 - 2011-10-31 21:11 - 00000000 ____D () C:\ProgramData\Apple 2015-01-23 12:02 - 2010-09-25 10:22 - 00000000 ____D () C:\Users\Sumsisum\AppData\Local\Nokia 2015-01-23 11:58 - 2010-09-24 19:14 - 00000000 ____D () C:\ProgramData\Nokia 2015-01-23 11:58 - 2010-09-22 10:45 - 00000000 ____D () C:\Users\Sumsium\AppData\Local\Nokia 2015-01-23 11:57 - 2010-09-22 10:41 - 00000000 ____D () C:\Program Files (x86)\Nokia 2015-01-23 11:57 - 2010-03-12 01:17 - 00109498 _____ () C:\Windows\DPINST.LOG 2015-01-14 17:52 - 2009-07-14 06:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT ==================== Files in the root of some directories ======= 2014-03-01 14:44 - 2014-03-01 14:44 - 0000268 ___RH () C:\Users\Sumsium\AppData\Roaming\Breath Pad 2014-03-01 14:44 - 2014-03-01 14:44 - 0000268 ___RH () C:\Users\Sumsium\AppData\Roaming\Bubble Noise 2013-06-29 16:22 - 2013-06-29 16:42 - 0000077 _____ () C:\Users\Sumsium\AppData\Roaming\Rim.Desktop.Exception.log 2011-03-12 16:59 - 2013-06-29 16:20 - 0003174 _____ () C:\Users\Sumsium\AppData\Roaming\Rim.Desktop.HttpServerSetup.log 2013-06-29 16:22 - 2013-06-29 16:42 - 0000077 _____ () C:\Users\Sumsium\AppData\Roaming\Rim.DesktopHelper.Exception.log 2011-01-08 21:13 - 2011-01-08 21:13 - 0000000 _____ () C:\Users\Sumsium\AppData\Local\AtStart.txt 2011-01-08 21:13 - 2011-01-08 21:13 - 0000000 _____ () C:\Users\Sumsium\AppData\Local\DSwitch.txt 2011-01-08 21:13 - 2011-01-08 21:13 - 0000000 _____ () C:\Users\Sumsium\AppData\Local\QSwitch.txt 2012-01-19 18:19 - 2013-06-22 13:19 - 0007610 _____ () C:\Users\Sumsium\AppData\Local\Resmon.ResmonCfg 2010-12-05 13:30 - 2010-12-28 20:25 - 0000080 ___SH () C:\ProgramData\.zreglib 2014-03-01 14:44 - 2014-03-01 14:44 - 0000268 ___RH () C:\ProgramData\Caches 2014-03-01 14:44 - 2014-03-01 14:44 - 0000268 ___RH () C:\ProgramData\CIOSupport 2014-03-01 14:44 - 2014-03-01 14:44 - 0000012 ___RH () C:\ProgramData\ColorSync 2014-03-01 14:44 - 2014-03-01 14:44 - 0000012 ___RH () C:\ProgramData\Command Line Utility 2010-05-18 09:45 - 2010-11-19 20:38 - 0000188 _____ () C:\ProgramData\HPWALog.txt 2014-05-01 11:17 - 2014-05-01 11:18 - 0000848 ___SH () C:\ProgramData\KGyGaAvL.sys 2014-03-01 14:44 - 2014-03-01 14:44 - 0000020 ____H () C:\ProgramData\PKP_DLet.DAT 2014-03-01 14:44 - 2014-03-01 14:44 - 0000020 ____H () C:\ProgramData\PKP_DLev.DAT 2010-03-12 01:43 - 2010-03-12 01:43 - 0000032 _____ () C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log 2010-01-08 23:23 - 2010-01-08 23:23 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log 2010-03-12 01:42 - 2010-03-12 01:42 - 0000032 _____ () C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log 2010-01-08 23:19 - 2010-01-08 23:20 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log 2010-03-12 01:42 - 2010-03-12 01:42 - 0000032 _____ () C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log 2010-03-12 01:43 - 2010-03-12 01:43 - 0000032 _____ () C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log 2010-01-08 23:19 - 2010-01-08 23:19 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log 2010-01-08 23:20 - 2010-01-08 23:23 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log 2010-03-12 01:43 - 2010-03-12 01:43 - 0000105 _____ () C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log Some content of TEMP: ==================== C:\Users\Sumsium\AppData\Local\Temp\avgnt.exe C:\Users\Sumsium\AppData\Local\Temp\NOSEventMessages.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-02-05 21:32 ==================== End Of Log ============================ --- --- --- --- --- --- ... also die Ironie geht nicht an mir vorbei. Ein Antivirenprogramm, welches mit eigener Malware arbeitet *lol* |
20.02.2015, 11:33 | #20 |
| Fund bei Malwarebytes: OpenCandy und Spigot Hallo Sandra, Sind wir durch, oder sind noch Tätigkeiten notwendig? Viele Grüße Sabine |
21.02.2015, 01:58 | #21 |
Ruhe in Frieden † 2019 | Fund bei Malwarebytes: OpenCandy und Spigot Hallo Sabine, irgendetwas setzt immer wieder neue Beschränkungen im Internet Explorer. Ist das gewollt?
__________________ --> Fund bei Malwarebytes: OpenCandy und Spigot |
22.02.2015, 12:56 | #22 |
| Fund bei Malwarebytes: OpenCandy und Spigot Hallo Sandra, habe eigentlich nur die Add Ons mit Flash Player auf Click to Play gesetzt. Beim IE bin ich mir nicht mehr sicher ob ich das auch gemacht habe, da ich selten mit IE surfe. Ist es das? |
22.02.2015, 23:47 | #23 |
Ruhe in Frieden † 2019 | Fund bei Malwarebytes: OpenCandy und Spigot Hallo Sabine, Kannst du den dann bitte einmal komplett zurücksetzen und dann ein neues Log mit FRST machen? Schritt 1 Setze folgendermassen den Internet Explorer zurück:
Schritt 2 Starte noch einmal FRST.
|
23.02.2015, 18:39 | #24 |
| Fund bei Malwarebytes: OpenCandy und Spigot Hallo Sandra, hier der Report FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-02-2015 Ran by Sumsium (administrator) on SUMSISUM-PC on 23-02-2015 18:36:43 Running from C:\Users\Sumsium\Desktop Loaded Profiles: Sumsium (Available profiles: Sumsium & Sumsisum & Gast) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\stacsv64.exe (Hewlett-Packard Company) C:\Windows\System32\hpservice.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe () C:\ProgramData\DatacardService\HWDeviceService64.exe (Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Microsoft Corporation) C:\Windows\System32\msiexec.exe (Nitro PDF Software) C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\WiselinkPro.exe () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\http_ss_win_pro.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Abelssoft) C:\Program Files (x86)\CheckDrive\CheckDriveBackgroundGuard.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe (Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (CyberLink) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe () C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe (Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Samsung Electronics) C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe (TomTom) C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe (Nokia) C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe (Sigmatel) C:\Windows\system\w98eject.exe () C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe ( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe (Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (Samsung) C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (BlackBerry Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (BlackBerry Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe (Nikon Corporation) C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe (1und1 Mail und Media GmbH) C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe (ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac (Nokia) C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe () C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe (Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated) HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [610872 2009-08-25] () HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-03-23] (IDT, Inc.) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-13] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM-x32\...\Run: [Corel File Shell Monitor] => C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe [15544 2009-08-25] () HKLM-x32\...\Run: [HPCam_Menu] => c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.) HKLM-x32\...\Run: [QlbCtrl.exe] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [322104 2009-08-20] ( Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard) HKLM-x32\...\Run: [WirelessAssistant] => C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [498744 2009-07-23] (Hewlett-Packard) HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.) HKLM-x32\...\Run: [AllShareAgent] => C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe [250768 2011-05-24] (Samsung) HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [310064 2014-05-28] (Samsung Electronics Co., Ltd.) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2015-01-09] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [443408 2014-02-07] (BlackBerry Limited) HKLM-x32\...\Run: [Magic Desktop for HP notification] => C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe [1243656 2013-12-07] (Easybits) HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-09-11] (DivX, LLC) HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2013-08-29] () HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.) HKLM-x32\...\Run: [Nikon Message Center 2] => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe [571392 2011-10-30] (Nikon Corporation) HKLM-x32\...\Run: [MailCheck IE Broker] => C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe [2135104 2014-11-17] (1und1 Mail und Media GmbH) HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\Direct3DVideoOutput.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\Direct3DVideoOutput.dll",DllRegisterServer HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DirectSoundAudioOutput.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DirectSoundAudioOutput.dll",DllRegisterServer HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DivXASPDecode.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DivXASPDecode.dll",DllRegisterServer HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DivXDeinterlaceFilter.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DivXDeinterlaceFilter.dll",DllRegisterServer HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\MP3SurroundDecode.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\MP3SurroundDecode.dll",DllRegisterServer HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DivXPlaybackModule.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DivXPlaybackModule.dll",DllRegisterServer HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXBannerAdPlugin.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXBannerAdPlugin.dll",DllRegisterServer HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXDownloadManagerPlugin.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXDownloadManagerPlugin.dll",DllRegisterServer HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll",DllRegisterServer HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXPlayerPlugin.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXPlayerPlugin.dll",DllRegisterServer HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXDFXAudioPlugin.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXDFXAudioPlugin.dll",DllRegisterServer HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DFXAudioPlugin.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DFXAudioPlugin.dll",DllRegisterServer HKU\S-1-5-21-132197110-3117043442-3119173927-1000\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2009-08-20] (Hewlett-Packard Company) HKU\S-1-5-21-132197110-3117043442-3119173927-1000\...\Run: [KiesPDLR] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [843568 2014-05-28] (Samsung) HKU\S-1-5-21-132197110-3117043442-3119173927-1000\...\Run: [KiesAirMessage] => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe [578560 2013-04-18] (Samsung Electronics) HKU\S-1-5-21-132197110-3117043442-3119173927-1000\...\Run: [MyTomTomSA.exe] => C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe [455608 2013-05-23] (TomTom) HKU\S-1-5-21-132197110-3117043442-3119173927-1000\...\Run: [NokiaSuite.exe] => C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [1092448 2014-11-19] (Nokia) HKU\S-1-5-21-132197110-3117043442-3119173927-1000\...\Policies\system: [DisableLockWorkstation] 0 HKU\S-1-5-21-132197110-3117043442-3119173927-1000\...\Policies\system: [DisableChangePassword] 0 Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\w98Eject.lnk ShortcutTarget: w98Eject.lnk -> C:\Windows\system\w98eject.exe (Sigmatel) Startup: C:\Users\Sumsisum\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-132197110-3117043442-3119173927-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch SearchScopes: HKLM -> {230D7087-5842-4816-985C-8393ACBAC32D} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox SearchScopes: HKLM-x32 -> {230D7087-5842-4816-985C-8393ACBAC32D} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.) BHO: WEB.DE MailCheck BHO -> {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} -> C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.) BHO-x32: WEB.DE MailCheck BHO -> {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} -> C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) DPF: HKLM-x32 {1ABA5FAC-1417-422B-BA82-45C35E2C908B} hxxp://kitchenplanner.ikea.com/DE/Core/Player/2020PlayerAX_IKEA_Win32.cab DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.2.cab Handler: webde - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH) Handler-x32: webde - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH) Tcpip\Parameters: [DhcpNameServer] 192.168.0.2 Tcpip\..\Interfaces\{2DD74BF9-228A-47CA-9F74-06C1515BF58C}: [NameServer] 139.7.30.125 139.7.30.126 FireFox: ======== FF ProfilePath: C:\Users\Sumsium\AppData\Roaming\Mozilla\Firefox\Profiles\h8p7mo5w.default FF SelectedSearchEngine: Google FF Keyword.URL: hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=827316&p= FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC) FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @innoplus.de/ino3DViewer -> C:\Program Files (x86)\innoplus\3D-Viewer-innoPlus\npIno3DViewer.dll (INNOVA-engineering GmbH Dresden) FF Plugin-x32: @java.com/DTPlugin,version=10.9.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.9.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @nokia.com/EnablerPlugin -> C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( ) FF Plugin-x32: @pack.google.com/Google Updater;version=14 -> C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll () FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin-x32: NitroPDF -> C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll ( ) FF Plugin-x32: PDF Architect 2 -> C:\Program Files (x86)\PDF Architect 2\np-previewer.dll (pdfforge GmbH) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Extension: Download videos and MP3s from YouTube - C:\Users\Sumsium\AppData\Roaming\Mozilla\Firefox\Profiles\h8p7mo5w.default\Extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900} [2014-11-12] FF Extension: NoScript - C:\Users\Sumsium\AppData\Roaming\Mozilla\Firefox\Profiles\h8p7mo5w.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012-03-04] FF Extension: Adblock Plus - C:\Users\Sumsium\AppData\Roaming\Mozilla\Firefox\Profiles\h8p7mo5w.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-10-21] FF HKU\S-1-5-21-132197110-3117043442-3119173927-1000\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-11-12] Chrome: ======= CHR HomePage: Default -> hxxp://www.google.com/ CHR StartupUrls: Default -> "hxxp://www.google.com/" CHR Profile: C:\Users\Sumsium\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Sumsium\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-04] CHR Extension: (YouTube) - C:\Users\Sumsium\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-01] CHR Extension: (Adblock Plus) - C:\Users\Sumsium\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-03-01] CHR Extension: (Hide My Ass! Web Proxy) - C:\Users\Sumsium\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmgnmcnlncejehjlnhaglpnoolgbflbd [2014-06-13] CHR Extension: (Google Search) - C:\Users\Sumsium\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-01] CHR Extension: (Avira Browser Safety) - C:\Users\Sumsium\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-06-13] CHR Extension: (No Name) - C:\Users\Sumsium\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcdjknjpbnhdoabbngpmfekaecnpajba [2015-02-06] CHR Extension: (Google Wallet) - C:\Users\Sumsium\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-01] CHR Extension: (Gmail) - C:\Users\Sumsium\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-01] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.) R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation) R2 AntiVirFirewallService; C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe [1044784 2014-11-25] (Avira Operations GmbH & Co. KG) R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [807672 2015-01-09] (Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2015-01-09] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2015-01-09] (Avira Operations GmbH & Co. KG) R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [993584 2015-01-09] (Avira Operations GmbH & Co. KG) R3 BlackBerry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [585728 2014-01-21] (BlackBerry Limited) [File not signed] R2 ezSharedSvc; C:\Windows\SysWOW64\ezsvc7.dll [129584 2009-02-22] (EasyBits Sofware AS) [File not signed] R2 HP Health Check Service; C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [120832 2009-10-15] (Hewlett-Packard) [File not signed] R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] () R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-08-20] (Hewlett-Packard Company) [File not signed] R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) R2 NitroReaderDriverReadSpool2; C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe [341296 2011-06-21] (Nitro PDF Software) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-13] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-13] (NVIDIA Corporation) S3 PDF Architect 2; C:\Program Files (x86)\PDF Architect 2\ws.exe [1716264 2014-04-30] (pdfforge GmbH) S3 pdfforge CrashHandler; C:\Program Files (x86)\PDF Architect 2\crash-handler-ws.exe [861736 2014-04-30] (pdfforge GmbH) R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-07-06] () R2 SamsungAllShare; C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\WiselinkPro.exe [7237024 2011-05-24] () R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe [247808 2010-03-23] (IDT, Inc.) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R3 avfwim; C:\Windows\System32\DRIVERS\avfwim.sys [114608 2013-02-12] (Avira GmbH) R1 avfwot; C:\Windows\System32\DRIVERS\avfwot.sys [141376 2013-02-12] (Avira GmbH) R1 avfwot; C:\Windows\SysWOW64\DRIVERS\avfwot.sys [131336 2011-06-30] (Avira GmbH) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-01] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-01] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG) R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [43064 2014-10-01] (Avira Operations GmbH & Co. KG) S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-04-18] () [File not signed] R3 GEARAspiWDM; C:\Windows\SysWOW64\DRIVERS\GEARAspiWDM.sys [15664 2011-11-19] (GEAR Software Inc.) S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [212992 2012-02-13] (Huawei Technologies Co., Ltd.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-13] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation) S3 OV550I; C:\Windows\System32\Drivers\ov550ivx.sys [196992 2008-02-21] (Omnivision Technologies, Inc.) S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [79872 2013-12-02] (BlackBerry Limited) R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd) S3 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp.sys [145360 2010-02-12] (Sun Microsystems, Inc.) S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 dgderdrv; System32\drivers\dgderdrv.sys [X] S3 DlinkUDSMBus; SysWOW64\Drivers\DlinkUDSMBus.sys [X] S3 lvpepf64; system32\DRIVERS\lv302a64.sys [X] S3 LVPr2M64; system32\DRIVERS\LVPr2M64.sys [X] S3 LVRS64; system32\DRIVERS\lvrs64.sys [X] S3 PID_PEPI; system32\DRIVERS\LV302V64.SYS [X] S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X] S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-18 18:41 - 2015-01-09 04:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll 2015-02-18 18:41 - 2015-01-09 04:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll 2015-02-18 18:41 - 2015-01-09 04:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll 2015-02-18 18:41 - 2015-01-09 03:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll 2015-02-17 17:33 - 2015-02-17 17:34 - 49473087 _____ () C:\Users\Sumsisum\Downloads\sky_go_1.2 (1).apk 2015-02-17 17:33 - 2015-02-17 17:33 - 49473087 _____ () C:\Users\Sumsisum\Downloads\sky_go_1.2.apk 2015-02-14 12:27 - 2015-02-14 12:27 - 00000000 ____D () C:\Users\Sumsium\Documents\Moebelplaner 2015-02-14 12:27 - 2015-02-14 12:27 - 00000000 ____D () C:\Users\Sumsium\AppData\Roaming\Moebelplaner-1402 2015-02-14 12:25 - 2015-02-14 12:25 - 12093676 _____ () C:\Users\Sumsium\Downloads\Moebelplaner.exe 2015-02-13 13:08 - 2015-01-23 05:42 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2015-02-13 13:08 - 2015-01-23 05:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-02-13 13:08 - 2015-01-23 04:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2015-02-13 13:08 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-02-11 18:23 - 2015-02-11 18:23 - 00001007 _____ () C:\Users\Sumsium\Desktop\ESET_2015-02-11.txt 2015-02-11 12:28 - 2015-02-04 04:16 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2015-02-11 12:28 - 2015-02-04 04:16 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2015-02-11 12:28 - 2015-02-04 04:16 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2015-02-11 12:28 - 2015-02-04 04:16 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2015-02-11 12:28 - 2015-02-04 04:16 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2015-02-11 12:28 - 2015-02-04 04:16 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll 2015-02-11 12:28 - 2015-02-04 04:13 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2015-02-11 12:28 - 2015-01-28 00:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe 2015-02-11 12:28 - 2015-01-10 07:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2015-02-11 12:28 - 2015-01-10 07:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-02-11 12:28 - 2015-01-10 07:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2015-02-11 12:28 - 2015-01-10 07:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2015-02-11 12:28 - 2015-01-10 07:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2015-02-11 12:28 - 2015-01-10 07:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2015-02-11 12:28 - 2015-01-10 07:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2015-02-11 12:28 - 2015-01-10 07:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2015-02-11 12:28 - 2015-01-10 07:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2015-02-11 12:28 - 2015-01-10 07:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2015-02-11 12:28 - 2015-01-10 07:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2015-02-11 12:28 - 2015-01-10 07:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2015-02-11 12:28 - 2015-01-10 07:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2015-02-11 12:28 - 2015-01-10 07:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2015-02-11 12:27 - 2015-01-15 09:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2015-02-11 12:27 - 2015-01-15 09:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2015-02-11 12:27 - 2015-01-15 09:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2015-02-11 12:27 - 2015-01-15 09:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2015-02-11 12:27 - 2015-01-15 09:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2015-02-11 12:27 - 2015-01-15 09:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2015-02-11 12:27 - 2015-01-15 09:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2015-02-11 12:27 - 2015-01-15 09:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2015-02-11 12:27 - 2015-01-15 09:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2015-02-11 12:27 - 2015-01-15 09:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2015-02-11 12:27 - 2015-01-15 09:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2015-02-11 12:27 - 2015-01-15 08:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2015-02-11 12:27 - 2015-01-15 08:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2015-02-11 12:27 - 2015-01-15 08:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2015-02-11 12:27 - 2015-01-15 08:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2015-02-11 12:27 - 2015-01-15 08:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2015-02-11 12:27 - 2015-01-15 08:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2015-02-11 12:27 - 2015-01-15 05:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2015-02-11 12:27 - 2015-01-14 07:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-02-11 12:27 - 2015-01-14 07:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-02-11 12:27 - 2015-01-14 07:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-02-11 12:27 - 2015-01-14 07:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-02-11 12:27 - 2015-01-14 06:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-02-11 12:27 - 2015-01-14 06:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-02-11 12:27 - 2015-01-14 06:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-02-11 12:27 - 2015-01-14 06:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-02-11 12:27 - 2015-01-14 06:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2015-02-11 12:27 - 2015-01-13 04:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2015-02-11 12:27 - 2015-01-13 03:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2015-02-11 12:27 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-02-11 12:27 - 2015-01-12 04:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-02-11 12:27 - 2015-01-12 04:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2015-02-11 12:27 - 2015-01-12 03:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2015-02-11 12:27 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-02-11 12:27 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-02-11 12:27 - 2015-01-12 03:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2015-02-11 12:27 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-02-11 12:27 - 2015-01-12 03:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-02-11 12:27 - 2015-01-12 03:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2015-02-11 12:27 - 2015-01-12 03:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-02-11 12:27 - 2015-01-12 03:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-02-11 12:27 - 2015-01-12 03:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2015-02-11 12:27 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-02-11 12:27 - 2015-01-12 03:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2015-02-11 12:27 - 2015-01-12 03:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2015-02-11 12:27 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-02-11 12:27 - 2015-01-12 03:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2015-02-11 12:27 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-02-11 12:27 - 2015-01-12 03:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-02-11 12:27 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-02-11 12:27 - 2015-01-12 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2015-02-11 12:27 - 2015-01-12 03:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2015-02-11 12:27 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2015-02-11 12:27 - 2015-01-12 03:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-02-11 12:27 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-02-11 12:27 - 2015-01-12 03:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2015-02-11 12:27 - 2015-01-12 02:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2015-02-11 12:27 - 2015-01-12 02:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2015-02-11 12:27 - 2015-01-12 02:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2015-02-11 12:27 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-02-11 12:27 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-02-11 12:27 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-02-11 12:27 - 2015-01-12 02:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2015-02-11 12:27 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2015-02-11 12:27 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-02-11 12:27 - 2015-01-12 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2015-02-11 12:27 - 2015-01-12 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2015-02-11 12:27 - 2015-01-12 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2015-02-11 12:27 - 2015-01-12 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2015-02-11 12:27 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-02-11 12:27 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-02-11 12:27 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-02-11 12:27 - 2015-01-12 02:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2015-02-11 12:27 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-02-11 12:27 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-02-11 12:27 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-02-11 12:27 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-02-11 12:27 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-02-11 12:27 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2015-02-11 12:27 - 2014-12-12 06:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2015-02-11 12:27 - 2014-12-12 06:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2015-02-11 12:27 - 2014-12-08 04:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll 2015-02-11 12:27 - 2014-12-08 03:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll 2015-02-11 12:27 - 2014-11-26 04:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll 2015-02-11 12:27 - 2014-11-26 04:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll 2015-02-11 12:27 - 2014-07-07 03:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll 2015-02-11 12:27 - 2014-07-07 03:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll 2015-02-11 12:27 - 2014-07-07 02:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll 2015-02-11 12:27 - 2014-07-07 02:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2015-02-11 12:26 - 2015-01-09 03:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-02-10 17:40 - 2015-02-10 17:40 - 02347384 _____ (ESET) C:\Users\Sumsium\Downloads\esetsmartinstaller_deu.exe 2015-02-10 17:25 - 2015-02-23 18:35 - 00000000 ____D () C:\Users\Sumsium\Desktop\FRST-OlderVersion 2015-02-08 21:32 - 2015-02-08 21:32 - 00033999 _____ () C:\Users\Sumsium\Desktop\08022015.txt 2015-02-08 19:02 - 2015-02-08 19:02 - 00033999 _____ () C:\ComboFix.txt 2015-02-08 18:42 - 2015-02-08 18:42 - 05609947 ____R (Swearware) C:\Users\Sumsium\Desktop\ComboFix.exe 2015-02-07 15:17 - 2015-02-23 18:35 - 02087424 _____ (Farbar) C:\Users\Sumsium\Desktop\FRST64.exe 2015-02-06 20:15 - 2015-02-06 20:15 - 00060042 _____ () C:\Users\Sumsium\Desktop\FRST_06022015.txt 2015-02-06 20:15 - 2015-02-06 20:15 - 00050179 _____ () C:\Users\Sumsium\Desktop\Addition_06022015.txt 2015-02-06 19:58 - 2015-02-06 19:58 - 00001209 _____ () C:\Users\Sumsium\Desktop\MWB_06.02.2015.txt 2015-02-06 19:11 - 2015-02-23 17:37 - 00000986 _____ () C:\Windows\Tasks\Google Software Updater.job 2015-02-06 19:11 - 2015-02-06 19:11 - 00003536 _____ () C:\Windows\System32\Tasks\Google Software Updater 2015-02-06 18:59 - 2015-02-06 18:59 - 02112512 _____ () C:\Users\Sumsium\Downloads\AdwCleaner_4.110.exe 2015-02-05 21:08 - 2015-02-05 21:08 - 00060051 _____ () C:\Users\Sumsium\Desktop\FRST_05.02.2015.txt 2015-02-05 21:08 - 2015-02-05 21:08 - 00049146 _____ () C:\Users\Sumsium\Desktop\Addition_05.02.2015.txt 2015-02-05 21:06 - 2015-02-07 15:20 - 00064689 _____ () C:\Users\Sumsium\Downloads\FRST.txt 2015-02-05 21:06 - 2015-02-06 20:02 - 00050179 _____ () C:\Users\Sumsium\Downloads\Addition.txt 2015-02-05 21:01 - 2015-02-05 21:01 - 00034595 _____ () C:\Users\Sumsium\Desktop\Combo_05022015.txt 2015-02-05 20:36 - 2015-02-08 19:02 - 00000000 ____D () C:\Qoobox 2015-02-05 20:36 - 2015-02-05 20:51 - 00000000 ____D () C:\Windows\erdnt 2015-02-05 20:36 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe 2015-02-05 20:36 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe 2015-02-05 20:36 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2015-02-05 20:36 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2015-02-05 20:36 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2015-02-05 20:36 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe 2015-02-05 20:36 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe 2015-02-05 20:36 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe 2015-02-04 22:04 - 2015-02-04 22:05 - 00051768 _____ () C:\Users\Sumsium\Desktop\Addition.txt 2015-02-04 22:03 - 2015-02-23 18:36 - 00029868 _____ () C:\Users\Sumsium\Desktop\FRST.txt 2015-02-04 22:03 - 2015-02-23 18:36 - 00000000 ____D () C:\FRST 2015-02-04 22:03 - 2015-02-04 22:03 - 02131968 _____ (Farbar) C:\Users\Sumsium\Downloads\FRST64.exe 2015-02-04 21:39 - 2015-02-04 21:39 - 00001596 _____ () C:\Users\Sumsium\Desktop\MWB_04.02.2015.txt 2015-02-04 20:56 - 2015-02-23 18:36 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-02-04 20:56 - 2015-02-04 20:56 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-02-04 20:56 - 2015-02-04 20:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-02-04 20:56 - 2015-02-04 20:56 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-02-04 20:56 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-02-04 20:56 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-02-04 20:35 - 2015-02-04 20:35 - 02194432 _____ () C:\Users\Sumsium\Downloads\AdwCleaner09.exe 2015-02-04 20:31 - 2015-02-04 20:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WEB.DE MailCheck 2015-02-04 20:31 - 2015-02-04 20:31 - 00000000 ____D () C:\Program Files\WEB.DE MailCheck 2015-02-04 20:31 - 2015-02-04 20:31 - 00000000 ____D () C:\Program Files (x86)\WEB.DE MailCheck 2015-02-02 18:10 - 2015-02-02 18:11 - 00000000 ____D () C:\Users\Sumsisum\AppData\Local\{BCB7DE81-8D52-4792-B5AF-BEB777D12830} 2015-02-01 17:50 - 2015-02-01 17:50 - 00000000 ____D () C:\Users\Sumsisum\AppData\Local\{2EBA8608-3E96-4F27-92D9-C942EDED9FF6} 2015-01-31 18:50 - 2015-01-31 18:51 - 00000000 ____D () C:\Users\Sumsisum\AppData\Local\{BA1C8A95-E08D-458F-BFBB-3D4399D73349} 2015-01-28 19:44 - 2015-01-28 19:44 - 49464479 _____ () C:\Users\Sumsisum\Downloads\Sky_go_v.1.1.apk 2015-01-28 19:24 - 2015-01-28 19:27 - 00000000 ____D () C:\Users\Sumsisum\Desktop\kindle 2015-01-27 18:56 - 2015-01-27 18:56 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-01-26 18:42 - 2015-01-26 18:42 - 00003882 _____ () C:\Windows\System32\Tasks\Registration 1und1 Task 2015-01-26 18:42 - 2015-01-26 18:42 - 00000000 ____D () C:\ProgramData\UUdb 2015-01-26 11:02 - 2015-01-26 11:02 - 00022720 _____ () C:\Users\Sumsisum\KontakteNokia.7z 2015-01-26 10:57 - 2015-01-26 10:58 - 00000000 ____D () C:\Users\Sumsisum\KontakteNokia 2015-01-26 10:40 - 2015-01-26 10:52 - 00000000 ____D () C:\Users\Sumsium\KontakteNokia 2015-01-26 09:33 - 2015-01-26 09:33 - 00000000 ____D () C:\Users\Sumsium\AppData\Roaming\Windows Live Writer 2015-01-26 09:33 - 2015-01-26 09:33 - 00000000 ____D () C:\Users\Sumsium\AppData\Local\Windows Live Writer 2015-01-26 09:33 - 2015-01-26 09:33 - 00000000 ____D () C:\Users\Sumsium\AppData\Local\{8FFF0D90-6E4F-4354-8769-B7908F254471} 2015-01-26 09:33 - 2015-01-26 09:33 - 00000000 ____D () C:\Users\Sumsium\AppData\Local\{74770D46-27FE-443A-B9EF-4A06FDF3873F} 2015-01-26 08:33 - 2015-01-26 08:33 - 00000000 ____D () C:\Users\Sumsium\AppData\Roaming\Nokia Suite 2015-01-26 08:33 - 2015-01-26 08:33 - 00000000 ____D () C:\Users\Sumsium\AppData\Roaming\Nokia 2015-01-26 08:30 - 2015-01-26 08:30 - 00000000 __SHD () C:\Users\Sumsium\AppData\Local\EmieBrowserModeList 2015-01-26 08:26 - 2015-02-08 11:24 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7 2015-01-26 08:24 - 2015-01-26 08:24 - 00000000 ____D () C:\Users\Sumsium\AppData\Local\Apple Computer 2015-01-25 10:59 - 2015-01-25 10:59 - 00000000 ____D () C:\Users\Sumsisum\Desktop\Sigi Geburtstag ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-23 18:36 - 2009-07-14 05:45 - 00026192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-02-23 18:36 - 2009-07-14 05:45 - 00026192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-02-23 18:29 - 2010-05-23 14:32 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-02-23 18:28 - 2011-05-04 16:32 - 00332068 _____ () C:\Windows\SysWOW64\http_ss.log 2015-02-23 18:28 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-02-23 18:28 - 2009-07-14 05:51 - 00212050 _____ () C:\Windows\setupact.log 2015-02-23 18:27 - 2010-03-12 01:19 - 01331841 _____ () C:\Windows\WindowsUpdate.log 2015-02-23 18:15 - 2012-03-29 14:54 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-02-23 17:40 - 2012-09-24 10:34 - 00003954 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{61CDC14D-922F-48FB-A877-B41883A6DD8B} 2015-02-23 17:38 - 2010-05-23 14:32 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-02-21 15:47 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\tracing 2015-02-17 17:39 - 2011-06-17 21:18 - 00000000 ____D () C:\Users\Sumsisum\Documents\stricken 2015-02-17 12:02 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache 2015-02-14 17:09 - 2014-08-27 19:26 - 00000000 ____D () C:\Users\Sumsisum\Documents\Wohnung 2015-02-12 20:01 - 2009-07-14 05:45 - 00534272 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-02-12 20:00 - 2010-03-12 01:22 - 00666316 _____ () C:\Windows\PFRO.log 2015-02-12 19:58 - 2014-12-12 09:51 - 00000000 ____D () C:\Windows\system32\appraiser 2015-02-12 19:58 - 2014-05-07 09:15 - 00000000 ___SD () C:\Windows\system32\CompatTel 2015-02-12 19:38 - 2010-01-08 22:24 - 00000000 ____D () C:\ProgramData\Microsoft Help 2015-02-12 19:34 - 2013-07-21 11:26 - 00000000 ____D () C:\Windows\system32\MRT 2015-02-12 19:11 - 2010-11-19 20:38 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-02-08 18:59 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini 2015-02-08 11:23 - 2015-01-23 19:22 - 00000000 ____D () C:\Program Files\Common Files\Apple 2015-02-08 11:18 - 2010-05-23 14:32 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-02-08 11:18 - 2010-05-23 14:32 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2015-02-07 15:16 - 2012-03-29 14:54 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-02-07 15:15 - 2012-03-29 14:54 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-02-07 15:15 - 2011-06-21 17:20 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-02-06 19:02 - 2013-11-30 08:58 - 00000000 ____D () C:\AdwCleaner 2015-02-05 20:52 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default 2015-02-04 20:56 - 2013-06-20 19:24 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware 2015-02-04 20:56 - 2012-03-04 12:38 - 00000000 ____D () C:\Users\Sumsium\AppData\Roaming\Malwarebytes 2015-02-04 20:56 - 2012-03-04 12:38 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-01-31 18:51 - 2012-01-06 23:04 - 00000000 ____D () C:\Users\Sumsisum\AppData\Local\Windows Live 2015-01-31 12:38 - 2012-06-10 08:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-01-30 23:07 - 2010-01-09 06:07 - 09650414 _____ () C:\Windows\system32\perfh007.dat 2015-01-30 23:07 - 2010-01-09 06:07 - 03042540 _____ () C:\Windows\system32\perfc007.dat 2015-01-30 23:07 - 2009-07-14 06:13 - 00006504 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-01-26 18:42 - 2014-03-22 16:32 - 00000000 ____D () C:\Program Files (x86)\1und1Softwareaktualisierung 2015-01-26 11:02 - 2010-05-18 14:50 - 00000000 ____D () C:\Users\Sumsisum 2015-01-26 10:58 - 2012-07-21 18:33 - 00000000 ____D () C:\Users\Sumsisum\Documents\Rezepte 2015-01-26 10:40 - 2010-05-18 09:40 - 00000000 ____D () C:\Users\Sumsium 2015-01-26 09:33 - 2012-01-06 21:17 - 00000000 ____D () C:\Users\Sumsium\AppData\Local\Windows Live 2015-01-26 08:38 - 2012-01-07 23:18 - 00000000 ____D () C:\Users\Sumsium\AppData\Roaming\Apple Computer 2015-01-26 08:33 - 2012-10-23 18:23 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2015-01-26 08:32 - 2010-11-01 09:38 - 00000000 ____D () C:\Users\Sumsium\AppData\Roaming\PC Suite 2015-01-26 08:06 - 2014-01-21 19:59 - 00000000 ____D () C:\Users\Gast\AppData\Roaming\Apple Computer 2015-01-26 07:56 - 2015-01-23 19:09 - 00000000 ____D () C:\Users\Gast\AppData\Roaming\Nokia 2015-01-26 07:52 - 2015-01-23 19:08 - 00000000 ____D () C:\Users\Gast\AppData\Roaming\PC Suite ==================== Files in the root of some directories ======= 2014-03-01 14:44 - 2014-03-01 14:44 - 0000268 ___RH () C:\Users\Sumsium\AppData\Roaming\Breath Pad 2014-03-01 14:44 - 2014-03-01 14:44 - 0000268 ___RH () C:\Users\Sumsium\AppData\Roaming\Bubble Noise 2013-06-29 16:22 - 2013-06-29 16:42 - 0000077 _____ () C:\Users\Sumsium\AppData\Roaming\Rim.Desktop.Exception.log 2011-03-12 16:59 - 2013-06-29 16:20 - 0003174 _____ () C:\Users\Sumsium\AppData\Roaming\Rim.Desktop.HttpServerSetup.log 2013-06-29 16:22 - 2013-06-29 16:42 - 0000077 _____ () C:\Users\Sumsium\AppData\Roaming\Rim.DesktopHelper.Exception.log 2011-01-08 21:13 - 2011-01-08 21:13 - 0000000 _____ () C:\Users\Sumsium\AppData\Local\AtStart.txt 2011-01-08 21:13 - 2011-01-08 21:13 - 0000000 _____ () C:\Users\Sumsium\AppData\Local\DSwitch.txt 2011-01-08 21:13 - 2011-01-08 21:13 - 0000000 _____ () C:\Users\Sumsium\AppData\Local\QSwitch.txt 2012-01-19 18:19 - 2013-06-22 13:19 - 0007610 _____ () C:\Users\Sumsium\AppData\Local\Resmon.ResmonCfg 2010-12-05 13:30 - 2010-12-28 20:25 - 0000080 ___SH () C:\ProgramData\.zreglib 2014-03-01 14:44 - 2014-03-01 14:44 - 0000268 ___RH () C:\ProgramData\Caches 2014-03-01 14:44 - 2014-03-01 14:44 - 0000268 ___RH () C:\ProgramData\CIOSupport 2014-03-01 14:44 - 2014-03-01 14:44 - 0000012 ___RH () C:\ProgramData\ColorSync 2014-03-01 14:44 - 2014-03-01 14:44 - 0000012 ___RH () C:\ProgramData\Command Line Utility 2010-05-18 09:45 - 2010-11-19 20:38 - 0000188 _____ () C:\ProgramData\HPWALog.txt 2014-05-01 11:17 - 2014-05-01 11:18 - 0000848 ___SH () C:\ProgramData\KGyGaAvL.sys 2014-03-01 14:44 - 2014-03-01 14:44 - 0000020 ____H () C:\ProgramData\PKP_DLet.DAT 2014-03-01 14:44 - 2014-03-01 14:44 - 0000020 ____H () C:\ProgramData\PKP_DLev.DAT 2010-03-12 01:43 - 2010-03-12 01:43 - 0000032 _____ () C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log 2010-01-08 23:23 - 2010-01-08 23:23 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log 2010-03-12 01:42 - 2010-03-12 01:42 - 0000032 _____ () C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log 2010-01-08 23:19 - 2010-01-08 23:20 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log 2010-03-12 01:42 - 2010-03-12 01:42 - 0000032 _____ () C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log 2010-03-12 01:43 - 2010-03-12 01:43 - 0000032 _____ () C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log 2010-01-08 23:19 - 2010-01-08 23:19 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log 2010-01-08 23:20 - 2010-01-08 23:23 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log 2010-03-12 01:43 - 2010-03-12 01:43 - 0000105 _____ () C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log Some content of TEMP: ==================== C:\Users\Sumsisum\AppData\Local\Temp\avgnt.exe C:\Users\Sumsisum\AppData\Local\Temp\NOSEventMessages.dll C:\Users\Sumsium\AppData\Local\Temp\avgnt.exe C:\Users\Sumsium\AppData\Local\Temp\NOSEventMessages.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-02-13 14:42 ==================== End Of Log ============================ |
23.02.2015, 21:53 | #25 |
Ruhe in Frieden † 2019 | Fund bei Malwarebytes: OpenCandy und Spigot Hallo Sabine, danke, das sieht jetzt endlich gut aus. Du solltest wie gesagt deinen Downloadordner noch mal durchschauen, in den Installern ist Adware. Bitte aufpassen. Und wenn du alles soweit gamacht hast einmal ein neues BackUp erstellen und die alten dann löschen. Und ganz wichtig, Passwörter ändern, steht unten auch noch mal was zu! OK So wie ich es sehe, haben wir damit alles Schadhafte entfernt. Deine Logs sind sauber. Abschließend räumen wir noch etwas auf, führen Updates durch und dann bekommst du noch etwas Lesestoff von mir. Schritt 1 Falls Du Malwarebytes-Antimalware und den ESET-Onlinescan nicht mehr benötigst, kannst Du beide Programme einfach über die Programmdeinstallation deinstallieren. Ich empfehle Dir aber zumindest Malwarebytes zu behalten, und damit einmal die Woche einen Kontrollscan zu machen. Schritt 2 Bitte vor der folgenden Aktion wieder temporär Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren. Windows-Taste + R drücke. Kopiere nun folgende Zeile in die Kommandozeile und klicke OK. Code:
ATTFilter Combofix /Uninstall Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert, damit auch aus dieser die Schädlinge verschwinden. Nun die eben deaktivierten Programme wieder aktivieren. Schritt 3 Downloade dir bitte delfix auf deinen Desktop.
Updates / Programme aktualisieren
Stelle sicher, dass dein FlashPlayer nach Updates sucht. Den FlashPlayer kann man direkt bei der Installation so konfigurieren, dass er nach Updates automatisch sucht, nachträglich kann man das über folgenden Link machen: Adobe - Flash Player: Einstellungsmanager - Globale Benachrichtigungseinstellungen
Java ist eine große Sicherheitslücke auf deinem System, es werden immer wieder neue Schwachstellen entdeckt, die ausgenutzt werden um Rechner zu infizieren. Sofern du Java nicht zwingend benötigst, solltest du es komplett deinstallieren. Windows XP Gehe auf: Start --> Systemsteuerung --> Software --> Javaversionen auswählen --> entfernen Windows Vista Gehe auf: Start --> Systemsteuerung -- > Programme --> Programme deinstallieren --> Javaversionen suchen --> entfernen Windows 7 Dazu gehe auf: den Windowsbutton in der Taskleiste --> Systemsteuerung --> Programme (Unterpunkt Programme deinstallieren) --> Javaversionen auswählen --> entfernen Windows 8 Dazu drücke auf: Windowstaste und X dann: Programme und Funktionen -->Javaversionen auswählen --> entfernen Falls du Java doch unbedingt benötigst, dann
und sorge dafür, dass Java automatisch updated. Dazu:
Hier findest du eine Anleitung dazu. Nun zum Schluss noch ein paar Tipps zur Absicherung deines Systems. Ändere regelmäßig alle deine Passwörter, jetzt, nach der Bereinigung ist ein idealer Zeitpunkt dafür
Aktualität des Systems Es ist extrem wichtig, dass sowohl dein System als auch die darauf installierte sicherheitsrelevante Software (Flash Player, PDF-Reader und besonders Java, sofern vorhanden) aktuell sind.
Antivirensoftware
Zusätzlicher Schutz
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der Internet Explorer, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Systemleistung Lösche regelmäßig deine temporären Dateien. Ich empfehle hierzu die Datenträgerbereinigung von Windows. Windows Vista
Windows 7
Windows 8
Halte dich fern von jeglichen Registry Cleanern. Diese schaden deinem System mehr als dass sie es schneller machen. Verhaltensregeln zum sichereren Surfen
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen. Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind. Falls Du Lob oder Kritik abgeben möchtest, kannst Du das sehr gerne hier tun. Wenn Du etwas für das Forum und unsere Arbeit spenden möchtest, so kannst Du das hier tun. |
25.02.2015, 19:57 | #26 |
| Fund bei Malwarebytes: OpenCandy und Spigot Hallo Sandra, vielen vielen Dank für Deine Hilfe! Da es doch eine Menge zu tun ist, werde ich vor Sonntag Abend nicht dazu kommen. Ich melde mich dann nochmal. Viele Grüße Sabine |
04.03.2015, 21:15 | #28 |
| Fund bei Malwarebytes: OpenCandy und Spigot Hallo Sandra, hat alles wunderbar geklappt! Vielen Dank für Deine Unterstützung!!! Viele Grüße Sabine |
05.03.2015, 23:09 | #29 |
Ruhe in Frieden † 2019 | Fund bei Malwarebytes: OpenCandy und Spigot Hallo Sabine, sehr schön. Alles Gute für dich. Somit ist dieses Thema erledigt, falls du noch Fragen haben solltest oder es Probleme gibt, so schicke mir bitte eine PN Jeder andere bitte hier klicken und einen eigenen Thread erstellen |
Themen zu Fund bei Malwarebytes: OpenCandy und Spigot |
appdatalow, bedenklich, candy, einfach, elemente, entferne, entfernen, erkannt, fund, gefunde, laufe, laufen, local, malwarebytes, opencandy, profi, schädliche, search, search settings, software, spigot, temp, users |