| |
| |||||||
Log-Analyse und Auswertung: Windows 7: Firefox versucht Datei zuladen die verseucht istWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
17.03.2015, 13:55
| #1 |
| |  Windows 7: Firefox versucht Datei zuladen die verseucht ist Grüß Gott allerseits, als viel-leser nutze ich gerne JDownloader um meine ebooks bequem auf einmal von den Buchhändlern downzuladen. Gestern erinnerte mich das Programm daran, dass es eine neue Version gibt. Dem Link des Pop-Ups folgte ich und lud dort das neue Programm runter. Scheinbar bin ich aber gelinkt worden und habe neben dem Programm noch etwas mist dazu bekommen. In Firefox waren 2 Add-Ons Installiert und Aktiviert, die Suchmaschine war verstellt und FF versucht bei jedem Start eine Datei namens "ebdnhru.rar" zuladen. Der DL wird glücklicherweise blockiert mit dem Hinweis dass die Datei eventuell einen Virus oder Spyware enthalte. Mein Virenscanner (Avast Free AntiVirus, Version 150317-0) meldet keinen Fund. Malwarebits jedoch findet gleich jede Menge. Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 17.03.2015 Suchlauf-Zeit: 12:01:40 Logdatei: malwarebytes.txt Administrator: Ja Version: 2.00.4.1028 Malware Datenbank: v2015.03.17.03 Rootkit Datenbank: v2015.02.25.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x86 Dateisystem: NTFS Benutzer: Claudi Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 456290 Verstrichene Zeit: 10 Min, 40 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 2 PUP.Optional.XTab.A, C:\Program Files\XTab\ProtectService.exe, 2020, , [d6c1fd494a40ae8880a6f41b11f18c74] PUP.Optional.WindowsMangerProtect.A, C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe, 1724, , [b8dfb09689018ea89ce5794349ba7a86] Module: 2 PUP.Optional.XTab.A, C:\Program Files\XTab\msvcp110.dll, , [296e252123678bab1fada21642c1d030], PUP.Optional.XTab.A, C:\Program Files\XTab\msvcr110.dll, , [296e252123678bab1fada21642c1d030], Registrierungsschlüssel: 34 PUP.Optional.XTab.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\IHProtect Service, , [d6c1fd494a40ae8880a6f41b11f18c74], PUP.Optional.SupTab.A, HKLM\SOFTWARE\CLASSES\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, , [4354da6cd5b532041cb6da5b649cd729], PUP.Optional.SupTab.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}, , [4354da6cd5b532041cb6da5b649cd729], PUP.Optional.SupTab.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{917CAAE9-DD47-4025-936E-1414F07DF5B8}, , [4354da6cd5b532041cb6da5b649cd729], PUP.Optional.SupTab.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, , [4354da6cd5b532041cb6da5b649cd729], PUP.Optional.SupTab.A, HKU\S-1-5-21-4207056575-3370044151-3894322460-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, , [4354da6cd5b532041cb6da5b649cd729], PUP.Optional.SupTab.A, HKLM\SOFTWARE\CLASSES\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}\INPROCSERVER32, , [4354da6cd5b532041cb6da5b649cd729], PUP.Optional.BetweenLines.A, HKLM\SOFTWARE\CLASSES\CLSID\{fb1b354f-6305-4364-bf9c-4bfef634a9db}, , [f0a73b0bb2d8a2942e5786ae26dcb947], PUP.Optional.BetweenLines.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{2af2d67b-8ef2-4261-8535-27e847cff708}, , [f0a73b0bb2d8a2942e5786ae26dcb947], PUP.Optional.BetweenLines.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{3F5EE107-E7C9-4A3A-8784-18D085938686}, , [f0a73b0bb2d8a2942e5786ae26dcb947], PUP.Optional.BetweenLines.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{FB1B354F-6305-4364-BF9C-4BFEF634A9DB}, , [f0a73b0bb2d8a2942e5786ae26dcb947], PUP.Optional.BetweenLines.A, HKLM\SOFTWARE\CLASSES\CLSID\{FB1B354F-6305-4364-BF9C-4BFEF634A9DB}\INPROCSERVER32, , [f0a73b0bb2d8a2942e5786ae26dcb947], PUP.Optional.BrowseFox.A, HKLM\SOFTWARE\CLASSES\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}, , [bed974d2f1992f07c97084d756ad33cd], PUP.Optional.Iminent.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{68B81CCD-A80C-4060-8947-5AE69ED01199}, , [574097af088274c29dc2d9828e75d828], PUP.Optional.Iminent.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E6B969FB-6D33-48d2-9061-8BBD4899EB08}, , [e8aff551f2988aacc29e3f1cea19f40c], PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\mystartsearch uninstall, , [e9aec2845931c07661a80ab440c337c9], PUP.Optional.BetweenLines.A, HKLM\SOFTWARE\Between Lines, , [fb9cdb6b1674c96d3e8b1c8e4fb4ce32], PUP.Optional.IHProtect.A, HKLM\SOFTWARE\IHProtect, , [5641e46213779d9928a3eeca30d331cf], PUP.Optional.Iminent.A, HKLM\SOFTWARE\Iminent, , [cdca2224fa9057dfd63df30b2cd7817f], PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\mystartsearchSoftware, , [82151e2891f99f97dfbf5f61ea1954ac], PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, , [197ecd790882e452395178a647be40c0], PUP.Optional.SupTab.A, HKLM\SOFTWARE\SUPTAB, , [296e58ee07837db91377e0eeab58cc34], PUP.Optional.WindowsMangerProtect.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WindowsMangerProtect, , [b8dfb09689018ea89ce5794349ba7a86], PUP.Optional.WindowsMangerProtect.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\WindowsMangerProtect, , [47502620a0eaa78f24a1e2e1c340bb45], PUP.Optional.InstallBrain.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WNLT, , [0c8b99ade9a1c07624d36baefd08e020], PUP.Optional.BetweenLines.A, HKU\S-1-5-21-4207056575-3370044151-3894322460-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Between Lines, , [890e6dd9c0ca16204c7c7436669d9a66], PUP.Optional.Iminent.A, HKU\S-1-5-21-4207056575-3370044151-3894322460-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Iminent, , [8e0982c4b5d5290dc64e52ac9a6950b0], PUP.Optional.Conduit.A, HKU\S-1-5-21-4207056575-3370044151-3894322460-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\ConduitSearchScopes, , [71264501f99176c0520adae6c53ecb35], PUP.Optional.Conduit.A, HKU\S-1-5-21-4207056575-3370044151-3894322460-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\CONDUIT\FF, , [7b1c093d45459a9c313a50c81bea9e62], PUP.Optional.Qone8, HKU\S-1-5-21-4207056575-3370044151-3894322460-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, , [d8bf8fb792f8ed49c3c673abed1814ec], PUP.Optional.IStart.A, HKU\S-1-5-21-4207056575-3370044151-3894322460-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\EXTENDS, , [92051f2726641c1a9c70327ce2216a96], PUP.Optional.SnapDo.A, HKU\S-1-5-21-4207056575-3370044151-3894322460-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SMARTBAR, , [f7a06adc5d2d55e160af36c70cf71ee2], PUP.Optional.InstallBrain.A, HKU\S-1-5-21-4207056575-3370044151-3894322460-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WNLT, , [2d6a4cfab0da96a00aedf4256e9755ab], PUP.Optional.BetweenLines.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Between Lines, , [2671341297f3cd6992bb5d4df40f0000], Registrierungswerte: 7 PUP.Optional.SearchEngine.A, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|searchengine@gmail.com, C:\Users\Claudi\AppData\Roaming\Mozilla\Firefox\Profiles\abqeew4h.default\extensions\searchengine@gmail.com, , [0f883511008ad95d1347d16efd0802fe] PUP.Optional.IStart.A, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|istart_ffnt@gmail.com, C:\Users\Claudi\AppData\Roaming\Mozilla\Firefox\Profiles\abqeew4h.default\extensions\istart_ffnt@gmail.com, , [ddbaed59c9c10f27a69d9b12a26109f7] PUP.Optional.SupTab.A, HKLM\SOFTWARE\SUPTAB|ptid, cor, , [296e58ee07837db91377e0eeab58cc34] PUP.Optional.InstallBrain.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WNLT|URL, MYSTART, , [0c8b99ade9a1c07624d36baefd08e020] PUP.Optional.IStart.A, HKU\S-1-5-21-4207056575-3370044151-3894322460-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\EXTENDS|appid, istart_ffnt@gmail.com, , [92051f2726641c1a9c70327ce2216a96] PUP.Optional.SnapDo.A, HKU\S-1-5-21-4207056575-3370044151-3894322460-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SMARTBAR|publisher, SnapDoForPartners, , [f7a06adc5d2d55e160af36c70cf71ee2] PUP.Optional.InstallBrain.A, HKU\S-1-5-21-4207056575-3370044151-3894322460-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WNLT|URL, SIM, , [2d6a4cfab0da96a00aedf4256e9755ab] Registrierungsdaten: 10 PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.mystartsearch.com/?type=hp&ts=1426524205&from=cor&uid=ST1000DM003-1CH162_S1D96792XXXXS1D96792, Gut: (www.google.com), Schlecht: (hxxp://www.mystartsearch.com/?type=hp&ts=1426524205&from=cor&uid=ST1000DM003-1CH162_S1D96792XXXXS1D96792),,[deb9c185fb8f40f6e0267867e223fd03] PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://www.mystartsearch.com/?type=hp&ts=1426524205&from=cor&uid=ST1000DM003-1CH162_S1D96792XXXXS1D96792, Gut: (www.google.com), Schlecht: (hxxp://www.mystartsearch.com/?type=hp&ts=1426524205&from=cor&uid=ST1000DM003-1CH162_S1D96792XXXXS1D96792),,[d2c524228406b5810006dc034cb9fd03] PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),,[1483f84e93f7290d2867d912a065c040] PUP.Optional.SnapDo.A, HKU\S-1-5-21-4207056575-3370044151-3894322460-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=05203580-871c-be69-0e91-b86f299b8ad7&searchtype=ds&q={searchTerms}&installDate={installDate}, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=05203580-871c-be69-0e91-b86f299b8ad7&searchtype=ds&q={searchTerms}&installDate={installDate}),,[2c6b69dd2466fd395fa021be57aee41c] PUP.Optional.MyStartSearch.A, HKU\S-1-5-21-4207056575-3370044151-3894322460-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.mystartsearch.com/?type=hp&ts=1426524205&from=cor&uid=ST1000DM003-1CH162_S1D96792XXXXS1D96792, Gut: (www.google.com), Schlecht: (hxxp://www.mystartsearch.com/?type=hp&ts=1426524205&from=cor&uid=ST1000DM003-1CH162_S1D96792XXXXS1D96792),,[e8af1036a1e90b2b10f7459a45c0c739] PUP.Optional.SnapDo.A, HKU\S-1-5-21-4207056575-3370044151-3894322460-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar, hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=05203580-871c-be69-0e91-b86f299b8ad7&searchtype=ds&q={searchTerms}&installDate={installDate}, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=05203580-871c-be69-0e91-b86f299b8ad7&searchtype=ds&q={searchTerms}&installDate={installDate}),,[bcdb1b2b800ab68014ea726dbb4a669a] PUP.Optional.MyStartSearch.A, HKU\S-1-5-21-4207056575-3370044151-3894322460-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://www.mystartsearch.com/?type=hp&ts=1426524205&from=cor&uid=ST1000DM003-1CH162_S1D96792XXXXS1D96792, Gut: (www.google.com), Schlecht: (hxxp://www.mystartsearch.com/?type=hp&ts=1426524205&from=cor&uid=ST1000DM003-1CH162_S1D96792XXXXS1D96792),,[2c6b81c55634ea4c986f5e8139cc8a76] PUP.Optional.SnapDo.A, HKU\S-1-5-21-4207056575-3370044151-3894322460-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=05203580-871c-be69-0e91-b86f299b8ad7&searchtype=ds&q={searchTerms}&installDate={installDate}, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=05203580-871c-be69-0e91-b86f299b8ad7&searchtype=ds&q={searchTerms}&installDate={installDate}),,[afe89da9b1d9989e54ad8c54848101ff] PUP.Optional.SnapDo.A, HKU\S-1-5-21-4207056575-3370044151-3894322460-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=05203580-871c-be69-0e91-b86f299b8ad7&searchtype=ds&q={searchTerms}&installDate={installDate}, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=05203580-871c-be69-0e91-b86f299b8ad7&searchtype=ds&q={searchTerms}&installDate={installDate}),,[484fd0764c3ef83e0bf770704db804fc] PUP.Optional.SnapDo.A, HKU\S-1-5-21-4207056575-3370044151-3894322460-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=05203580-871c-be69-0e91-b86f299b8ad7&searchtype=ds&q={searchTerms}&installDate={installDate}, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=05203580-871c-be69-0e91-b86f299b8ad7&searchtype=ds&q={searchTerms}&installDate={installDate}),,[623551f56624fc3a6e8f439c768fb749] Ordner: 40 PUP.Optional.XTab.A, C:\Program Files\XTab, , [296e252123678bab1fada21642c1d030], PUP.Optional.XTab.A, C:\Program Files\XTab\skin, , [296e252123678bab1fada21642c1d030], PUP.Optional.XTab.A, C:\Program Files\XTab\skin\image, , [296e252123678bab1fada21642c1d030], PUP.Optional.XTab.A, C:\Program Files\XTab\web, , [296e252123678bab1fada21642c1d030], PUP.Optional.XTab.A, C:\Program Files\XTab\web\img, , [296e252123678bab1fada21642c1d030], PUP.Optional.XTab.A, C:\Program Files\XTab\web\img\weather, , [296e252123678bab1fada21642c1d030], PUP.Optional.XTab.A, C:\Program Files\XTab\web\js, , [296e252123678bab1fada21642c1d030], PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales, , [296e252123678bab1fada21642c1d030], PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\en-US, , [296e252123678bab1fada21642c1d030], PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\es-419, , [296e252123678bab1fada21642c1d030], PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\es-ES, , [296e252123678bab1fada21642c1d030], PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\fr-BE, , [296e252123678bab1fada21642c1d030], PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\fr-CA, , [296e252123678bab1fada21642c1d030], PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\fr-CH, , [296e252123678bab1fada21642c1d030], PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\fr-FR, , [296e252123678bab1fada21642c1d030], PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\fr-LU, , [296e252123678bab1fada21642c1d030], PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\it-CH, , [296e252123678bab1fada21642c1d030], PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\it-IT, , [296e252123678bab1fada21642c1d030], PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\pl, , [296e252123678bab1fada21642c1d030], PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\pt, , [296e252123678bab1fada21642c1d030], PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\pt-BR, , [296e252123678bab1fada21642c1d030], PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\ru, , [296e252123678bab1fada21642c1d030], PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\ru-MO, , [296e252123678bab1fada21642c1d030], PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\tr-TR, , [296e252123678bab1fada21642c1d030], PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\vi-VI, , [296e252123678bab1fada21642c1d030], PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\zh-CN, , [296e252123678bab1fada21642c1d030], PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\zh-TW, , [296e252123678bab1fada21642c1d030], PUP.Optional.MyStartSearch.A, C:\Users\Claudi\AppData\Roaming\mystartsearch, , [e9aec2845931c07661a80ab440c337c9], PUP.Optional.MyStartSearch.A, C:\Users\Claudi\AppData\Roaming\mystartsearch\images, , [e9aec2845931c07661a80ab440c337c9], PUP.Optional.MyStartSearch.A, C:\Users\Claudi\AppData\Roaming\mystartsearch\images\code, , [e9aec2845931c07661a80ab440c337c9], PUP.Optional.DownloadGuide.A, C:\Users\Claudi\AppData\Local\DownloadGuide, , [7f18c77ff397a294c878ef2fdc295da3], PUP.Optional.DownloadGuide.A, C:\Users\Claudi\AppData\Local\DownloadGuide\Offers, , [7f18c77ff397a294c878ef2fdc295da3], PUP.Optional.Conduit.A, C:\ProgramData\Conduit\IE, , [6e29ec5ae2a82214def3511e7192f50b], PUP.Optional.Conduit.A, C:\ProgramData\Conduit\IE\CT3317892, , [6e29ec5ae2a82214def3511e7192f50b], PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect, , [593e53f306841d19caa39beb1de67987], PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\update, , [593e53f306841d19caa39beb1de67987], PUP.Optional.IHProtectUpDate.A, C:\ProgramData\IHProtectUpDate, , [2d6a7ec83456e0567192069df90a6e92], PUP.Optional.IHProtectUpDate.A, C:\ProgramData\IHProtectUpDate\update, , [2d6a7ec83456e0567192069df90a6e92], PUP.Optional.BetweenLines.A, C:\Program Files\Between Lines, , [2671341297f3cd6992bb5d4df40f0000], PUP.Optional.BetweenLines.A, C:\Users\Claudi\AppData\Local\Temp\Between Lines, , [5443b88e1971b185a2acd3d7be4524dc], Dateien: 114 PUP.Optional.XTab.A, C:\Program Files\XTab\ProtectService.exe, , [d6c1fd494a40ae8880a6f41b11f18c74], PUP.Optional.SupTab.A, C:\Program Files\XTab\SupTab.dll, , [4354da6cd5b532041cb6da5b649cd729], PUP.Optional.BetweenLines.A, C:\Program Files\Between Lines\BetweenLinesBHO.dll, , [f0a73b0bb2d8a2942e5786ae26dcb947], PUP.Optional.MyStartSearch.A, C:\Users\Claudi\AppData\Local\Temp\is1901864539\15BC6354_stp\Mar9_3072_cor_mystartsearch.exe, , [c8cf3610e1a9ae88342454d0e71f5fa1], PUP.Optional.Iminent.A, C:\Users\Claudi\AppData\Local\DownloadGuide\Offers\IminentSetup.exe, , [583f4501d7b3ae88322caaaf9c655ba5], PUP.Optional.Conduit.A, C:\Users\Claudi\AppData\Local\DownloadGuide\Offers\mconduitinstaller.exe, , [73243b0be1a948ee8ae544dba65ae61a], PUP.Optional.Wajam.A, C:\Users\Claudi\AppData\Local\DownloadGuide\Offers\wajam_download.exe, , [c7d0d472c8c2db5bdf9286c1d52b08f8], PUP.Optional.XTab.A, C:\Program Files\XTab\uninstall.exe, , [296e252123678bab1fada21642c1d030], PUP.Optional.XTab.A, C:\Program Files\XTab\ffsearch_toolbar!1.0.0.1025.xpi, , [296e252123678bab1fada21642c1d030], PUP.Optional.XTab.A, C:\Program Files\XTab\install.data, , [296e252123678bab1fada21642c1d030], PUP.Optional.XTab.A, C:\Program Files\XTab\msvcp110.dll, , [296e252123678bab1fada21642c1d030], PUP.Optional.XTab.A, C:\Program Files\XTab\msvcr110.dll, , [296e252123678bab1fada21642c1d030], PUP.Optional.XTab.A, C:\Program Files\XTab\searchProvider.xml, , [296e252123678bab1fada21642c1d030], PUP.Optional.XTab.A, C:\Program Files\XTab\skin\about.png, , [296e252123678bab1fada21642c1d030], PUP.Optional.XTab.A, C:\Program Files\XTab\skin\about_bk.png, , [296e252123678bab1fada21642c1d030], PUP.Optional.XTab.A, C:\Program Files\XTab\skin\btn.png, , [296e252123678bab1fada21642c1d030], PUP.Optional.XTab.A, C:\Program Files\XTab\skin\btn_apply.png, , [296e252123678bab1fada21642c1d030], PUP.Optional.XTab.A, C:\Program Files\XTab\skin\close.png, , [296e252123678bab1fada21642c1d030], PUP.Optional.XTab.A, C:\Program Files\XTab\skin\conf.xml, , [296e252123678bab1fada21642c1d030], PUP.Optional.XTab.A, C:\Program Files\XTab\skin\conf_back.png, , [296e252123678bab1fada21642c1d030], PUP.Optional.XTab.A, C:\Program Files\XTab\skin\input_bk.png, , [296e252123678bab1fada21642c1d030], PUP.Optional.XTab.A, C:\Program Files\XTab\skin\logo.png, , [296e252123678bab1fada21642c1d030], PUP.Optional.XTab.A, C:\Program Files\XTab\skin\main.xml, , [296e252123678bab1fada21642c1d030], PUP.Optional.XTab.A, C:\Program Files\XTab\skin\radio_1.png, , [296e252123678bab1fada21642c1d030], PUP.Optional.XTab.A, C:\Program Files\XTab\skin\radio_2.png, , [296e252123678bab1fada21642c1d030], PUP.Optional.XTab.A, C:\Program Files\XTab\skin\rigth_arrow.png, , [296e252123678bab1fada21642c1d030], PUP.Optional.XTab.A, C:\Program Files\XTab\skin\settings.png, , [296e252123678bab1fada21642c1d030], PUP.Optional.XTab.A, C:\Program Files\XTab\web\data.html, , [296e252123678bab1fada21642c1d030], PUP.Optional.XTab.A, C:\Program Files\XTab\web\indexIE.html, , [296e252123678bab1fada21642c1d030], PUP.Optional.XTab.A, C:\Program Files\XTab\web\indexIE8.html, , [296e252123678bab1fada21642c1d030], PUP.Optional.XTab.A, C:\Program Files\XTab\web\main.css, , [296e252123678bab1fada21642c1d030], PUP.Optional.XTab.A, C:\Program Files\XTab\web\ver.txt, , [296e252123678bab1fada21642c1d030], PUP.Optional.XTab.A, C:\Program Files\XTab\web\img\arrow.png, , [296e252123678bab1fada21642c1d030], PUP.Optional.XTab.A, C:\Program Files\XTab\web\img\default_add_logo.png, , [296e252123678bab1fada21642c1d030], PUP.Optional.XTab.A, C:\Program Files\XTab\web\img\default_add_logo_hover.png, , [296e252123678bab1fada21642c1d030], PUP.Optional.XTab.A, C:\Program Files\XTab\web\img\default_logo.png, , [296e252123678bab1fada21642c1d030], PUP.Optional.XTab.A, C:\Program Files\XTab\web\img\googlelogo.png, , [296e252123678bab1fada21642c1d030], PUP.Optional.XTab.A, C:\Program Files\XTab\web\img\googlelogo2.png, , [296e252123678bab1fada21642c1d030], PUP.Optional.XTab.A, C:\Program Files\XTab\web\img\google_trends.png, , [296e252123678bab1fada21642c1d030], PUP.Optional.XTab.A, C:\Program Files\XTab\web\img\icon128.png, , [296e252123678bab1fada21642c1d030], PUP.Optional.XTab.A, C:\Program Files\XTab\web\img\icon16.png, , [296e252123678bab1fada21642c1d030], PUP.Optional.XTab.A, C:\Program Files\XTab\web\img\icon48.png, , [296e252123678bab1fada21642c1d030], PUP.Optional.XTab.A, C:\Program Files\XTab\web\img\loading.gif, , [296e252123678bab1fada21642c1d030], PUP.Optional.XTab.A, C:\Program Files\XTab\web\img\logo32.ico, , [296e252123678bab1fada21642c1d030], PUP.Optional.XTab.A, C:\Program Files\XTab\web\img\weather\0.png, , [296e252123678bab1fada21642c1d030], PUP.Optional.XTab.A, C:\Program Files\XTab\web\js\common.js, , [296e252123678bab1fada21642c1d030], PUP.Optional.XTab.A, C:\Program Files\XTab\web\js\ga.js, , [296e252123678bab1fada21642c1d030], PUP.Optional.XTab.A, C:\Program Files\XTab\web\js\ie8.js, , [296e252123678bab1fada21642c1d030], PUP.Optional.XTab.A, C:\Program Files\XTab\web\js\jquery-1.11.0.min.js, , [296e252123678bab1fada21642c1d030], PUP.Optional.XTab.A, C:\Program Files\XTab\web\js\jquery.autocomplete.js, , [296e252123678bab1fada21642c1d030], PUP.Optional.XTab.A, C:\Program Files\XTab\web\js\js.js, , [296e252123678bab1fada21642c1d030], PUP.Optional.XTab.A, C:\Program Files\XTab\web\js\library.js, , [296e252123678bab1fada21642c1d030], PUP.Optional.XTab.A, C:\Program Files\XTab\web\js\xagainit-ie8.js, , [296e252123678bab1fada21642c1d030], PUP.Optional.XTab.A, C:\Program Files\XTab\web\js\xagainit.js, , [296e252123678bab1fada21642c1d030], PUP.Optional.XTab.A, C:\Program Files\XTab\web\js\xagainit2.0.js, , [296e252123678bab1fada21642c1d030], PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\en-US\messages.json, , [296e252123678bab1fada21642c1d030], PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\es-419\messages.json, , [296e252123678bab1fada21642c1d030], PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\es-ES\messages.json, , [296e252123678bab1fada21642c1d030], PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\fr-BE\messages.json, , [296e252123678bab1fada21642c1d030], PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\fr-CA\messages.json, , [296e252123678bab1fada21642c1d030], PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\fr-CH\messages.json, , [296e252123678bab1fada21642c1d030], PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\fr-FR\messages.json, , [296e252123678bab1fada21642c1d030], PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\fr-LU\messages.json, , [296e252123678bab1fada21642c1d030], PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\it-CH\messages.json, , [296e252123678bab1fada21642c1d030], PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\it-IT\messages.json, , [296e252123678bab1fada21642c1d030], PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\pl\messages.json, , [296e252123678bab1fada21642c1d030], PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\pt\messages.json, , [296e252123678bab1fada21642c1d030], PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\pt-BR\messages.json, , [296e252123678bab1fada21642c1d030], PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\ru\messages.json, , [296e252123678bab1fada21642c1d030], PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\ru-MO\messages.json, , [296e252123678bab1fada21642c1d030], PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\tr-TR\messages.json, , [296e252123678bab1fada21642c1d030], PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\vi-VI\messages.json, , [296e252123678bab1fada21642c1d030], PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\zh-CN\messages.json, , [296e252123678bab1fada21642c1d030], PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\zh-TW\messages.json, , [296e252123678bab1fada21642c1d030], PUP.Optional.MyStartSearch.A, C:\Users\Claudi\AppData\Roaming\mystartsearch\MessageBox.xml, , [e9aec2845931c07661a80ab440c337c9], PUP.Optional.MyStartSearch.A, C:\Users\Claudi\AppData\Roaming\mystartsearch\481.json, , [e9aec2845931c07661a80ab440c337c9], PUP.Optional.MyStartSearch.A, C:\Users\Claudi\AppData\Roaming\mystartsearch\un.ini, , [e9aec2845931c07661a80ab440c337c9], PUP.Optional.MyStartSearch.A, C:\Users\Claudi\AppData\Roaming\mystartsearch\uninstallDlg2.xml, , [e9aec2845931c07661a80ab440c337c9], PUP.Optional.MyStartSearch.A, C:\Users\Claudi\AppData\Roaming\mystartsearch\UninstallManager.exe, , [e9aec2845931c07661a80ab440c337c9], PUP.Optional.MyStartSearch.A, C:\Users\Claudi\AppData\Roaming\mystartsearch\images\bg.png, , [e9aec2845931c07661a80ab440c337c9], PUP.Optional.MyStartSearch.A, C:\Users\Claudi\AppData\Roaming\mystartsearch\images\bg1.png, , [e9aec2845931c07661a80ab440c337c9], PUP.Optional.MyStartSearch.A, C:\Users\Claudi\AppData\Roaming\mystartsearch\images\bk_shadow.png, , [e9aec2845931c07661a80ab440c337c9], PUP.Optional.MyStartSearch.A, C:\Users\Claudi\AppData\Roaming\mystartsearch\images\button.png, , [e9aec2845931c07661a80ab440c337c9], PUP.Optional.MyStartSearch.A, C:\Users\Claudi\AppData\Roaming\mystartsearch\images\button1.png, , [e9aec2845931c07661a80ab440c337c9], PUP.Optional.MyStartSearch.A, C:\Users\Claudi\AppData\Roaming\mystartsearch\images\checkbox.png, , [e9aec2845931c07661a80ab440c337c9], PUP.Optional.MyStartSearch.A, C:\Users\Claudi\AppData\Roaming\mystartsearch\images\checkbox_select.png, , [e9aec2845931c07661a80ab440c337c9], PUP.Optional.MyStartSearch.A, C:\Users\Claudi\AppData\Roaming\mystartsearch\images\checked.png, , [e9aec2845931c07661a80ab440c337c9], PUP.Optional.MyStartSearch.A, C:\Users\Claudi\AppData\Roaming\mystartsearch\images\close.png, , [e9aec2845931c07661a80ab440c337c9], PUP.Optional.MyStartSearch.A, C:\Users\Claudi\AppData\Roaming\mystartsearch\images\loading_bg.png, , [e9aec2845931c07661a80ab440c337c9], PUP.Optional.MyStartSearch.A, C:\Users\Claudi\AppData\Roaming\mystartsearch\images\loading_light.png, , [e9aec2845931c07661a80ab440c337c9], PUP.Optional.MyStartSearch.A, C:\Users\Claudi\AppData\Roaming\mystartsearch\images\min.png, , [e9aec2845931c07661a80ab440c337c9], PUP.Optional.MyStartSearch.A, C:\Users\Claudi\AppData\Roaming\mystartsearch\images\scrollbar.bmp, , [e9aec2845931c07661a80ab440c337c9], PUP.Optional.MyStartSearch.A, C:\Users\Claudi\AppData\Roaming\mystartsearch\images\Thumbs.db, , [e9aec2845931c07661a80ab440c337c9], PUP.Optional.MyStartSearch.A, C:\Users\Claudi\AppData\Roaming\mystartsearch\images\unchecked.png, , [e9aec2845931c07661a80ab440c337c9], PUP.Optional.MyStartSearch.A, C:\Users\Claudi\AppData\Roaming\mystartsearch\images\code\code1.jpg, , [e9aec2845931c07661a80ab440c337c9], PUP.Optional.MyStartSearch.A, C:\Users\Claudi\AppData\Roaming\mystartsearch\images\code\code2.jpg, , [e9aec2845931c07661a80ab440c337c9], PUP.Optional.MyStartSearch.A, C:\Users\Claudi\AppData\Roaming\mystartsearch\images\code\code3.jpg, , [e9aec2845931c07661a80ab440c337c9], PUP.Optional.MyStartSearch.A, C:\Users\Claudi\AppData\Roaming\mystartsearch\images\code\code4.jpg, , [e9aec2845931c07661a80ab440c337c9], PUP.Optional.MyStartSearch.A, C:\Users\Claudi\AppData\Roaming\mystartsearch\images\code\code5.jpg, , [e9aec2845931c07661a80ab440c337c9], PUP.Optional.MyStartSearch.A, C:\Users\Claudi\AppData\Roaming\mystartsearch\images\code\code6.jpg, , [e9aec2845931c07661a80ab440c337c9], PUP.Optional.MyStartSearch.A, C:\Users\Claudi\AppData\Roaming\mystartsearch\images\code\Thumbs.db, , [e9aec2845931c07661a80ab440c337c9], PUP.Optional.DownloadGuide.A, C:\Users\Claudi\AppData\Local\DownloadGuide\amazon.ico, , [7f18c77ff397a294c878ef2fdc295da3], PUP.Optional.DownloadGuide.A, C:\Users\Claudi\AppData\Local\DownloadGuide\tz-easybuch_start_installation.exe, , [7f18c77ff397a294c878ef2fdc295da3], PUP.Optional.DownloadGuide.A, C:\Users\Claudi\AppData\Local\DownloadGuide\Offers\vis-freeware.exe, , [7f18c77ff397a294c878ef2fdc295da3], PUP.Optional.DownloadGuide.A, C:\Users\Claudi\AppData\Local\DownloadGuide\Offers\WebBOptimizer.exe, [7f18c77ff397a294c878ef2fdc295da3], , %5 PUP.Optional.WindowsMangerProtect.A, C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe, , [b8dfb09689018ea89ce5794349ba7a86], PUP.Optional.Conduit.A, C:\ProgramData\Conduit\IE\CT3317892\UninstallerUI.exe, , [6e29ec5ae2a82214def3511e7192f50b], PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\update\conf, , [593e53f306841d19caa39beb1de67987], PUP.Optional.IHProtectUpDate.A, C:\ProgramData\IHProtectUpDate\update\conf, , [2d6a7ec83456e0567192069df90a6e92], PUP.Optional.BetweenLines.A, C:\Program Files\Between Lines\BetweenLines.ico, , [2671341297f3cd6992bb5d4df40f0000], PUP.Optional.BetweenLines.A, C:\Program Files\Between Lines\BetweenLinesUninstall.exe, , [2671341297f3cd6992bb5d4df40f0000], PUP.Optional.MyStartSearch.A, C:\Users\Claudi\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences, Gut: (), Schlecht: ( "homepage": "hxxp://www.mystartsearch.com/?type=hp&ts=1426524205&from=cor&uid=ST1000DM003-1CH162_S1D96792XXXXS1D96792",), ,[425544024149f83e51dff135e62021df] PUP.Optional.Conduit.A, C:\Users\Claudi\AppData\Roaming\Mozilla\Firefox\Profiles\abqeew4h.default\prefs.js, Gut: (), Schlecht: (user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3317892&SearchSource=2&CUI=UN21792360229163249&UM=2&sspv=TB_CNI&q=");), ,[d6c12a1ce7a32016386d4cdd7294be42] PUP.Optional.Conduit.A, C:\Users\Claudi\AppData\Roaming\Mozilla\Firefox\Profiles\abqeew4h.default\prefs.js, Gut: (), Schlecht: (user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3317892&CUI=UN21792360229163249&UM=2&SearchSource=3&q={searchTerms}&sspv=TB_CNI");), ,[61361b2b533744f2754171b84bbb4eb2] Physische Sektoren: 0 (Keine schädliche Elemente erkannt) (end) Defogger: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 12:42 on 17/03/2015 (Claudi)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-03-2015
Ran by Claudi at 2015-03-17 12:44:26
Running from C:\Users\Claudi\Desktop\Checks
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.22beta (HKLM\...\7-Zip) (Version: - )
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Age of Empires III (HKLM\...\InstallShield_{A8CF5C37-8EC5-4C33-BB4A-87F468B77D45}) (Version: 1.00.0000 - Microsoft Game Studios)
Age of Empires III (Version: 1.00.0000 - Microsoft Game Studios) Hidden
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.0.4.4 - Atheros Communications Inc.)
Audacity 2.0.3 (HKLM\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
Avast Free Antivirus (HKLM\...\avast) (Version: 10.2.2214 - AVAST Software)
Battle.net (HKLM\...\Battle.net) (Version: - Blizzard Entertainment)
Benutzerhandbuch anzeigen (HKLM\...\View User Guide) (Version: 3.60.02.0 - )
Between Lines (HKLM\...\Between Lines) (Version: 2015.03.02.185236 - Between Lines) <==== ATTENTION
calibre (HKLM\...\{8854EE3C-5031-499F-B5EB-51A82F1B28EF}) (Version: 2.21.0 - Kovid Goyal)
CoreAAC Audio Decoder (remove only) (HKLM\...\CoreAAC Audio Decoder) (Version: - )
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DDBAC (HKLM\...\{E3B6D3FB-A593-41BA-9AB1-FFE46F608565}) (Version: 5.3.21 - DataDesign)
Destinations (Version: 130.0.0.0 - Hewlett-Packard) Hidden
Diablo II (HKLM\...\Diablo II) (Version: - Blizzard Entertainment)
Diablo III (HKLM\...\Diablo III) (Version: - Blizzard Entertainment)
Diablo III Public Test (HKLM\...\Diablo III Public Test) (Version: - Blizzard Entertainment)
Die Siedler - Aufbruch der Kulturen (HKLM\...\SADK) (Version: - )
DIE SIEDLER - Aufstieg eines Königreichs (HKLM\...\{D3F80A98-05AB-4D8C-9272-766CCFA6A48D}) (Version: 1.00.0000 - Ubisoft)
Die Siedler 7 (HKLM\...\{9C916142-C18C-429D-BFED-40094A7E0BEB}) (Version: 1.12.1396 - Ubisoft)
DocProc (Version: 13.0.0.0 - Hewlett-Packard) Hidden
Dropbox (HKU\S-1-5-21-4207056575-3370044151-3894322460-1000\...\Dropbox) (Version: 3.2.9 - Dropbox, Inc.)
Fotogalerie (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Chrome (HKLM\...\Google Chrome) (Version: 41.0.2272.89 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
Hearthstone (HKLM\...\Hearthstone) (Version: - Blizzard Entertainment)
Heroes of the Storm (HKLM\...\Heroes of the Storm) (Version: - Blizzard Entertainment)
IBANKonverterQuickVerein (HKLM\...\{1F1FC068-123F-4302-9555-8FF3CAEB0506}) (Version: 1.00.0000 - Ihr Firmenname)
Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
JDownloader 2 (HKLM\...\jdownloader2-1) (Version: 2.0 - AppWork GmbH)
LG United Mobile Drivers (HKLM\...\{5DB849D6-9392-4FB7-9ABB-87ED433152E5}) (Version: 3.8.1 - LG Electronics)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Access database engine 2007 (German) (HKLM\...\{90120000-00D1-0407-0000-0000000FF1CE}) (Version: 12.0.4518.1049 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 (HKLM\...\Microsoft SQL Server 10 Release) (Version: - Microsoft Corporation)
Microsoft SQL Server 2008 Browser (HKLM\...\{4AF2248C-B3DF-46FB-9596-87F5DB193689}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Native Client (HKLM\...\{539A0EAA-E1BB-4163-9C1E-6C8BF4A17FA2}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{D074DC76-F6C9-440E-A1D0-1DE958417FDB}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Movie Maker (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 36.0.1 (x86 de) (HKLM\...\Mozilla Firefox 36.0.1 (x86 de)) (Version: 36.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
Mozilla Thunderbird 31.5.0 (x86 de) (HKLM\...\Mozilla Thunderbird 31.5.0 (x86 de)) (Version: 31.5.0 - Mozilla)
MSI to redistribute MS VS2005 CRT libraries (HKLM\...\{A8D93648-9F7F-407D-915C-62044644C3DA}) (Version: 8.0.50727.42 - The Firebird Project)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
mystartsearch uninstall (HKLM\...\mystartsearch uninstall) (Version: - mystartsearch) <==== ATTENTION
Nero 7 Essentials (HKLM\...\{97F32DF8-D66E-446A-A425-C1D7B45C1031}) (Version: 7.02.6782 - Nero AG)
Nero Video 2014 (HKLM\...\{F9BC3E29-E14A-417F-AAC7-289137234C8E}) (Version: 15.0.03000 - Nero AG)
Nettalk 6.7 (HKLM\...\Nettalk_is1) (Version: - Nicolas Kruse)
NVIDIA 3D Vision Controller-Treiber 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.52 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.1.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.1.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA PhysX (Legacy) (HKLM\...\{FAAC26AD-73BA-40CE-86AA-C9213F9E064A}) (Version: 9.13.0604 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
ON_OFF Charge B11.1102.1 (HKLM\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
Opera 12.16 (HKU\S-1-5-21-4207056575-3370044151-3894322460-1000\...\Opera 12.16.1860) (Version: 12.16.1860 - Opera Software ASA)
Oracle VM VirtualBox 4.3.20 (HKLM\...\{3ACD85F2-BD6D-44FE-8CAE-5C1C3757ED7E}) (Version: 4.3.20 - Oracle Corporation)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PDF24 Creator 6.7.0 (HKLM\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.311.0 - Tracker Software Products Ltd)
Prerequisite installer (Version: 15.0.0005 - Nero AG) Hidden
QIP 2012 7221 Jeak-Edition (HKLM\...\QIP 2012 7221 Jeak-Edition 4.0.7221) (Version: 4.0.7221 - jeak.de)
QIP 2012 7221 Jeak-Edition (Version: 4.0.7221 - jeak.de) Hidden
QuickVerein 2014 V11 (HKLM\...\{3E3397FD-9FF6-4EF0-B7AC-1FB668DFF774}) (Version: 11.0.0 - Lexware)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6482 - Realtek Semiconductor Corp.)
Samsung CLP-360 Series (HKLM\...\Samsung CLP-360 Series) (Version: 1.12 (05.12.2013) - Samsung Electronics Co., Ltd.)
Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.3.2.12064_9 - Samsung Electronics Co., Ltd.)
Samsung Kies (Version: 2.3.2.12064_9 - Samsung Electronics Co., Ltd.) Hidden
Samsung Printer Live Update (HKLM\...\Samsung Printer Live Update) (Version: 1.01.00:04(2013-04-22) - Samsung Electronics Co., Ltd.)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.29.0 - SAMSUNG Electronics Co., Ltd.)
SDFormatter (HKLM\...\{15EB20D6-5F13-41D0-BEF9-C9C44D6AC620}) (Version: 3.0.0 - SD Association)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version: - Microsoft)
Service Pack 3 für SQL Server 2008 (KB2546951) (HKLM\...\KB2546951) (Version: 10.3.5500.0 - Microsoft Corporation)
SHIELD Streaming (Version: 3.1.100 - NVIDIA Corporation) Hidden
Skype™ 7.2 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.2.103 - Skype Technologies S.A.)
Sql Server Customer Experience Improvement Program (Version: 10.3.5500.0 - Microsoft Corporation) Hidden
StarMoney (Version: 3.0.0.124 - StarFinanz) Hidden
StarMoney (Version: 4.0.4.16 - StarFinanz) Hidden
Stronghold (HKLM\...\{C917BA70-28A3-4C74-B163-41FD8C8E1A5A}) (Version: 1.20.0000 - Firefly Studios)
TeamSpeak 3 Client (HKU\S-1-5-21-4207056575-3370044151-3894322460-1000\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
TomTom HOME (HKLM\...\{7A2BB1C8-903D-4585-9F3B-CADD67D07D37}) (Version: 2.9.8 - Ihr Firmenname)
TomTom HOME Visual Studio Merge Modules (HKLM\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
Ubisoft Game Launcher (HKLM\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Unterstützungsdateien für Microsoft SQL Server 2008-Setup (HKLM\...\{2A231800-A7CF-4223-B8A3-1FD9057BAE96}) (Version: 10.3.5500.0 - Microsoft Corporation)
Uplay (HKLM\...\Uplay) (Version: 4.6 - Ubisoft)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Winamp (HKLM\...\Winamp) (Version: 5.63 - Nullsoft, Inc)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows-Treiberpaket - Hewlett-Packard Image (04/27/2007 9.0.0.0) (HKLM\...\A6BCA7876CD547CFB5821019998F044515D81B74) (Version: 04/27/2007 9.0.0.0 - Hewlett-Packard)
Z-Cron (HKLM\...\{FD57FF4D-7225-4DAC-B15D-9BAE3E8A0E2B}) (Version: 4.9.0.53 - IMU Andreas Baumann)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-4207056575-3370044151-3894322460-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Claudi\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4207056575-3370044151-3894322460-1000_Classes\CLSID\{0713E8A2-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4207056575-3370044151-3894322460-1000_Classes\CLSID\{0713E8A8-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4207056575-3370044151-3894322460-1000_Classes\CLSID\{0713E8D2-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4207056575-3370044151-3894322460-1000_Classes\CLSID\{0713E8D8-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4207056575-3370044151-3894322460-1000_Classes\CLSID\{373FF7F0-EB8B-11CD-8820-08002B2F4F5A}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4207056575-3370044151-3894322460-1000_Classes\CLSID\{373FF7F4-EB8B-11CD-8820-08002B2F4F5A}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4207056575-3370044151-3894322460-1000_Classes\CLSID\{58DA8D8A-9D6A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4207056575-3370044151-3894322460-1000_Classes\CLSID\{58DA8D8F-9D6A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4207056575-3370044151-3894322460-1000_Classes\CLSID\{58DA8D93-9D6A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4207056575-3370044151-3894322460-1000_Classes\CLSID\{58DA8D96-9D6A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4207056575-3370044151-3894322460-1000_Classes\CLSID\{5ACBB955-5C57-11CF-8993-00AA00688B10}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4207056575-3370044151-3894322460-1000_Classes\CLSID\{5ACBB956-5C57-11CF-8993-00AA00688B10}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4207056575-3370044151-3894322460-1000_Classes\CLSID\{5ACBB957-5C57-11CF-8993-00AA00688B10}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4207056575-3370044151-3894322460-1000_Classes\CLSID\{5ACBB958-5C57-11CF-8993-00AA00688B10}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4207056575-3370044151-3894322460-1000_Classes\CLSID\{6027C2D4-FB28-11CD-8820-08002B2F4F5A}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4207056575-3370044151-3894322460-1000_Classes\CLSID\{612A8624-0FB3-11CE-8747-524153480004}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4207056575-3370044151-3894322460-1000_Classes\CLSID\{612A8628-0FB3-11CE-8747-524153480004}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4207056575-3370044151-3894322460-1000_Classes\CLSID\{62823C20-41A3-11CE-9E8B-0020AF039CA3}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4207056575-3370044151-3894322460-1000_Classes\CLSID\{6B7E638F-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4207056575-3370044151-3894322460-1000_Classes\CLSID\{6B7E6393-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4207056575-3370044151-3894322460-1000_Classes\CLSID\{6B7E63A3-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4207056575-3370044151-3894322460-1000_Classes\CLSID\{9ED94440-E5E8-101B-B9B5-444553540000}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4207056575-3370044151-3894322460-1000_Classes\CLSID\{9ED94444-E5E8-101B-B9B5-444553540000}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4207056575-3370044151-3894322460-1000_Classes\CLSID\{B66834C6-2E60-11CE-8748-524153480004}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4207056575-3370044151-3894322460-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Claudi\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4207056575-3370044151-3894322460-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Claudi\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4207056575-3370044151-3894322460-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Claudi\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4207056575-3370044151-3894322460-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Claudi\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4207056575-3370044151-3894322460-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Claudi\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4207056575-3370044151-3894322460-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Claudi\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4207056575-3370044151-3894322460-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Claudi\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4207056575-3370044151-3894322460-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Claudi\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4207056575-3370044151-3894322460-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Claudi\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
==================== Restore Points =========================
26-02-2015 17:29:08 Geplanter Prüfpunkt
06-03-2015 19:00:13 Geplanter Prüfpunkt
12-03-2015 20:15:24 Installed calibre
13-03-2015 23:12:09 Installed calibre
17-03-2015 11:58:34 avast! antivirus system restore point
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {191C7B13-A2E5-416A-8428-85C9F4483AC4} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {1A7CA7EA-8A8F-4282-9644-B5160692C2E1} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {2E992470-35AD-43DB-AC10-A9CE1376D928} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {618DEE84-9E27-4E67-B8D7-2265C4D0E11A} - System32\Tasks\{094D1E08-30AE-4C6D-9378-E126CBB3CDF2} => E:\PowerLine Utility\PowerLine Utility.exe
Task: {6F7AAFB6-FD59-43E6-9A20-21F8C2D89805} - System32\Tasks\{F6E4E344-AFA4-45EC-B680-316642C7B274} => pcalua.exe -a D:\Downloads\the_settlers_7_1.09full.exe -d D:\Downloads
Task: {7256C442-D3AA-4728-A4E4-2FE8B724DAC4} - System32\Tasks\{C6450D5E-BEC1-46C0-B9D9-3BEDA450F984} => pcalua.exe -a "E:\DAEMON Tools Lite\InstallGadget.exe" -d "E:\DAEMON Tools Lite"
Task: {8BC55973-9258-4920-BE86-0D24D5D685D6} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe
Task: {AED41E5D-F890-4EE5-9E9E-B55AF601D486} - System32\Tasks\{0D53B32E-FCF5-4EC2-BFEE-66BCB2581099} => pcalua.exe -a D:\Downloads\the_settlers_7_1.10full.exe -d D:\Downloads
Task: {B434EE57-04A4-4306-821D-5768C3D504BA} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {B4D7077F-250B-4863-B751-A388DE4858E3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-04-25] (Google Inc.)
Task: {B9A0C4A2-9AE8-4820-BE0C-E731F41CBBD4} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-03-17] (Avast Software s.r.o.)
Task: {BE33C3A2-D018-439E-B12F-CEE12418FCC1} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe
Task: {C830ED48-B5C0-419F-9AEB-D46C0515296F} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Mainwurf-Claudi Mainwurf => E:\Office 2013\Office15\MsoSync.exe [2014-01-23] (Microsoft Corporation)
Task: {CC31F910-894E-4A2A-9DE8-3E33FC0B8BA3} - System32\Tasks\{6C3D7013-6959-4F74-A829-2331FD571855} => E:\PowerLine Utility\PowerLine Utility.exe
Task: {D3472535-CD02-424C-B62D-340234199A36} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
Task: {DA5BE7E9-C870-4B8A-8E20-07482868AE86} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {DD8019B9-09FA-4131-9F2E-A98C024120DA} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {E1306F84-6F52-4D0A-9BC4-ED5A8BF091F1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-04-25] (Google Inc.)
Task: {E31A6401-5975-4FA3-87FA-081775700DB5} - System32\Tasks\{1C94C6D1-C589-46BF-9E1E-73D7032ED5AF} => pcalua.exe -a C:\Users\Claudi\Desktop\setup_basic_G2710_3.exe -d C:\Users\Claudi\Desktop
Task: {E835B712-93FC-469A-AF7F-47AAEB695393} - System32\Tasks\QIPdater 2012 => E:\QIP\qipdater.exe [2012-03-27] (Caphyon LTD)
Task: {F2C691D9-F45F-4E7C-83F4-109DCCA4C4BA} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {F822BF3F-22DD-433E-95B7-93D64CA69A76} - System32\Tasks\Games\UpdateCheck_S-1-5-21-4207056575-3370044151-3894322460-1004
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\QIPdater 2012.job => E:\QIP\qipdater.exe
==================== Loaded Modules (whitelisted) ==============
2015-03-17 11:57 - 2015-03-17 11:57 - 02922496 _____ () C:\Program Files\AVAST Software\Avast\defs\15031700\algo.dll
2013-04-10 09:15 - 2008-01-10 13:17 - 00022723 _____ () C:\Windows\System32\ssp2ml3.dll
2014-07-09 19:16 - 2013-05-15 07:32 - 00024064 _____ () C:\Windows\System32\sst6clm.dll
2013-04-08 18:56 - 2014-07-02 20:42 - 00107992 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2015-03-13 20:24 - 2015-03-13 20:24 - 38714440 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-03-04 23:08 - 2015-03-04 23:08 - 00750080 _____ () C:\Users\Claudi\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-03-17 11:57 - 2015-03-17 11:57 - 00043008 _____ () c:\users\claudi\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpj659we.dll
2015-03-04 23:08 - 2015-03-04 23:08 - 00047616 _____ () C:\Users\Claudi\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-03-04 23:08 - 2015-03-04 23:08 - 00865280 _____ () C:\Users\Claudi\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-03-04 23:07 - 2015-03-04 23:07 - 00200704 _____ () C:\Users\Claudi\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-4207056575-3370044151-3894322460-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Claudi\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: FsUsbExService => 2
MSCONFIG\Services: NAUpdate => 2
MSCONFIG\Services: OverwolfUpdaterService => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: TomTomHOMEService => 2
MSCONFIG\startupreg: DAEMON Tools Lite => "E:\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: KiesAirMessage => E:\Kies\KiesAirMessage.exe -startup
MSCONFIG\startupreg: KiesPDLR => E:\Kies\External\FirmwareUpdate\KiesPDLR.exe
MSCONFIG\startupreg: KiesPreload => E:\Kies\Kies.exe /preload
MSCONFIG\startupreg: KiesTrayAgent => E:\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: PDFPrint => E:\PDF24\pdf24.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: VirtualCloneDrive => "E:\VirtualCloneDrive\VCDDaemon.exe" /s
MSCONFIG\startupreg: WinampAgent => E:\Winamp\winampa.exe
==================== Accounts: =============================
Administrator (S-1-5-21-4207056575-3370044151-3894322460-500 - Administrator - Disabled)
Claudi (S-1-5-21-4207056575-3370044151-3894322460-1000 - Administrator - Enabled) => C:\Users\Claudi
Gast (S-1-5-21-4207056575-3370044151-3894322460-501 - Limited - Enabled)
Laura (S-1-5-21-4207056575-3370044151-3894322460-1005 - Limited - Enabled) => C:\Users\Laura
Lisa (S-1-5-21-4207056575-3370044151-3894322460-1004 - Limited - Enabled) => C:\Users\Lisa
==================== Faulty Device Manager Devices =============
Name: VirtualBox Host-Only Ethernet Adapter
Description: VirtualBox Host-Only Ethernet Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Oracle Corporation
Service: VBoxNetAdp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (03/17/2015 11:58:31 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {224ef49b-8819-4e0c-8228-3b3d73373e76}
Error: (03/17/2015 11:56:56 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/16/2015 05:46:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 36.0.1.5542, Zeitstempel: 0x54f851c0
Name des fehlerhaften Moduls: xul.dll, Version: 36.0.1.5542, Zeitstempel: 0x54f85115
Ausnahmecode: 0xc0000005
Fehleroffset: 0x011afb85
ID des fehlerhaften Prozesses: 0x1190
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Error: (03/16/2015 05:46:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 36.0.1.5542, Zeitstempel: 0x54f851c0
Name des fehlerhaften Moduls: xul.dll, Version: 36.0.1.5542, Zeitstempel: 0x54f85115
Ausnahmecode: 0xc0000005
Fehleroffset: 0x011afb85
ID des fehlerhaften Prozesses: 0x1080
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Error: (03/16/2015 05:46:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 36.0.1.5542, Zeitstempel: 0x54f851c0
Name des fehlerhaften Moduls: xul.dll, Version: 36.0.1.5542, Zeitstempel: 0x54f85115
Ausnahmecode: 0xc0000005
Fehleroffset: 0x011afb85
ID des fehlerhaften Prozesses: 0xf7c
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Error: (03/16/2015 05:46:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 36.0.1.5542, Zeitstempel: 0x54f851c0
Name des fehlerhaften Moduls: xul.dll, Version: 36.0.1.5542, Zeitstempel: 0x54f85115
Ausnahmecode: 0xc0000005
Fehleroffset: 0x011afb85
ID des fehlerhaften Prozesses: 0x132c
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Error: (03/16/2015 05:46:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 36.0.1.5542, Zeitstempel: 0x54f851c0
Name des fehlerhaften Moduls: xul.dll, Version: 36.0.1.5542, Zeitstempel: 0x54f85115
Ausnahmecode: 0xc0000005
Fehleroffset: 0x011afb85
ID des fehlerhaften Prozesses: 0x1558
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Error: (03/16/2015 05:45:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 36.0.1.5542, Zeitstempel: 0x54f851c0
Name des fehlerhaften Moduls: xul.dll, Version: 36.0.1.5542, Zeitstempel: 0x54f85115
Ausnahmecode: 0xc0000005
Fehleroffset: 0x011afb85
ID des fehlerhaften Prozesses: 0x15dc
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Error: (03/16/2015 05:45:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 36.0.1.5542, Zeitstempel: 0x54f851c0
Name des fehlerhaften Moduls: xul.dll, Version: 36.0.1.5542, Zeitstempel: 0x54f85115
Ausnahmecode: 0xc0000005
Fehleroffset: 0x011afb85
ID des fehlerhaften Prozesses: 0xfe8
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Error: (03/16/2015 05:43:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 36.0.1.5542, Zeitstempel: 0x54f851c0
Name des fehlerhaften Moduls: mozalloc.dll, Version: 36.0.1.5542, Zeitstempel: 0x54f8437e
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001e02
ID des fehlerhaften Prozesses: 0x1394
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
System errors:
=============
Error: (03/17/2015 11:56:25 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%20
Error: (03/16/2015 01:24:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%20
Error: (03/15/2015 05:58:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%20
Error: (03/14/2015 10:58:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%20
Error: (03/14/2015 10:50:10 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%20
Error: (03/13/2015 01:31:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%20
Error: (03/12/2015 06:37:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%20
Error: (03/11/2015 06:32:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%20
Error: (03/10/2015 06:59:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%20
Error: (03/09/2015 04:20:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%20
Microsoft Office Sessions:
=========================
Error: (03/17/2015 11:58:31 AM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Zugriff verweigert
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {224ef49b-8819-4e0c-8228-3b3d73373e76}
Error: (03/17/2015 11:56:56 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/16/2015 05:46:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe36.0.1.554254f851c0xul.dll36.0.1.554254f85115c0000005011afb85119001d06008b3f18154E:\Mozilla Firefox\plugin-container.exeE:\Mozilla Firefox\xul.dllf1be7596-cbfb-11e4-93e7-902b3496e0e2
Error: (03/16/2015 05:46:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe36.0.1.554254f851c0xul.dll36.0.1.554254f85115c0000005011afb85108001d06008b3015170E:\Mozilla Firefox\plugin-container.exeE:\Mozilla Firefox\xul.dllf0c8040b-cbfb-11e4-93e7-902b3496e0e2
Error: (03/16/2015 05:46:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe36.0.1.554254f851c0xul.dll36.0.1.554254f85115c0000005011afb85f7c01d06008b26dc1d6E:\Mozilla Firefox\plugin-container.exeE:\Mozilla Firefox\xul.dllf0355ed5-cbfb-11e4-93e7-902b3496e0e2
Error: (03/16/2015 05:46:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe36.0.1.554254f851c0xul.dll36.0.1.554254f85115c0000005011afb85132c01d06008b19c8c16E:\Mozilla Firefox\plugin-container.exeE:\Mozilla Firefox\xul.dllef6317a1-cbfb-11e4-93e7-902b3496e0e2
Error: (03/16/2015 05:46:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe36.0.1.554254f851c0xul.dll36.0.1.554254f85115c0000005011afb85155801d06008b063e072E:\Mozilla Firefox\plugin-container.exeE:\Mozilla Firefox\xul.dllee2a1ddb-cbfb-11e4-93e7-902b3496e0e2
Error: (03/16/2015 05:45:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe36.0.1.554254f851c0xul.dll36.0.1.554254f85115c0000005011afb8515dc01d06008a4c7727cE:\Mozilla Firefox\plugin-container.exeE:\Mozilla Firefox\xul.dlle2948dcf-cbfb-11e4-93e7-902b3496e0e2
Error: (03/16/2015 05:45:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe36.0.1.554254f851c0xul.dll36.0.1.554254f85115c0000005011afb85fe801d060089ccfb02eE:\Mozilla Firefox\plugin-container.exeE:\Mozilla Firefox\xul.dllda97e96f-cbfb-11e4-93e7-902b3496e0e2
Error: (03/16/2015 05:43:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe36.0.1.554254f851c0mozalloc.dll36.0.1.554254f8437e8000000300001e02139401d06007188c5253E:\Mozilla Firefox\plugin-container.exeE:\Mozilla Firefox\mozalloc.dll91077b10-cbfb-11e4-93e7-902b3496e0e2
==================== Memory info ===========================
Processor: AMD Phenom(tm) II X4 945 Processor
Percentage of memory in use: 39%
Total physical RAM: 3069.55 MB
Available physical RAM: 1867.26 MB
Total Pagefile: 6137.39 MB
Available Pagefile: 4486.54 MB
Total Virtual: 2047.88 MB
Available Virtual: 1872.63 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:150.1 GB) (Free:100.29 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Eigene Dateien) (Fixed) (Total:74.53 GB) (Free:24.74 GB) NTFS
Drive e: (Programme Neu) (Fixed) (Total:200 GB) (Free:127.92 GB) NTFS
Drive f: (Diverser Krempel) (Fixed) (Total:250 GB) (Free:80.27 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 44E3C1CF)
Partition 1: (Active) - (Size=150.1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=250 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=481.4 GB) - (Type=OF Extended)
========================================================
Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 74.5 GB) (Disk ID: 43520020)
Partition 1: (Not Active) - (Size=74.5 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by Claudi (administrator) on MAINWURF on 17-03-2015 12:43:55
Running from C:\Users\Claudi\Desktop\Checks
Loaded Profiles: Claudi (Available profiles: Claudi & Lisa & Laura)
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(SysTool PasSame LIMITED) C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(XTab system) C:\Program Files\XTab\ProtectService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SERVEREXP2008\MSSQL\Binn\sqlservr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TomTom) E:\TT Home\TomTom HOME 2\TomTomHOMEService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(Geek Software GmbH) E:\PDF24\pdf24.exe
(Hewlett-Packard) E:\HP\HP Software Update\hpwuschd2.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Dropbox, Inc.) C:\Users\Claudi\AppData\Roaming\Dropbox\bin\Dropbox.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Mozilla Corporation) E:\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [11430504 2011-10-17] (Realtek Semiconductor)
HKLM\...\Run: [Nvtmru] => "C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-27] (AVAST Software)
HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2403288 2014-08-09] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NeroFilterCheck] => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [161328 2007-03-26] (Nero AG)
HKLM\...\Run: [PDFPrint] => E:\PDF24\pdf24.exe [191528 2014-07-04] (Geek Software GmbH)
HKLM\...\Run: [HP Software Update] => E:\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM\...\Run: [] => [X]
HKU\S-1-5-21-4207056575-3370044151-3894322460-1000\...\Run: [EEDSpeedLauncher] => rundll32.exe C:\Windows\system32\eed_ec.dll,SpeedLauncher
HKU\S-1-5-21-4207056575-3370044151-3894322460-1000\...\MountPoints2: J - J:\AutoRun.exe
HKU\S-1-5-21-4207056575-3370044151-3894322460-1000\...\MountPoints2: {04c07d38-75a9-11e4-91b5-902b3496e0e2} - H:\AutoRun.exe
HKU\S-1-5-21-4207056575-3370044151-3894322460-1000\...\MountPoints2: {467a7233-e01a-11e3-b11d-902b3496e0e2} - J:\AutoRun.exe
HKU\S-1-5-21-4207056575-3370044151-3894322460-1000\...\MountPoints2: {4d7b3308-c527-11e2-8d67-902b3496e0e2} - J:\AutoRun.exe
HKU\S-1-5-21-4207056575-3370044151-3894322460-1000\...\MountPoints2: {712d930f-b0b7-11e2-bfc7-902b3496e0e2} - I:\AutoRun.exe
HKU\S-1-5-21-4207056575-3370044151-3894322460-1000\...\MountPoints2: {74cf9383-7dfd-11e4-9a54-902b3496e0e2} - H:\LGAutoRun.exe
HKU\S-1-5-21-4207056575-3370044151-3894322460-1000\...\MountPoints2: {78d4d1d9-5c47-11e4-8097-902b3496e0e2} - H:\AutoRun.exe
HKU\S-1-5-21-4207056575-3370044151-3894322460-1000\...\MountPoints2: {8ac65345-b56d-11e2-b811-902b3496e0e2} - J:\AutoRun.exe
HKU\S-1-5-21-4207056575-3370044151-3894322460-1000\...\MountPoints2: {a3a704e4-071e-11e3-b9d4-902b3496e0e2} - I:\AutoRun.exe
HKU\S-1-5-21-4207056575-3370044151-3894322460-1000\...\MountPoints2: {d5fd5f87-e933-11e2-8f49-902b3496e0e2} - I:\AutoRun.exe
Startup: C:\Users\Claudi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Claudi\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Claudi\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Claudi\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Claudi\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Claudi\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Claudi\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Claudi\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Claudi\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Claudi\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.mystartsearch.com/?type=hp&ts=1426524205&from=cor&uid=ST1000DM003-1CH162_S1D96792XXXXS1D96792
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.mystartsearch.com/?type=hp&ts=1426524205&from=cor&uid=ST1000DM003-1CH162_S1D96792XXXXS1D96792
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-4207056575-3370044151-3894322460-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=05203580-871c-be69-0e91-b86f299b8ad7&searchtype=ds&q={searchTerms}&installDate={installDate}
HKU\S-1-5-21-4207056575-3370044151-3894322460-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.mystartsearch.com/?type=hp&ts=1426524205&from=cor&uid=ST1000DM003-1CH162_S1D96792XXXXS1D96792
HKU\S-1-5-21-4207056575-3370044151-3894322460-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=05203580-871c-be69-0e91-b86f299b8ad7&searchtype=ds&q={searchTerms}&installDate={installDate}
HKU\S-1-5-21-4207056575-3370044151-3894322460-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.giga.de/film/
HKU\S-1-5-21-4207056575-3370044151-3894322460-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.mystartsearch.com/?type=hp&ts=1426524205&from=cor&uid=ST1000DM003-1CH162_S1D96792XXXXS1D96792
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1426524205&from=cor&uid=ST1000DM003-1CH162_S1D96792XXXXS1D96792&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1426524205&from=cor&uid=ST1000DM003-1CH162_S1D96792XXXXS1D96792&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4207056575-3370044151-3894322460-1000 -> DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=ST1000DM003-1CH162_S1D96792XXXXS1D96792&ts=1426524256&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4207056575-3370044151-3894322460-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=ST1000DM003-1CH162_S1D96792XXXXS1D96792&ts=1426524256&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4207056575-3370044151-3894322460-1000 -> {0AC146A7-E2EA-4554-A12E-26D55074CE2E} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=ST1000DM003-1CH162_S1D96792XXXXS1D96792&ts=1426524256&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4207056575-3370044151-3894322460-1000 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=ST1000DM003-1CH162_S1D96792XXXXS1D96792&ts=1426524256&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4207056575-3370044151-3894322460-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=ST1000DM003-1CH162_S1D96792XXXXS1D96792&ts=1426524256&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4207056575-3370044151-3894322460-1000 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=ST1000DM003-1CH162_S1D96792XXXXS1D96792&ts=1426524256&type=default&q={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> E:\Office 2013\Office15\OCHelper.dll [2014-01-23] (Microsoft Corporation)
BHO: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files\XTab\SupTab.dll [2015-01-16] (Thinknice Co. Limited)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-01-27] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> E:\Office 2013\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-27] (Oracle Corporation)
BHO: Between Lines 1.0.0.7 -> {fb1b354f-6305-4364-bf9c-4bfef634a9db} -> C:\Program Files\Between Lines\BetweenLinesbho.dll [2015-03-02] (Between Lines)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - E:\Office 2013\Office15\MSOSB.DLL [2014-03-12] (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Claudi\AppData\Roaming\Mozilla\Firefox\Profiles\abqeew4h.default
FF DefaultSearchUrl: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3317892&CUI=UN21792360229163249&UM=2&SearchSource=3&q={searchTerms}&sspv=TB_CNI
FF SelectedSearchEngine: mystartsearch
FF Homepage: about:home
FF Keyword.URL: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3317892&SearchSource=2&CUI=UN21792360229163249&UM=2&sspv=TB_CNI&q=
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-05] ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> E:\PDF Viewer\PDF Viewer\npPDFXCviewNPPlugin.dll [2014-10-28] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> E:\FOXIT READER\plugins\npFoxitReaderPlugin.dll No File
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-27] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-27] (Oracle Corporation)
FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> E:\Office 2013\Office15\NPSPWRAP.DLL No File
FF Plugin: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin: @Nero.com/KM -> C:\PROGRA~1\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL No File
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-07-02] (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-07-02] (NVIDIA Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> E:\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin HKU\S-1-5-21-4207056575-3370044151-3894322460-1000: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> E:\PDF Viewer\PDF Viewer\npPDFXCviewNPPlugin.dll [2014-10-28] (Tracker Software Products (Canada) Ltd.)
FF Extension: Xmarks - C:\Users\Claudi\AppData\Roaming\Mozilla\Firefox\Profiles\abqeew4h.default\Extensions\foxmarks@kei.com [2014-11-23]
FF Extension: FireFTP - C:\Users\Claudi\AppData\Roaming\Mozilla\Firefox\Profiles\abqeew4h.default\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f} [2015-01-16]
FF Extension: Bookmark Backup - C:\Users\Claudi\AppData\Roaming\Mozilla\Firefox\Profiles\abqeew4h.default\Extensions\{3474c305-9dad-11d8-9207-00055d74c2e4}.xpi [2013-04-08]
FF Extension: Adblock Plus - C:\Users\Claudi\AppData\Roaming\Mozilla\Firefox\Profiles\abqeew4h.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-04-08]
FF Extension: DownThemAll! - C:\Users\Claudi\AppData\Roaming\Mozilla\Firefox\Profiles\abqeew4h.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2013-04-08]
FF Extension: Between Lines 1.0.1 - C:\Users\Claudi\AppData\Roaming\Mozilla\Firefox\Profiles\t1i2rmcl.lori\Extensions\firefox@betweenlinesnow.com.xpi [2015-03-02]
FF Extension: No Name - C:\Users\Claudi\AppData\Roaming\Mozilla\Firefox\Profiles\t1i2rmcl.lori\Extensions\scriptish@erikvold.com.xpi [2013-04-08]
FF Extension: User Agent Switcher - C:\Users\Claudi\AppData\Roaming\Mozilla\Firefox\Profiles\t1i2rmcl.lori\Extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}.xpi [2013-04-08]
FF HKLM\...\Firefox\Extensions: [searchengine@gmail.com] - C:\Users\Claudi\AppData\Roaming\Mozilla\Firefox\Profiles\abqeew4h.default\extensions\searchengine@gmail.com
FF HKLM\...\Firefox\Extensions: [istart_ffnt@gmail.com] - C:\Users\Claudi\AppData\Roaming\Mozilla\Firefox\Profiles\abqeew4h.default\extensions\istart_ffnt@gmail.com
StartMenuInternet: FIREFOX.EXE - E:\Mozilla Firefox\firefox.exe
Chrome:
=======
CHR HomePage: Default -> hxxp://www.mystartsearch.com/?type=hp&ts=1426524205&from=cor&uid=ST1000DM003-1CH162_S1D96792XXXXS1D96792
CHR StartupUrls: Default -> "hxxp://www.mystartsearch.com/?type=hp&ts=1426524205&from=cor&uid=ST1000DM003-1CH162_S1D96792XXXXS1D96792"
CHR DefaultSearchKeyword: Default -> mystartsearch
CHR DefaultSearchURL: Default -> hxxp://www.mystartsearch.com/web/?type=ds&ts=1426524205&from=cor&uid=ST1000DM003-1CH162_S1D96792XXXXS1D96792&q={searchTerms}
CHR Profile: C:\Users\Claudi\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Claudi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-25]
CHR Extension: (Google Drive) - C:\Users\Claudi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-25]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Claudi\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-02]
CHR Extension: (YouTube) - C:\Users\Claudi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-25]
CHR Extension: (Google Search) - C:\Users\Claudi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-25]
CHR Extension: (Google Wallet) - C:\Users\Claudi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-25]
CHR Extension: (Gmail) - C:\Users\Claudi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-25]
Opera:
=======
StartMenuInternet: (HKU\S-1-5-21-4207056575-3370044151-3894322460-1000) Opera - "E:\Opera\Opera.exe"
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-18] (AVAST Software)
S4 FsUsbExService; C:\Windows\system32\FsUsbExService.Exe [233472 2013-10-30] (Teruten) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 IHProtect Service; C:\Program Files\XTab\ProtectService.exe [158896 2015-01-16] (XTab system)
R2 MSSQL$SERVEREXP2008; C:\Program Files\Microsoft SQL Server\MSSQL10.SERVEREXP2008\MSSQL\Binn\sqlservr.exe [43028328 2011-09-22] (Microsoft Corporation)
S4 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [762192 2013-07-18] (Nero AG)
R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1720792 2014-08-09] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [17550808 2014-08-09] (NVIDIA Corporation)
S4 SQLAgent$SERVEREXP2008; C:\Program Files\Microsoft SQL Server\MSSQL10.SERVEREXP2008\MSSQL\Binn\SQLAGENT.EXE [370024 2011-09-22] (Microsoft Corporation)
R2 TomTomHOMEService; E:\TT Home\TomTom HOME 2\TomTomHOMEService.exe [93040 2014-06-05] (TomTom)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [493712 2015-03-16] (SysTool PasSame LIMITED)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag.sys [23040 2012-07-03] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem.sys [27776 2012-07-03] (LG Electronics Inc.)
S3 andnetndis; C:\Windows\System32\DRIVERS\lgandnetndis.sys [73728 2012-07-04] (LG Electronics Inc.)
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [19056 2011-11-02] ()
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24144 2015-03-17] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [73440 2015-03-17] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81728 2015-03-17] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49904 2015-03-17] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [788272 2015-03-17] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427480 2015-03-17] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [206976 2015-03-17] ()
S2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [41984 2008-01-10] (Samsung Electronics Co., Ltd.) [File not signed]
S3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [37344 2013-10-30] () [File not signed]
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19416 2014-08-09] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [34080 2014-03-31] (NVIDIA Corporation)
S4 RsFx0105; C:\Windows\System32\DRIVERS\RsFx0105.sys [238696 2011-09-22] (Microsoft Corporation)
S3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [629760 2010-08-10] (Realtek Semiconductor Corporation )
R2 SSPORT; C:\Windows\system32\Drivers\SSPORT.sys [5120 2013-11-26] (Samsung Electronics) [File not signed]
S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [184192 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [35288 2013-08-22] (The OpenVPN Project)
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S3 MSICDSetup; \??\G:\CDriver.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-17 12:43 - 2015-03-17 12:43 - 00000000 ____D () C:\FRST
2015-03-17 12:42 - 2015-03-17 12:42 - 00000000 _____ () C:\Users\Claudi\defogger_reenable
2015-03-17 12:10 - 2015-03-17 12:43 - 00000000 ____D () C:\Users\Claudi\Desktop\Checks
2015-03-17 12:01 - 2015-03-17 12:01 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-17 12:00 - 2015-03-17 12:00 - 00000626 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-03-17 12:00 - 2015-03-17 12:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-03-17 12:00 - 2015-03-17 12:00 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-17 12:00 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-17 12:00 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-17 12:00 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-17 11:59 - 2015-03-17 11:59 - 00291312 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
2015-03-17 11:59 - 2015-03-17 11:59 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
2015-03-17 11:59 - 2014-11-22 14:21 - 00787800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswEC5D.tmp
2015-03-17 11:59 - 2014-11-20 20:23 - 00423784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswF9CA.tmp
2015-03-17 11:59 - 2014-11-18 20:23 - 00206248 _____ () C:\Windows\system32\Drivers\aswFC4A.tmp
2015-03-17 11:59 - 2014-11-18 20:23 - 00081768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswF1BA.tmp
2015-03-17 11:59 - 2014-11-18 20:23 - 00070384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswF600.tmp
2015-03-17 11:59 - 2014-11-18 20:23 - 00049944 _____ () C:\Windows\system32\Drivers\aswF7F5.tmp
2015-03-17 11:59 - 2014-11-18 20:23 - 00024184 _____ () C:\Windows\system32\Drivers\aswF322.tmp
2015-03-17 11:58 - 2015-03-17 11:58 - 01054912 _____ (Adobe) C:\Users\Claudi\Desktop\install_flashplayer17x32au_mssd_aaa_aih.exe
2015-03-16 17:44 - 2015-03-16 17:44 - 00002037 _____ () C:\Users\Claudi\Desktop\JDownloader 2.lnk
2015-03-16 17:44 - 2015-03-16 17:44 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect
2015-03-16 17:44 - 2015-03-16 17:44 - 00000000 ____D () C:\ProgramData\IHProtectUpDate
2015-03-16 17:44 - 2015-03-16 17:44 - 00000000 ____D () C:\Program Files\XTab
2015-03-16 17:43 - 2015-03-16 18:21 - 00000000 ____D () C:\Users\Claudi\AppData\Local\JDownloader v2.0
2015-03-16 17:43 - 2015-03-16 17:43 - 00000000 ____D () C:\Users\Claudi\AppData\Roaming\mystartsearch
2015-03-16 17:43 - 2015-03-16 17:43 - 00000000 ____D () C:\Program Files\Between Lines
2015-03-16 17:40 - 2015-03-16 17:44 - 00000000 ____D () C:\Users\Claudi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDownloader
2015-03-16 15:10 - 2015-03-16 15:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heroes of the Storm
2015-03-16 14:15 - 2015-03-16 14:41 - 00000000 ____D () C:\Users\Claudi\Desktop\kur
2015-03-14 12:05 - 2015-03-14 12:05 - 00000000 ____D () C:\Users\Claudi\Tracing
2015-03-12 20:17 - 2015-03-14 11:54 - 00000000 ____D () C:\Users\Claudi\AppData\Local\calibre-cache
2015-03-12 20:16 - 2015-03-14 11:53 - 00000000 ____D () C:\Users\Claudi\AppData\Roaming\calibre
2015-03-12 20:16 - 2015-03-13 23:12 - 00000890 _____ () C:\Users\Public\Desktop\calibre - E-book management.lnk
2015-03-12 20:15 - 2015-03-13 23:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management
2015-03-12 20:15 - 2015-03-13 23:12 - 00000000 ____D () C:\Program Files\Calibre2
2015-02-20 15:15 - 2015-02-20 15:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III Public Test
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-17 12:42 - 2013-04-08 18:45 - 00000000 ____D () C:\Users\Claudi
2015-03-17 12:31 - 2014-04-25 14:50 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-17 12:12 - 2014-04-30 19:59 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-17 12:04 - 2009-07-14 05:34 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-17 12:04 - 2009-07-14 05:34 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-17 12:03 - 2010-11-20 22:01 - 01807830 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-17 12:00 - 2013-04-08 18:47 - 01497802 _____ () C:\Windows\WindowsUpdate.log
2015-03-17 11:59 - 2014-04-24 18:44 - 00024144 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-03-17 11:59 - 2013-04-08 19:14 - 00788272 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys
2015-03-17 11:59 - 2013-04-08 19:14 - 00427480 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSP.sys
2015-03-17 11:59 - 2013-04-08 19:14 - 00206976 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-03-17 11:59 - 2013-04-08 19:14 - 00081728 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr2.sys
2015-03-17 11:59 - 2013-04-08 19:14 - 00073440 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-03-17 11:59 - 2013-04-08 19:14 - 00049904 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-03-17 11:57 - 2013-04-08 20:40 - 00000228 _____ () C:\Windows\Tasks\QIPdater 2012.job
2015-03-17 11:57 - 2013-04-08 19:17 - 00000000 ____D () C:\Users\Claudi\AppData\Roaming\Dropbox
2015-03-17 11:56 - 2014-04-25 14:50 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-17 11:56 - 2013-04-08 18:56 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-03-17 11:56 - 2010-11-20 22:48 - 00307152 _____ () C:\Windows\PFRO.log
2015-03-17 11:56 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-17 11:56 - 2009-07-14 05:39 - 00192588 _____ () C:\Windows\setupact.log
2015-03-16 22:41 - 2014-03-10 20:48 - 00000000 ____D () C:\Users\Claudi\AppData\Local\Battle.net
2015-03-16 21:05 - 2013-05-03 20:19 - 00000000 ____D () C:\Users\Claudi\AppData\Roaming\Skype
2015-03-15 20:36 - 2014-06-25 19:13 - 00000000 ____D () C:\Users\Claudi\Desktop\beraeuner2007
2015-03-14 23:19 - 2013-04-08 18:08 - 00000000 ____D () C:\Users\Claudi\AppData\Roaming\Nettalk
2015-03-14 12:04 - 2014-03-23 14:55 - 00000000 ___RD () C:\Program Files\Skype
2015-03-14 12:04 - 2013-05-03 20:19 - 00000000 ____D () C:\ProgramData\Skype
2015-03-10 19:02 - 2013-04-08 19:18 - 00000000 ____D () C:\Users\Claudi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-03-08 12:51 - 2013-04-08 19:15 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-03-01 22:47 - 2014-12-14 12:46 - 00000000 ____D () C:\Users\Claudi\AppData\Roaming\vlc
2015-02-28 22:24 - 2014-03-10 20:48 - 00000000 ____D () C:\Program Files\Battle.net
2015-02-20 15:15 - 2013-04-08 19:07 - 00000000 ____D () C:\Program Files\Common Files\Blizzard Entertainment
2015-02-19 19:55 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\NDF
==================== Files in the root of some directories =======
2013-12-17 20:24 - 2014-11-29 17:36 - 0006656 _____ () C:\Users\Claudi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-12-24 14:56 - 2014-12-24 14:56 - 0000846 _____ () C:\Users\Claudi\AppData\Local\recently-used.xbel
2014-04-21 15:26 - 2014-11-28 21:18 - 0007620 _____ () C:\Users\Claudi\AppData\Local\Resmon.ResmonCfg
2014-10-30 19:33 - 2014-11-15 16:08 - 0015220 _____ () C:\ProgramData\hpzinstall.log
2013-06-24 13:24 - 2013-06-24 13:24 - 0000099 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
Some content of TEMP:
====================
C:\Users\Claudi\AppData\Local\Temp\130709977849463590.exe
C:\Users\Claudi\AppData\Local\Temp\13070997786856361715.exe
C:\Users\Claudi\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpj659we.dll
C:\Users\Claudi\AppData\Local\Temp\proxy_vole2115328007879522814.dll
C:\Users\Claudi\AppData\Local\Temp\SkypeSetup.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-03-15 18:29
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-03-17 13:18:24
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST1000DM003-1CH162 rev.CC46 931,51GB
Running: 5j3ehlwv.exe; Driver: C:\Users\Claudi\AppData\Local\Temp\kfdcypog.sys
---- System - GMER 2.1 ----
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAddBootEntry [0x90E1DACC]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwAllocateVirtualMemory [0x90EDA31C]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAssignProcessToJobObject [0x90E1E5AA]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEvent [0x90E2A6A0]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEventPair [0x90E2A6EC]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateIoCompletion [0x90E2A886]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateMutant [0x90E2A60E]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwCreateSection [0x90EDA6F6]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateSemaphore [0x90E2A656]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwCreateThread [0x90EDA986]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwCreateThreadEx [0x90EDAA70]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateTimer [0x90E2A840]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDebugActiveProcess [0x90E1F398]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteBootEntry [0x90E1DB32]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwDuplicateObject [0x90EDAB74]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwFreeVirtualMemory [0x90EDA3F4]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwLoadDriver [0x90ED778E]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwMapViewOfSection [0x90EDA7D6]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwModifyBootEntry [0x90E1DB98]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeKey [0x90E22FE0]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeMultipleKeys [0x90E1FEDC]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEvent [0x90E2A6CA]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEventPair [0x90E2A70E]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenIoCompletion [0x90E2A8AA]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenMutant [0x90E2A634]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenProcess [0x90E224E2]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSection [0x90E2A7BE]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSemaphore [0x90E2A67E]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenThread [0x90E228CE]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenTimer [0x90E2A864]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwProtectVirtualMemory [0x90EDA574]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryObject [0x90E1FCF4]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueueApcThreadEx [0x90E1FA02]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootEntryOrder [0x90E1DBFE]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootOptions [0x90E1DC64]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwSetContextThread [0x90EDA8D2]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemInformation [0x90E1D7B8]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemPowerState [0x90E1D98A]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwShutdownSystem [0x90E1D918]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendProcess [0x90E1F562]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendThread [0x90E1F6C4]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSystemDebugControl [0x90E1DA12]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwTerminateProcess [0x90EDA642]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwTerminateThread [0x90E1F1F2]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwUnloadDriver [0x90ED77BE]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwVdmControl [0x90E1DCCA]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwWriteVirtualMemory [0x90EDA4A6]
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 142D 8347AA15 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 834B4212 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 10CB 834BB460 4 Bytes [CC, DA, E1, 90]
.text ntkrnlpa.exe!KeRemoveQueueEx + 10F3 834BB488 4 Bytes [1C, A3, ED, 90] {SBB AL, 0xa3; IN EAX, DX; NOP }
.text ntkrnlpa.exe!KeRemoveQueueEx + 1153 834BB4E8 4 Bytes [AA, E5, E1, 90] {STOSB ; IN EAX, 0xe1; NOP }
.text ntkrnlpa.exe!KeRemoveQueueEx + 11A7 834BB53C 8 Bytes [A0, A6, E2, 90, EC, A6, E2, ...] {MOV AL, [0xec90e2a6]; CMPSB ; LOOP 0xffffff98}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11B3 834BB548 4 Bytes [86, A8, E2, 90]
.text ...
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 108 836764EF 4 Bytes CALL 90E205C3 \SystemRoot\system32\drivers\aswSnx.sys
PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 122 83690357 4 Bytes CALL 90E205D9 \SystemRoot\system32\drivers\aswSnx.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1552] kernel32.dll!SetUnhandledExceptionFilter 75F6F5AB 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP }
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[2736] kernel32.dll!SetUnhandledExceptionFilter 75F6F5AB 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP }
.text E:\Office 2013\Office15\MsoSync.exe[5340] USER32.dll!RegisterClipboardFormatA 7632C091 5 Bytes JMP 56DEA960 C:\Program Files\Common Files\Microsoft Shared\Office15\mso.dll
.text E:\Office 2013\Office15\MsoSync.exe[5340] USER32.dll!RegisterClipboardFormatW 7632DF8D 5 Bytes JMP 56DE5C7E C:\Program Files\Common Files\Microsoft Shared\Office15\mso.dll
.text E:\Office 2013\Office15\MsoSync.exe[5340] USER32.dll!BeginPaint 76335D14 5 Bytes JMP 56DF8A2D C:\Program Files\Common Files\Microsoft Shared\Office15\mso.dll
.text E:\Office 2013\Office15\MsoSync.exe[5340] USER32.dll!ValidateRect 7634F089 5 Bytes JMP 56F60569 C:\Program Files\Common Files\Microsoft Shared\Office15\mso.dll
.text E:\Office 2013\Office15\MsoSync.exe[5340] ole32.dll!OleLoadFromStream 77466143 5 Bytes JMP 578C6EAF C:\Program Files\Common Files\Microsoft Shared\Office15\mso.dll
.text E:\Office 2013\Office15\MsoSync.exe[5340] SHELL32.dll!SHParseDisplayName 766A7EDB 5 Bytes JMP 56FF0A45 C:\Program Files\Common Files\Microsoft Shared\Office15\mso.dll
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[5500] kernel32.dll!SetUnhandledExceptionFilter 75F6F5AB 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP }
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\rdyboost\Parameters@LastBootPlanUserTime ?Di?, ?Mrz ?17 ?15, 01:02:44??????????????? ???????????????????
---- EOF - GMER 2.1 ----
Herzlichen Dank! Claudi |
|
17.03.2015, 14:07
| #2 |
| /// the machine /// TB-Ausbilder    | Windows 7: Firefox versucht Datei zuladen die verseucht ist hi,
__________________Lade Dir bitte von hier  Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
Scan mit Combofix
__________________ |
|
17.03.2015, 15:02
| #3 |
| | Windows 7: Firefox versucht Datei zuladen die verseucht ist Danke für deine Unterstützung.
__________________Code:
ATTFilter ComboFix 15-03-14.03 - Claudi 17.03.2015 14:51:24.1.4 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.49.1031.18.3070.1721 [GMT 1:00]
ausgeführt von:: c:\users\Claudi\Desktop\Checks\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Claudi\AppData\Roaming\SearchProtect
.
.
((((((((((((((((((((((( Dateien erstellt von 2015-02-17 bis 2015-03-17 ))))))))))))))))))))))))))))))
.
.
2015-03-17 13:59 . 2015-03-17 13:59 -------- d-----w- c:\users\Lisa\AppData\Local\temp
2015-03-17 13:59 . 2015-03-17 13:59 -------- d-----w- c:\users\Laura\AppData\Local\temp
2015-03-17 13:59 . 2015-03-17 13:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-03-17 12:03 . 2015-03-17 12:03 -------- d-----w- c:\windows\system32\vbox
2015-03-17 11:43 . 2015-03-17 11:44 -------- d-----w- C:\FRST
2015-03-17 11:01 . 2015-03-17 11:01 114904 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-03-17 11:00 . 2015-03-17 11:00 -------- d-----w- c:\programdata\Malwarebytes
2015-03-17 11:00 . 2014-11-21 05:14 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-03-17 11:00 . 2014-11-21 05:14 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-03-17 11:00 . 2014-11-21 05:14 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-03-17 10:59 . 2015-03-17 10:59 291312 ----a-w- c:\windows\system32\aswBoot.exe
2015-03-17 10:59 . 2015-03-17 10:59 43112 ----a-w- c:\windows\avastSS.scr
2015-03-16 16:44 . 2015-03-16 16:44 -------- d-----w- c:\programdata\IHProtectUpDate
2015-03-16 16:44 . 2015-03-16 16:44 -------- d-----w- c:\program files\XTab
2015-03-16 16:44 . 2015-03-16 16:44 -------- d-----w- c:\programdata\WindowsMangerProtect
2015-03-16 16:43 . 2015-03-17 12:40 -------- d-----w- c:\users\Claudi\AppData\Local\JDownloader v2.0
2015-03-14 11:05 . 2015-03-14 11:05 -------- d-----w- c:\users\Claudi\Tracing
2015-03-12 19:17 . 2015-03-14 10:54 -------- d-----w- c:\users\Claudi\AppData\Local\calibre-cache
2015-03-12 19:16 . 2015-03-14 10:53 -------- d-----w- c:\users\Claudi\AppData\Roaming\calibre
2015-03-12 19:15 . 2015-03-13 22:12 -------- d-----w- c:\program files\Calibre2
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-03-17 10:59 . 2014-04-24 17:44 24144 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2015-03-17 10:59 . 2013-04-08 18:14 427480 ----a-w- c:\windows\system32\drivers\aswSP.sys
2015-03-17 10:59 . 2013-04-08 18:14 81728 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2015-03-17 10:59 . 2013-04-08 18:14 206976 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2015-03-17 10:59 . 2013-04-08 18:14 49904 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2015-03-17 10:59 . 2013-04-08 18:14 73440 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2015-03-17 10:59 . 2013-04-08 18:14 788272 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2015-02-05 18:12 . 2014-04-30 18:59 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-02-05 18:12 . 2014-04-30 18:59 701616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-01-27 20:49 . 2014-04-30 18:56 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- c:\users\Claudi\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- c:\users\Claudi\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- c:\users\Claudi\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- c:\users\Claudi\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- c:\users\Claudi\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- c:\users\Claudi\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- c:\users\Claudi\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- c:\users\Claudi\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-03-17 10:59 644608 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"EEDSpeedLauncher"="c:\windows\system32\eed_ec.dll" [2014-04-11 2277376]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-10-17 11430504]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-03-17 5511352]
"NvBackend"="c:\program files\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-08-09 2403288]
"ShadowPlay"="c:\windows\system32\nvspcap.dll" [2014-08-09 1126480]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-26 161328]
"PDFPrint"="e:\pdf24\pdf24.exe" [2014-07-04 191528]
"HP Software Update"="e:\hp\HP Software Update\HPWuSchd2.exe" [2013-05-30 96056]
.
c:\users\Claudi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Claudi\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2015-3-4 42560368]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPDLR]
2013-12-11 09:52 845168 ----a-w- e:\kies\External\FirmwareUpdate\KiesPDLR.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPreload]
2013-12-11 09:52 1564528 ----a-w- e:\kies\Kies.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent]
2013-12-11 09:52 311152 ----a-w- e:\kies\KiesTrayAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFPrint]
2014-07-04 10:40 191528 ----a-w- e:\pdf24\pdf24.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2014-12-17 21:12 508800 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2012-06-28 15:40 74752 ----a-w- e:\winamp\winampa.exe
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2015-01-02 315488]
R2 WindowsMangerProtect;WindowsMangerProtect Service;c:\programdata\WindowsMangerProtect\ProtectWindowsManager.exe [2015-03-16 493712]
R3 AndNetDiag;LGE AndroidNet USB Serial Port;c:\windows\system32\DRIVERS\lgandnetdiag.sys [2012-07-03 23040]
R3 ANDNetModem;LGE AndroidNet USB Modem;c:\windows\system32\DRIVERS\lgandnetmodem.sys [2012-07-03 27776]
R3 andnetndis;LGE AndroidNet NDIS Ethernet Adapter;c:\windows\system32\DRIVERS\lgandnetndis.sys [2012-07-04 73728]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2013-08-21 32064]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [2010-04-06 31272]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2014-01-22 88576]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2013-10-30 37344]
R3 MSICDSetup;MSICDSetup;G:\CDriver.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 RTL8192cu;Realtek RTL8192CU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192cu.sys [2010-08-10 629760]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2013-08-21 136904]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2013-08-21 17864]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2013-08-21 153672]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2013-08-21 130248]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2014-01-22 184192]
R3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudserd.sys [2014-01-22 184192]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-20 77184]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2012-08-23 24064]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-10-02 49152]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 27136]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2014-11-21 116184]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R4 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2013-10-30 233472]
R4 MSSQLServerADHelper100;SQL Server Hilfsdienst für Active Directory;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2011-09-25 47128]
R4 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2013-07-18 762192]
R4 RsFx0105;RsFx0105 Driver;c:\windows\system32\DRIVERS\RsFx0105.sys [2011-09-22 238696]
R4 SQLAgent$SERVEREXP2008;SQL Server-Agent (SERVEREXP2008);c:\program files\Microsoft SQL Server\MSSQL10.SERVEREXP2008\MSSQL\Binn\SQLAGENT.EXE [2011-09-22 370024]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [2011-11-02 19056]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2015-03-17 788272]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2015-03-17 427480]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2014-11-21 744520]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2014-11-21 104384]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2015-03-17 24144]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2015-03-17 73440]
S2 IHProtect Service;IHProtect Service;c:\program files\XTab\ProtectService.exe [2015-01-16 158896]
S2 MSSQL$SERVEREXP2008;SQL Server (SERVEREXP2008);c:\program files\Microsoft SQL Server\MSSQL10.SERVEREXP2008\MSSQL\Binn\sqlservr.exe [2011-09-22 43028328]
S2 NvNetworkService;NVIDIA Network Service;c:\program files\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-08-09 1720792]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-08-09 17550808]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2013-11-26 5120]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-07-02 413128]
S2 TomTomHOMEService;TomTomHOMEService;e:\tt home\TomTom HOME 2\TomTomHOMEService.exe [2014-06-05 93040]
S2 VBoxAswDrv;VBoxAsw Support Driver;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [2015-03-17 220240]
S3 AvastVBoxSvc;AvastVBox COM Service;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [2015-03-17 3205216]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2014-03-19 65232]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [2011-08-11 88176]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-08-09 19416]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad32v.sys [2014-03-31 34080]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2014-11-21 126496]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - KFDCYPOG
*NewlyCreated* - VBOXASWDRV
*Deregistered* - kfdcypog
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-03-14 10:31 1061704 ----a-w- c:\program files\Google\Chrome\Application\41.0.2272.89\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2015-03-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-30 18:12]
.
2015-03-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-04-25 13:50]
.
2015-03-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-04-25 13:50]
.
2015-03-17 c:\windows\Tasks\QIPdater 2012.job
- e:\qip\qipdater.exe [2012-03-27 19:29]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
mStart Page = about:blank
uSearchAssistant = hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=05203580-871c-be69-0e91-b86f299b8ad7&searchtype=ds&q={searchTerms}&installDate={installDate}
IE: An OneNote s&enden - e:\office~3\Office15\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - e:\office~3\Office15\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - e:\office~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
FF - ProfilePath - c:\users\Claudi\AppData\Roaming\Mozilla\Firefox\Profiles\abqeew4h.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3317892&CUI=UN21792360229163249&UM=2&SearchSource=3&q={searchTerms}&sspv=TB_CNI
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-Nvtmru - c:\program files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe
MSConfigStartUp-DAEMON Tools Lite - e:\daemon tools lite\DTLite.exe
MSConfigStartUp-KiesAirMessage - e:\kies\KiesAirMessage.exe
MSConfigStartUp-VirtualCloneDrive - e:\virtualclonedrive\VCDDaemon.exe
AddRemove-HPOCR - e:\hp\Digital Imaging\OCR\hpzscr01.exe
AddRemove-01_Simmental - e:\usb drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - e:\usb drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - e:\usb drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - e:\usb drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - e:\usb drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - e:\usb drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - e:\usb drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - e:\usb drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - e:\usb drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - e:\usb drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - e:\usb drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - e:\usb drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - e:\usb drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - e:\usb drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - e:\usb drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - e:\usb drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - e:\usb drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - e:\usb drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - e:\usb drivers\25_escape\Uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2015-03-17 15:00:29
ComboFix-quarantined-files.txt 2015-03-17 14:00
.
Vor Suchlauf: 12 Verzeichnis(se), 103.832.965.120 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 104.012.025.856 Bytes frei
.
- - End Of File - - A68160E104BE80C6DD001AE159BB2614
A36C5E4F47E84449FF07ED3517B43A31
|
|
17.03.2015, 18:49
| #4 |
| /// the machine /// TB-Ausbilder | Windows 7: Firefox versucht Datei zuladen die verseucht ist Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
17.03.2015, 19:41
| #5 |
| | Windows 7: Firefox versucht Datei zuladen die verseucht ist Hallo Schrauber, hier die gewünschten Logs: Malwarebytes: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 17.03.2015 Suchlauf-Zeit: 19:09:40 Logdatei: mbam.txt Administrator: Ja Version: 2.00.4.1028 Malware Datenbank: v2015.03.17.06 Rootkit Datenbank: v2015.02.25.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x86 Dateisystem: NTFS Benutzer: Claudi Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 485073 Verstrichene Zeit: 10 Min, 40 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 1 PUP.Optional.XTab.A, C:\Program Files\XTab\ProtectService.exe, 748, Löschen bei Neustart, [d8c26dd9107a88aec26cc847c63cb947] Module: 2 PUP.Optional.XTab.A, C:\Program Files\XTab\msvcp110.dll, Löschen bei Neustart, [7327083e216995a1fe487544c53e42be], PUP.Optional.XTab.A, C:\Program Files\XTab\msvcr110.dll, Löschen bei Neustart, [7327083e216995a1fe487544c53e42be], Registrierungsschlüssel: 14 PUP.Optional.XTab.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\IHProtect Service, In Quarantäne, [d8c26dd9107a88aec26cc847c63cb947], PUP.Optional.Iminent.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{68B81CCD-A80C-4060-8947-5AE69ED01199}, In Quarantäne, [0f8b2b1b355559ddd7df97c407fcdf21], PUP.Optional.Iminent.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E6B969FB-6D33-48d2-9061-8BBD4899EB08}, In Quarantäne, [15854cfa36541a1c9522500b9172d030], PUP.Optional.IHProtect.A, HKLM\SOFTWARE\IHProtect, In Quarantäne, [c4d6ba8cd5b5dc5a301571486d96ef11], PUP.Optional.Iminent.A, HKLM\SOFTWARE\Iminent, In Quarantäne, [d6c40b3baae0ea4c9df012ec758e7a86], PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\mystartsearchSoftware, In Quarantäne, [4a501531c4c692a4d3452b9649badb25], PUP.Optional.SupTab.A, HKLM\SOFTWARE\SUPTAB, In Quarantäne, [a7f3af9775151f1754b09639c83b827e], PUP.Optional.WindowsMangerProtect.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WindowsMangerProtect, In Quarantäne, [78222c1a73170432f704ba025aa9fd03], PUP.Optional.WindowsMangerProtect.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\WindowsMangerProtect, In Quarantäne, [465471d5c8c2ec4a8bb4f2d2ce35916f], PUP.Optional.InstallBrain.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WNLT, In Quarantäne, [0496e85e038752e44a2773a71aeb659b], PUP.Optional.Iminent.A, HKU\S-1-5-21-4207056575-3370044151-3894322460-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Iminent, In Quarantäne, [1e7c2c1a57338caa0c8207f78281817f], PUP.Optional.Conduit.A, HKU\S-1-5-21-4207056575-3370044151-3894322460-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\ConduitSearchScopes, In Quarantäne, [f6a41a2caddd5adc1bbb2a96a65d32ce], PUP.Optional.Conduit.A, HKU\S-1-5-21-4207056575-3370044151-3894322460-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\CONDUIT\FF, In Quarantäne, [108a4006d8b2092d00e5a375da2bc23e], PUP.Optional.InstallBrain.A, HKU\S-1-5-21-4207056575-3370044151-3894322460-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WNLT, In Quarantäne, [7f1b98ae0d7dc373de9351c9f4118779], Registrierungswerte: 4 PUP.Optional.SearchEngine.A, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|searchengine@gmail.com, C:\Users\Claudi\AppData\Roaming\Mozilla\Firefox\Profiles\abqeew4h.default\extensions\searchengine@gmail.com, In Quarantäne, [4951b2941d6de35316be9aa57f8639c7] PUP.Optional.SupTab.A, HKLM\SOFTWARE\SUPTAB|ptid, cor, In Quarantäne, [a7f3af9775151f1754b09639c83b827e] PUP.Optional.InstallBrain.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WNLT|URL, MYSTART, In Quarantäne, [0496e85e038752e44a2773a71aeb659b] PUP.Optional.InstallBrain.A, HKU\S-1-5-21-4207056575-3370044151-3894322460-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WNLT|URL, SIM, In Quarantäne, [7f1b98ae0d7dc373de9351c9f4118779] Registrierungsdaten: 3 PUP.Optional.SnapDo.A, HKU\S-1-5-21-4207056575-3370044151-3894322460-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=05203580-871c-be69-0e91-b86f299b8ad7&searchtype=ds&q={searchTerms}&installDate={installDate}, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=05203580-871c-be69-0e91-b86f299b8ad7&searchtype=ds&q={searchTerms}&installDate={installDate}),Ersetzt,[ff9bb88e177396a09fded40c4bba9967] PUP.Optional.SnapDo.A, HKU\S-1-5-21-4207056575-3370044151-3894322460-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=05203580-871c-be69-0e91-b86f299b8ad7&searchtype=ds&q={searchTerms}&installDate={installDate}, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=05203580-871c-be69-0e91-b86f299b8ad7&searchtype=ds&q={searchTerms}&installDate={installDate}),Ersetzt,[f4a6fc4a078348eeef8f0ad6ca3be11f] PUP.Optional.SnapDo.A, HKU\S-1-5-21-4207056575-3370044151-3894322460-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=05203580-871c-be69-0e91-b86f299b8ad7&searchtype=ds&q={searchTerms}&installDate={installDate}, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=05203580-871c-be69-0e91-b86f299b8ad7&searchtype=ds&q={searchTerms}&installDate={installDate}),Ersetzt,[a8f27fc7434753e3b0c90ad621e4af51] Ordner: 35 PUP.Optional.XTab.A, C:\Program Files\XTab, Löschen bei Neustart, [7327083e216995a1fe487544c53e42be], PUP.Optional.XTab.A, C:\Program Files\XTab\skin, In Quarantäne, [7327083e216995a1fe487544c53e42be], PUP.Optional.XTab.A, C:\Program Files\XTab\skin\image, In Quarantäne, [7327083e216995a1fe487544c53e42be], PUP.Optional.XTab.A, C:\Program Files\XTab\web, In Quarantäne, [7327083e216995a1fe487544c53e42be], PUP.Optional.XTab.A, C:\Program Files\XTab\web\img, In Quarantäne, [7327083e216995a1fe487544c53e42be], PUP.Optional.XTab.A, C:\Program Files\XTab\web\img\weather, In Quarantäne, [7327083e216995a1fe487544c53e42be], PUP.Optional.XTab.A, C:\Program Files\XTab\web\js, In Quarantäne, [7327083e216995a1fe487544c53e42be], PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales, In Quarantäne, [7327083e216995a1fe487544c53e42be], PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\en-US, In Quarantäne, [7327083e216995a1fe487544c53e42be], PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\es-419, In Quarantäne, [7327083e216995a1fe487544c53e42be], PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\es-ES, In Quarantäne, [7327083e216995a1fe487544c53e42be], PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\fr-BE, In Quarantäne, [7327083e216995a1fe487544c53e42be], PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\fr-CA, In Quarantäne, [7327083e216995a1fe487544c53e42be], PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\fr-CH, In Quarantäne, [7327083e216995a1fe487544c53e42be], PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\fr-FR, In Quarantäne, [7327083e216995a1fe487544c53e42be], PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\fr-LU, In Quarantäne, [7327083e216995a1fe487544c53e42be], PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\it-CH, In Quarantäne, [7327083e216995a1fe487544c53e42be], PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\it-IT, In Quarantäne, [7327083e216995a1fe487544c53e42be], PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\pl, In Quarantäne, [7327083e216995a1fe487544c53e42be], PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\pt, In Quarantäne, [7327083e216995a1fe487544c53e42be], PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\pt-BR, In Quarantäne, [7327083e216995a1fe487544c53e42be], PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\ru, In Quarantäne, [7327083e216995a1fe487544c53e42be], PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\ru-MO, In Quarantäne, [7327083e216995a1fe487544c53e42be], PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\tr-TR, In Quarantäne, [7327083e216995a1fe487544c53e42be], PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\vi-VI, In Quarantäne, [7327083e216995a1fe487544c53e42be], PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\zh-CN, In Quarantäne, [7327083e216995a1fe487544c53e42be], PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\zh-TW, In Quarantäne, [7327083e216995a1fe487544c53e42be], PUP.Optional.DownloadGuide.A, C:\Users\Claudi\AppData\Local\DownloadGuide, In Quarantäne, [108a45011f6ba393febcb5698d78ce32], PUP.Optional.DownloadGuide.A, C:\Users\Claudi\AppData\Local\DownloadGuide\Offers, In Quarantäne, [108a45011f6ba393febcb5698d78ce32], PUP.Optional.Conduit.A, C:\ProgramData\Conduit\IE, In Quarantäne, [ddbde2648307d462c0680c6404ffac54], PUP.Optional.Conduit.A, C:\ProgramData\Conduit\IE\CT3317892, In Quarantäne, [ddbde2648307d462c0680c6404ffac54], PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect, In Quarantäne, [277314322f5bf145cbf9b1d5d330b947], PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\update, In Quarantäne, [277314322f5bf145cbf9b1d5d330b947], PUP.Optional.IHProtectUpDate.A, C:\ProgramData\IHProtectUpDate, In Quarantäne, [68320640fa906accca90eeb5758ea759], PUP.Optional.IHProtectUpDate.A, C:\ProgramData\IHProtectUpDate\update, In Quarantäne, [68320640fa906accca90eeb5758ea759], Dateien: 81 PUP.Optional.XTab.A, C:\Program Files\XTab\ProtectService.exe, Löschen bei Neustart, [d8c26dd9107a88aec26cc847c63cb947], PUP.Optional.SupTab.A, C:\Program Files\XTab\SupTab.dll, In Quarantäne, [940692b4523830066f64ab8ab749748c], PUP.Optional.Iminent.A, C:\Users\Claudi\AppData\Local\DownloadGuide\Offers\IminentSetup.exe, In Quarantäne, [2f6b291df89253e3fd696bee02ffd32d], PUP.Optional.Conduit.A, C:\Users\Claudi\AppData\Local\DownloadGuide\Offers\mconduitinstaller.exe, In Quarantäne, [514990b62862cd69363a1a05738d9868], PUP.Optional.Wajam.A, C:\Users\Claudi\AppData\Local\DownloadGuide\Offers\wajam_download.exe, In Quarantäne, [108a3016d6b45adc1959192e6f911fe1], PUP.Optional.XTab.A, C:\Program Files\XTab\uninstall.exe, In Quarantäne, [7327083e216995a1fe487544c53e42be], PUP.Optional.XTab.A, C:\Program Files\XTab\ffsearch_toolbar!1.0.0.1025.xpi, In Quarantäne, [7327083e216995a1fe487544c53e42be], PUP.Optional.XTab.A, C:\Program Files\XTab\install.data, In Quarantäne, [7327083e216995a1fe487544c53e42be], PUP.Optional.XTab.A, C:\Program Files\XTab\msvcp110.dll, Löschen bei Neustart, [7327083e216995a1fe487544c53e42be], PUP.Optional.XTab.A, C:\Program Files\XTab\msvcr110.dll, Löschen bei Neustart, [7327083e216995a1fe487544c53e42be], PUP.Optional.XTab.A, C:\Program Files\XTab\searchProvider.xml, In Quarantäne, [7327083e216995a1fe487544c53e42be], PUP.Optional.XTab.A, C:\Program Files\XTab\skin\about.png, In Quarantäne, [7327083e216995a1fe487544c53e42be], PUP.Optional.XTab.A, C:\Program Files\XTab\skin\about_bk.png, In Quarantäne, [7327083e216995a1fe487544c53e42be], PUP.Optional.XTab.A, C:\Program Files\XTab\skin\btn.png, In Quarantäne, [7327083e216995a1fe487544c53e42be], PUP.Optional.XTab.A, C:\Program Files\XTab\skin\btn_apply.png, In Quarantäne, [7327083e216995a1fe487544c53e42be], PUP.Optional.XTab.A, C:\Program Files\XTab\skin\close.png, In Quarantäne, [7327083e216995a1fe487544c53e42be], PUP.Optional.XTab.A, C:\Program Files\XTab\skin\conf.xml, In Quarantäne, [7327083e216995a1fe487544c53e42be], PUP.Optional.XTab.A, C:\Program Files\XTab\skin\conf_back.png, In Quarantäne, [7327083e216995a1fe487544c53e42be], PUP.Optional.XTab.A, C:\Program Files\XTab\skin\input_bk.png, In Quarantäne, [7327083e216995a1fe487544c53e42be], PUP.Optional.XTab.A, C:\Program Files\XTab\skin\logo.png, In Quarantäne, [7327083e216995a1fe487544c53e42be], PUP.Optional.XTab.A, C:\Program Files\XTab\skin\main.xml, In Quarantäne, [7327083e216995a1fe487544c53e42be], PUP.Optional.XTab.A, C:\Program Files\XTab\skin\radio_1.png, In Quarantäne, [7327083e216995a1fe487544c53e42be], PUP.Optional.XTab.A, C:\Program Files\XTab\skin\radio_2.png, In Quarantäne, [7327083e216995a1fe487544c53e42be], PUP.Optional.XTab.A, C:\Program Files\XTab\skin\rigth_arrow.png, In Quarantäne, [7327083e216995a1fe487544c53e42be], PUP.Optional.XTab.A, C:\Program Files\XTab\skin\settings.png, In Quarantäne, [7327083e216995a1fe487544c53e42be], PUP.Optional.XTab.A, C:\Program Files\XTab\web\data.html, In Quarantäne, [7327083e216995a1fe487544c53e42be], PUP.Optional.XTab.A, C:\Program Files\XTab\web\indexIE.html, In Quarantäne, [7327083e216995a1fe487544c53e42be], PUP.Optional.XTab.A, C:\Program Files\XTab\web\indexIE8.html, In Quarantäne, [7327083e216995a1fe487544c53e42be], PUP.Optional.XTab.A, C:\Program Files\XTab\web\main.css, In Quarantäne, [7327083e216995a1fe487544c53e42be], PUP.Optional.XTab.A, C:\Program Files\XTab\web\ver.txt, In Quarantäne, [7327083e216995a1fe487544c53e42be], PUP.Optional.XTab.A, C:\Program Files\XTab\web\img\arrow.png, In Quarantäne, [7327083e216995a1fe487544c53e42be], PUP.Optional.XTab.A, C:\Program Files\XTab\web\img\default_add_logo.png, In Quarantäne, [7327083e216995a1fe487544c53e42be], PUP.Optional.XTab.A, C:\Program Files\XTab\web\img\default_add_logo_hover.png, In Quarantäne, [7327083e216995a1fe487544c53e42be], PUP.Optional.XTab.A, C:\Program Files\XTab\web\img\default_logo.png, In Quarantäne, [7327083e216995a1fe487544c53e42be], PUP.Optional.XTab.A, C:\Program Files\XTab\web\img\googlelogo.png, In Quarantäne, [7327083e216995a1fe487544c53e42be], PUP.Optional.XTab.A, C:\Program Files\XTab\web\img\googlelogo2.png, In Quarantäne, [7327083e216995a1fe487544c53e42be], PUP.Optional.XTab.A, C:\Program Files\XTab\web\img\google_trends.png, In Quarantäne, [7327083e216995a1fe487544c53e42be], PUP.Optional.XTab.A, C:\Program Files\XTab\web\img\icon128.png, In Quarantäne, [7327083e216995a1fe487544c53e42be], PUP.Optional.XTab.A, C:\Program Files\XTab\web\img\icon16.png, In Quarantäne, [7327083e216995a1fe487544c53e42be], PUP.Optional.XTab.A, C:\Program Files\XTab\web\img\icon48.png, In Quarantäne, [7327083e216995a1fe487544c53e42be], PUP.Optional.XTab.A, C:\Program Files\XTab\web\img\loading.gif, In Quarantäne, [7327083e216995a1fe487544c53e42be], PUP.Optional.XTab.A, C:\Program Files\XTab\web\img\logo32.ico, In Quarantäne, [7327083e216995a1fe487544c53e42be], PUP.Optional.XTab.A, C:\Program Files\XTab\web\img\weather\0.png, In Quarantäne, [7327083e216995a1fe487544c53e42be], PUP.Optional.XTab.A, C:\Program Files\XTab\web\js\common.js, In Quarantäne, [7327083e216995a1fe487544c53e42be], PUP.Optional.XTab.A, C:\Program Files\XTab\web\js\ga.js, In Quarantäne, [7327083e216995a1fe487544c53e42be], PUP.Optional.XTab.A, C:\Program Files\XTab\web\js\ie8.js, In Quarantäne, [7327083e216995a1fe487544c53e42be], PUP.Optional.XTab.A, C:\Program Files\XTab\web\js\jquery-1.11.0.min.js, In Quarantäne, [7327083e216995a1fe487544c53e42be], PUP.Optional.XTab.A, C:\Program Files\XTab\web\js\jquery.autocomplete.js, In Quarantäne, [7327083e216995a1fe487544c53e42be], PUP.Optional.XTab.A, C:\Program Files\XTab\web\js\js.js, In Quarantäne, [7327083e216995a1fe487544c53e42be], PUP.Optional.XTab.A, C:\Program Files\XTab\web\js\library.js, In Quarantäne, [7327083e216995a1fe487544c53e42be], PUP.Optional.XTab.A, C:\Program Files\XTab\web\js\xagainit-ie8.js, In Quarantäne, [7327083e216995a1fe487544c53e42be], PUP.Optional.XTab.A, C:\Program Files\XTab\web\js\xagainit.js, In Quarantäne, [7327083e216995a1fe487544c53e42be], PUP.Optional.XTab.A, C:\Program Files\XTab\web\js\xagainit2.0.js, In Quarantäne, [7327083e216995a1fe487544c53e42be], PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\en-US\messages.json, In Quarantäne, [7327083e216995a1fe487544c53e42be], PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\es-419\messages.json, In Quarantäne, [7327083e216995a1fe487544c53e42be], PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\es-ES\messages.json, In Quarantäne, [7327083e216995a1fe487544c53e42be], PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\fr-BE\messages.json, In Quarantäne, [7327083e216995a1fe487544c53e42be], PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\fr-CA\messages.json, In Quarantäne, [7327083e216995a1fe487544c53e42be], PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\fr-CH\messages.json, In Quarantäne, [7327083e216995a1fe487544c53e42be], PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\fr-FR\messages.json, In Quarantäne, [7327083e216995a1fe487544c53e42be], PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\fr-LU\messages.json, In Quarantäne, [7327083e216995a1fe487544c53e42be], PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\it-CH\messages.json, In Quarantäne, [7327083e216995a1fe487544c53e42be], PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\it-IT\messages.json, In Quarantäne, [7327083e216995a1fe487544c53e42be], PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\pl\messages.json, In Quarantäne, [7327083e216995a1fe487544c53e42be], PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\pt\messages.json, In Quarantäne, [7327083e216995a1fe487544c53e42be], PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\pt-BR\messages.json, In Quarantäne, [7327083e216995a1fe487544c53e42be], PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\ru\messages.json, In Quarantäne, [7327083e216995a1fe487544c53e42be], PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\ru-MO\messages.json, In Quarantäne, [7327083e216995a1fe487544c53e42be], PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\tr-TR\messages.json, In Quarantäne, [7327083e216995a1fe487544c53e42be], PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\vi-VI\messages.json, In Quarantäne, [7327083e216995a1fe487544c53e42be], PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\zh-CN\messages.json, In Quarantäne, [7327083e216995a1fe487544c53e42be], PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\zh-TW\messages.json, In Quarantäne, [7327083e216995a1fe487544c53e42be], PUP.Optional.DownloadGuide.A, C:\Users\Claudi\AppData\Local\DownloadGuide\amazon.ico, In Quarantäne, [108a45011f6ba393febcb5698d78ce32], PUP.Optional.DownloadGuide.A, C:\Users\Claudi\AppData\Local\DownloadGuide\tz-easybuch_start_installation.exe, In Quarantäne, [108a45011f6ba393febcb5698d78ce32], PUP.Optional.DownloadGuide.A, C:\Users\Claudi\AppData\Local\DownloadGuide\Offers\vis-freeware.exe, In Quarantäne, [108a45011f6ba393febcb5698d78ce32], PUP.Optional.DownloadGuide.A, C:\Users\Claudi\AppData\Local\DownloadGuide\Offers\WebIn QuarantäneBOptimizer.exe, [108a45011f6ba393febcb5698d78ce32], , %5 PUP.Optional.WindowsMangerProtect.A, C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe, In Quarantäne, [78222c1a73170432f704ba025aa9fd03], PUP.Optional.Conduit.A, C:\ProgramData\Conduit\IE\CT3317892\UninstallerUI.exe, In Quarantäne, [ddbde2648307d462c0680c6404ffac54], PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\update\conf, In Quarantäne, [277314322f5bf145cbf9b1d5d330b947], PUP.Optional.IHProtectUpDate.A, C:\ProgramData\IHProtectUpDate\update\conf, In Quarantäne, [68320640fa906accca90eeb5758ea759], PUP.Optional.Conduit.A, C:\Users\Claudi\AppData\Roaming\Mozilla\Firefox\Profiles\abqeew4h.default\prefs.js, Gut: (), Schlecht: (user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3317892&CUI=UN21792360229163249&UM=2&SearchSource=3&q={searchTerms}&sspv=TB_CNI");), Ersetzt,[524899ad167489ad96a2f733c145d729] Physische Sektoren: 0 (Keine schädliche Elemente erkannt) (end) Code:
ATTFilter # AdwCleaner v4.112 - Bericht erstellt 17/03/2015 um 19:29:22
# Aktualisiert 09/03/2015 von Xplode
# Datenbank : 2015-03-15.1 [Server]
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (x86)
# Benutzername : Claudi - MAINWURF
# Gestarted von : C:\Users\Claudi\Desktop\Checks\AdwCleaner_4.112.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\Conduit
Ordner Gelöscht : C:\Program Files\Conduit
Ordner Gelöscht : C:\Users\Claudi\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\Claudi\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\Claudi\AppData\LocalLow\Conduit
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Users\Claudi\AppData\LocalLow\SkwConfig.bin
Datei Gelöscht : C:\Users\Claudi\AppData\Roaming\Mozilla\Firefox\Profiles\8n3cx57z.default\user.js
Datei Gelöscht : C:\Users\Claudi\AppData\Roaming\Mozilla\Firefox\Profiles\abqeew4h.default\user.js
Datei Gelöscht : C:\Users\Claudi\AppData\Roaming\Mozilla\Firefox\Profiles\t1i2rmcl.lori\user.js
***** [ Geplante Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT3317892
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0AC146A7-E2EA-4554-A12E-26D55074CE2E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\Myfree Codec
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\Myfree Codec
Schlüssel Gelöscht : HKLM\SOFTWARE\SupDp
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E6768B6932D112438F047C54D180635
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\351716A953E21214898904032EAE2E81
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33ED
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\43C098337DB065A49B665D4EA7F16D1C
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7FFA128C2B0FF414D805FC5627883401
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A189D17A469616C4688D23E192996267
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A71991503412AEB42838B02C5ED9F9CD
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7652513C62FF63448CFF05163719DB7
***** [ Internetbrowser ] *****
-\\ Internet Explorer v0.0.0.0
-\\ Mozilla Firefox v36.0.1 (x86 de)
[abqeew4h.default\prefs.js] - Zeile Gelöscht : user_pref("CT3317892.smartbar.homepage", "true");
[abqeew4h.default\prefs.js] - Zeile Gelöscht : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
[abqeew4h.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.defaultthis.engineName", "RadioTotal1 Customized Web Search");
[abqeew4h.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3317892&CUI=UN21792360229163249&UM=2&SearchSource=3&q={searchTerms}&sspv=TB_CNI");
[abqeew4h.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.searchengine.alias", "mystartsearch");
[abqeew4h.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.searchengine.iconURL", "hxxp://www.mystartsearch.com/favicon.ico");
[abqeew4h.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.searchengine.name", "mystartsearch");
[abqeew4h.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.searchengine.url", "hxxp://www.mystartsearch.com/web/?type=ds&ts=1426524205&from=cor&uid=ST1000DM003-1CH162_S1D96792XXXXS1D96792&q={searchTerms}");
[abqeew4h.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.quick_start.enable_search1", false);
[abqeew4h.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);
[abqeew4h.default\prefs.js] - Zeile Gelöscht : user_pref("smartbar.addressBarOwnerCTID", "CT3317892");
[abqeew4h.default\prefs.js] - Zeile Gelöscht : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3317892&CUI=UN21792360229163249&UM=2&SearchSource=13&sspv=TB_CNI");
[abqeew4h.default\prefs.js] - Zeile Gelöscht : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3317892&SearchSource=2&CUI=UN21792360229163249&UM=2&sspv=TB_CNI&q=");
[abqeew4h.default\prefs.js] - Zeile Gelöscht : user_pref("smartbar.defaultSearchOwnerCTID", "CT3317892");
[abqeew4h.default\prefs.js] - Zeile Gelöscht : user_pref("smartbar.homePageOwnerCTID", "CT3317892");
[abqeew4h.default\prefs.js] - Zeile Gelöscht : user_pref("smartbar.machineId", "RWDPGPPXULCBVD5/W6RNH6HTZUKWKFRKSUQT7LOXNTI+J4FOJ0+EVGRIHLROIHSBD/3G7ACODIVTVWLIAI8V7W");
-\\ Google Chrome v41.0.2272.89
*************************
AdwCleaner[R0].txt - [18030 Bytes] - [11/10/2013 18:58:31]
AdwCleaner[R1].txt - [11814 Bytes] - [17/03/2015 19:25:41]
AdwCleaner[S0].txt - [17609 Bytes] - [11/10/2013 19:01:14]
AdwCleaner[S1].txt - [11879 Bytes] - [17/03/2015 19:29:22]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [11939 Bytes] ##########
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by Claudi (administrator) on MAINWURF on 17-03-2015 19:36:08
Running from C:\Users\Claudi\Desktop\Checks
Loaded Profiles: Claudi (Available profiles: Claudi & Lisa & Laura)
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SERVEREXP2008\MSSQL\Binn\sqlservr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TomTom) E:\TT Home\TomTom HOME 2\TomTomHOMEService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Geek Software GmbH) E:\PDF24\pdf24.exe
(Hewlett-Packard) E:\HP\HP Software Update\hpwuschd2.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Dropbox, Inc.) C:\Users\Claudi\AppData\Roaming\Dropbox\bin\Dropbox.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) E:\Office 2013\Office15\MSOSYNC.EXE
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Mozilla Corporation) E:\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [11430504 2011-10-17] (Realtek Semiconductor)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5511352 2015-03-17] (Avast Software s.r.o.)
HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2403288 2014-08-09] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NeroFilterCheck] => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [161328 2007-03-26] (Nero AG)
HKLM\...\Run: [PDFPrint] => E:\PDF24\pdf24.exe [191528 2014-07-04] (Geek Software GmbH)
HKLM\...\Run: [HP Software Update] => E:\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKU\S-1-5-21-4207056575-3370044151-3894322460-1000\...\Run: [EEDSpeedLauncher] => rundll32.exe C:\Windows\system32\eed_ec.dll,SpeedLauncher
Startup: C:\Users\Claudi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Claudi\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Claudi\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Claudi\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Claudi\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Claudi\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Claudi\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Claudi\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Claudi\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Claudi\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (Avast Software s.r.o.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-4207056575-3370044151-3894322460-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-4207056575-3370044151-3894322460-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-4207056575-3370044151-3894322460-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> E:\Office 2013\Office15\OCHelper.dll [2014-01-23] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-01-27] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> E:\Office 2013\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-27] (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - E:\Office 2013\Office15\MSOSB.DLL [2014-03-12] (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Claudi\AppData\Roaming\Mozilla\Firefox\Profiles\abqeew4h.default
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-05] ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> E:\PDF Viewer\PDF Viewer\npPDFXCviewNPPlugin.dll [2014-10-28] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> E:\FOXIT READER\plugins\npFoxitReaderPlugin.dll No File
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-27] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-27] (Oracle Corporation)
FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> E:\Office 2013\Office15\NPSPWRAP.DLL No File
FF Plugin: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin: @Nero.com/KM -> C:\PROGRA~1\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL No File
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-07-02] (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-07-02] (NVIDIA Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> E:\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin HKU\S-1-5-21-4207056575-3370044151-3894322460-1000: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> E:\PDF Viewer\PDF Viewer\npPDFXCviewNPPlugin.dll [2014-10-28] (Tracker Software Products (Canada) Ltd.)
FF Extension: Xmarks - C:\Users\Claudi\AppData\Roaming\Mozilla\Firefox\Profiles\abqeew4h.default\Extensions\foxmarks@kei.com [2014-11-23]
FF Extension: FireFTP - C:\Users\Claudi\AppData\Roaming\Mozilla\Firefox\Profiles\abqeew4h.default\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f} [2015-01-16]
FF Extension: Bookmark Backup - C:\Users\Claudi\AppData\Roaming\Mozilla\Firefox\Profiles\abqeew4h.default\Extensions\{3474c305-9dad-11d8-9207-00055d74c2e4}.xpi [2013-04-08]
FF Extension: Adblock Plus - C:\Users\Claudi\AppData\Roaming\Mozilla\Firefox\Profiles\abqeew4h.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-04-08]
FF Extension: DownThemAll! - C:\Users\Claudi\AppData\Roaming\Mozilla\Firefox\Profiles\abqeew4h.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2013-04-08]
FF Extension: Scriptish - C:\Users\Claudi\AppData\Roaming\Mozilla\Firefox\Profiles\t1i2rmcl.lori\Extensions\scriptish@erikvold.com.xpi [2013-04-08]
FF Extension: No Name - C:\Users\Claudi\AppData\Roaming\Mozilla\Firefox\Profiles\t1i2rmcl.lori\Extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}.xpi [2013-04-08]
StartMenuInternet: FIREFOX.EXE - E:\Mozilla Firefox\firefox.exe
Chrome:
=======
CHR Profile: C:\Users\Claudi\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Claudi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-25]
CHR Extension: (Google Drive) - C:\Users\Claudi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-25]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Claudi\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-02]
CHR Extension: (YouTube) - C:\Users\Claudi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-25]
CHR Extension: (Google Search) - C:\Users\Claudi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-25]
CHR Extension: (Google Wallet) - C:\Users\Claudi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-25]
CHR Extension: (Gmail) - C:\Users\Claudi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-25]
Opera:
=======
StartMenuInternet: (HKU\S-1-5-21-4207056575-3370044151-3894322460-1000) Opera - "E:\Opera\Opera.exe"
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-03-17] (Avast Software s.r.o.)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3205216 2015-03-17] (Avast Software)
S4 FsUsbExService; C:\Windows\system32\FsUsbExService.Exe [233472 2013-10-30] (Teruten) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 MSSQL$SERVEREXP2008; C:\Program Files\Microsoft SQL Server\MSSQL10.SERVEREXP2008\MSSQL\Binn\sqlservr.exe [43028328 2011-09-22] (Microsoft Corporation)
S4 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [762192 2013-07-18] (Nero AG)
R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1720792 2014-08-09] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [17550808 2014-08-09] (NVIDIA Corporation)
S4 SQLAgent$SERVEREXP2008; C:\Program Files\Microsoft SQL Server\MSSQL10.SERVEREXP2008\MSSQL\Binn\SQLAGENT.EXE [370024 2011-09-22] (Microsoft Corporation)
R2 TomTomHOMEService; E:\TT Home\TomTom HOME 2\TomTomHOMEService.exe [93040 2014-06-05] (TomTom)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag.sys [23040 2012-07-03] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem.sys [27776 2012-07-03] (LG Electronics Inc.)
S3 andnetndis; C:\Windows\System32\DRIVERS\lgandnetndis.sys [73728 2012-07-04] (LG Electronics Inc.)
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [19056 2011-11-02] ()
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24144 2015-03-17] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [73440 2015-03-17] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81728 2015-03-17] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49904 2015-03-17] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [788272 2015-03-17] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427480 2015-03-17] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [206976 2015-03-17] ()
S2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [41984 2008-01-10] (Samsung Electronics Co., Ltd.) [File not signed]
S3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [37344 2013-10-30] () [File not signed]
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19416 2014-08-09] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [34080 2014-03-31] (NVIDIA Corporation)
S4 RsFx0105; C:\Windows\System32\DRIVERS\RsFx0105.sys [238696 2011-09-22] (Microsoft Corporation)
S3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [629760 2010-08-10] (Realtek Semiconductor Corporation )
R2 SSPORT; C:\Windows\system32\Drivers\SSPORT.sys [5120 2013-11-26] (Samsung Electronics) [File not signed]
S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [184192 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [35288 2013-08-22] (The OpenVPN Project)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [220240 2015-03-17] (Avast Software)
S3 catchme; \??\C:\Users\Claudi\AppData\Local\Temp\catchme.sys [X]
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S3 MSICDSetup; \??\G:\CDriver.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-17 19:35 - 2015-03-17 19:35 - 00000622 _____ () C:\Users\Claudi\Desktop\JRT.txt
2015-03-17 15:00 - 2015-03-17 15:00 - 00021052 _____ () C:\ComboFix.txt
2015-03-17 14:50 - 2015-03-17 15:00 - 00000000 ____D () C:\Qoobox
2015-03-17 14:50 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-03-17 14:50 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-03-17 14:50 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-03-17 14:50 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-03-17 14:50 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-03-17 14:50 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-03-17 14:50 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-03-17 14:50 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-03-17 14:49 - 2015-03-17 14:59 - 00000000 ____D () C:\Windows\erdnt
2015-03-17 13:03 - 2015-03-17 13:03 - 00000000 ____D () C:\Windows\system32\vbox
2015-03-17 12:43 - 2015-03-17 19:36 - 00000000 ____D () C:\FRST
2015-03-17 12:42 - 2015-03-17 12:42 - 00000000 _____ () C:\Users\Claudi\defogger_reenable
2015-03-17 12:10 - 2015-03-17 19:36 - 00000000 ____D () C:\Users\Claudi\Desktop\Checks
2015-03-17 12:01 - 2015-03-17 19:23 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-17 12:00 - 2015-03-17 12:00 - 00000626 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-03-17 12:00 - 2015-03-17 12:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-03-17 12:00 - 2015-03-17 12:00 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-17 12:00 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-17 12:00 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-17 12:00 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-17 11:59 - 2015-03-17 11:59 - 00291312 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
2015-03-17 11:59 - 2015-03-17 11:59 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
2015-03-16 17:44 - 2015-03-16 17:44 - 00002037 _____ () C:\Users\Claudi\Desktop\JDownloader 2.lnk
2015-03-16 17:43 - 2015-03-17 13:40 - 00000000 ____D () C:\Users\Claudi\AppData\Local\JDownloader v2.0
2015-03-16 17:40 - 2015-03-16 17:44 - 00000000 ____D () C:\Users\Claudi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDownloader
2015-03-16 15:10 - 2015-03-16 15:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heroes of the Storm
2015-03-16 14:15 - 2015-03-17 16:28 - 00000000 ____D () C:\Users\Claudi\Desktop\kur
2015-03-14 12:05 - 2015-03-14 12:05 - 00000000 ____D () C:\Users\Claudi\Tracing
2015-03-12 20:17 - 2015-03-14 11:54 - 00000000 ____D () C:\Users\Claudi\AppData\Local\calibre-cache
2015-03-12 20:16 - 2015-03-14 11:53 - 00000000 ____D () C:\Users\Claudi\AppData\Roaming\calibre
2015-03-12 20:16 - 2015-03-13 23:12 - 00000890 _____ () C:\Users\Public\Desktop\calibre - E-book management.lnk
2015-03-12 20:15 - 2015-03-13 23:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management
2015-03-12 20:15 - 2015-03-13 23:12 - 00000000 ____D () C:\Program Files\Calibre2
2015-02-20 15:15 - 2015-02-20 15:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III Public Test
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-17 19:33 - 2013-04-08 18:47 - 01509808 _____ () C:\Windows\WindowsUpdate.log
2015-03-17 19:31 - 2014-04-25 14:50 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-17 19:31 - 2013-04-08 19:17 - 00000000 ____D () C:\Users\Claudi\AppData\Roaming\Dropbox
2015-03-17 19:30 - 2014-04-25 14:50 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-17 19:30 - 2013-04-08 20:40 - 00000228 _____ () C:\Windows\Tasks\QIPdater 2012.job
2015-03-17 19:30 - 2013-04-08 18:56 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-03-17 19:30 - 2010-11-20 22:48 - 00337122 _____ () C:\Windows\PFRO.log
2015-03-17 19:30 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-17 19:30 - 2009-07-14 05:39 - 00193092 _____ () C:\Windows\setupact.log
2015-03-17 19:29 - 2013-10-11 18:58 - 00000000 ____D () C:\AdwCleaner
2015-03-17 19:29 - 2010-11-20 22:01 - 01807830 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-17 19:29 - 2009-07-14 05:34 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-17 19:29 - 2009-07-14 05:34 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-17 19:22 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\PLA
2015-03-17 19:21 - 2013-04-08 18:08 - 00000000 ____D () C:\Users\Claudi\AppData\Roaming\Nettalk
2015-03-17 19:12 - 2014-04-30 19:59 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-17 19:04 - 2014-03-10 20:48 - 00000000 ____D () C:\Users\Claudi\AppData\Local\Battle.net
2015-03-17 15:00 - 2009-07-14 03:37 - 00000000 __RHD () C:\Users\Default
2015-03-17 15:00 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Public
2015-03-17 14:59 - 2009-07-14 03:04 - 00000215 _____ () C:\Windows\system.ini
2015-03-17 12:42 - 2013-04-08 18:45 - 00000000 ____D () C:\Users\Claudi
2015-03-17 11:59 - 2014-04-24 18:44 - 00024144 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-03-17 11:59 - 2013-04-08 19:14 - 00788272 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys
2015-03-17 11:59 - 2013-04-08 19:14 - 00427480 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSP.sys
2015-03-17 11:59 - 2013-04-08 19:14 - 00206976 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-03-17 11:59 - 2013-04-08 19:14 - 00081728 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr2.sys
2015-03-17 11:59 - 2013-04-08 19:14 - 00073440 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-03-17 11:59 - 2013-04-08 19:14 - 00049904 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-03-16 21:05 - 2013-05-03 20:19 - 00000000 ____D () C:\Users\Claudi\AppData\Roaming\Skype
2015-03-15 20:36 - 2014-06-25 19:13 - 00000000 ____D () C:\Users\Claudi\Desktop\beraeuner2007
2015-03-14 12:04 - 2014-03-23 14:55 - 00000000 ___RD () C:\Program Files\Skype
2015-03-14 12:04 - 2013-05-03 20:19 - 00000000 ____D () C:\ProgramData\Skype
2015-03-10 19:02 - 2013-04-08 19:18 - 00000000 ____D () C:\Users\Claudi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-03-08 12:51 - 2013-04-08 19:15 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-03-01 22:47 - 2014-12-14 12:46 - 00000000 ____D () C:\Users\Claudi\AppData\Roaming\vlc
2015-02-28 22:24 - 2014-03-10 20:48 - 00000000 ____D () C:\Program Files\Battle.net
2015-02-20 15:15 - 2013-04-08 19:07 - 00000000 ____D () C:\Program Files\Common Files\Blizzard Entertainment
2015-02-19 19:55 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\NDF
==================== Files in the root of some directories =======
2013-12-17 20:24 - 2014-11-29 17:36 - 0006656 _____ () C:\Users\Claudi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-12-24 14:56 - 2014-12-24 14:56 - 0000846 _____ () C:\Users\Claudi\AppData\Local\recently-used.xbel
2014-04-21 15:26 - 2014-11-28 21:18 - 0007620 _____ () C:\Users\Claudi\AppData\Local\Resmon.ResmonCfg
2014-10-30 19:33 - 2014-11-15 16:08 - 0015220 _____ () C:\ProgramData\hpzinstall.log
2013-06-24 13:24 - 2013-06-24 13:24 - 0000099 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
Some content of TEMP:
====================
C:\Users\Claudi\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpq8oljy.dll
C:\Users\Claudi\AppData\Local\Temp\Quarantine.exe
C:\Users\Claudi\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-03-15 18:29
==================== End Of Log ============================
--- --- --- JRT: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.5 (03.17.2015:1)
OS: Windows 7 Ultimate x86
Ran by Claudi on 17.03.2015 at 19:32:56,44
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 17.03.2015 at 19:35:00,29
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-03-2015
Ran by Claudi at 2015-03-17 19:36:52
Running from C:\Users\Claudi\Desktop\Checks
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.22beta (HKLM\...\7-Zip) (Version: - )
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Age of Empires III (HKLM\...\InstallShield_{A8CF5C37-8EC5-4C33-BB4A-87F468B77D45}) (Version: 1.00.0000 - Microsoft Game Studios)
Age of Empires III (Version: 1.00.0000 - Microsoft Game Studios) Hidden
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.0.4.4 - Atheros Communications Inc.)
Audacity 2.0.3 (HKLM\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
Avast Free Antivirus (HKLM\...\avast) (Version: 10.2.2214 - AVAST Software)
Battle.net (HKLM\...\Battle.net) (Version: - Blizzard Entertainment)
Benutzerhandbuch anzeigen (HKLM\...\View User Guide) (Version: 3.60.02.0 - )
calibre (HKLM\...\{8854EE3C-5031-499F-B5EB-51A82F1B28EF}) (Version: 2.21.0 - Kovid Goyal)
CoreAAC Audio Decoder (remove only) (HKLM\...\CoreAAC Audio Decoder) (Version: - )
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DDBAC (HKLM\...\{E3B6D3FB-A593-41BA-9AB1-FFE46F608565}) (Version: 5.3.21 - DataDesign)
Destinations (Version: 130.0.0.0 - Hewlett-Packard) Hidden
Diablo II (HKLM\...\Diablo II) (Version: - Blizzard Entertainment)
Diablo III (HKLM\...\Diablo III) (Version: - Blizzard Entertainment)
Diablo III Public Test (HKLM\...\Diablo III Public Test) (Version: - Blizzard Entertainment)
Die Siedler - Aufbruch der Kulturen (HKLM\...\SADK) (Version: - )
DIE SIEDLER - Aufstieg eines Königreichs (HKLM\...\{D3F80A98-05AB-4D8C-9272-766CCFA6A48D}) (Version: 1.00.0000 - Ubisoft)
Die Siedler 7 (HKLM\...\{9C916142-C18C-429D-BFED-40094A7E0BEB}) (Version: 1.12.1396 - Ubisoft)
DocProc (Version: 13.0.0.0 - Hewlett-Packard) Hidden
Dropbox (HKU\S-1-5-21-4207056575-3370044151-3894322460-1000\...\Dropbox) (Version: 3.2.9 - Dropbox, Inc.)
Fotogalerie (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Chrome (HKLM\...\Google Chrome) (Version: 41.0.2272.89 - Google Inc.)
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
Hearthstone (HKLM\...\Hearthstone) (Version: - Blizzard Entertainment)
Heroes of the Storm (HKLM\...\Heroes of the Storm) (Version: - Blizzard Entertainment)
IBANKonverterQuickVerein (HKLM\...\{1F1FC068-123F-4302-9555-8FF3CAEB0506}) (Version: 1.00.0000 - Ihr Firmenname)
Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
JDownloader 2 (HKLM\...\jdownloader2-1) (Version: 2.0 - AppWork GmbH)
LG United Mobile Drivers (HKLM\...\{5DB849D6-9392-4FB7-9ABB-87ED433152E5}) (Version: 3.8.1 - LG Electronics)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Access database engine 2007 (German) (HKLM\...\{90120000-00D1-0407-0000-0000000FF1CE}) (Version: 12.0.4518.1049 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 (HKLM\...\Microsoft SQL Server 10 Release) (Version: - Microsoft Corporation)
Microsoft SQL Server 2008 Browser (HKLM\...\{4AF2248C-B3DF-46FB-9596-87F5DB193689}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Native Client (HKLM\...\{539A0EAA-E1BB-4163-9C1E-6C8BF4A17FA2}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{D074DC76-F6C9-440E-A1D0-1DE958417FDB}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Movie Maker (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 36.0.1 (x86 de) (HKLM\...\Mozilla Firefox 36.0.1 (x86 de)) (Version: 36.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
Mozilla Thunderbird 31.5.0 (x86 de) (HKLM\...\Mozilla Thunderbird 31.5.0 (x86 de)) (Version: 31.5.0 - Mozilla)
MSI to redistribute MS VS2005 CRT libraries (HKLM\...\{A8D93648-9F7F-407D-915C-62044644C3DA}) (Version: 8.0.50727.42 - The Firebird Project)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Nero 7 Essentials (HKLM\...\{97F32DF8-D66E-446A-A425-C1D7B45C1031}) (Version: 7.02.6782 - Nero AG)
Nero Video 2014 (HKLM\...\{F9BC3E29-E14A-417F-AAC7-289137234C8E}) (Version: 15.0.03000 - Nero AG)
Nettalk 6.7 (HKLM\...\Nettalk_is1) (Version: - Nicolas Kruse)
NVIDIA 3D Vision Controller-Treiber 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.52 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.1.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.1.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA PhysX (Legacy) (HKLM\...\{FAAC26AD-73BA-40CE-86AA-C9213F9E064A}) (Version: 9.13.0604 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
ON_OFF Charge B11.1102.1 (HKLM\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
Opera 12.16 (HKU\S-1-5-21-4207056575-3370044151-3894322460-1000\...\Opera 12.16.1860) (Version: 12.16.1860 - Opera Software ASA)
Oracle VM VirtualBox 4.3.20 (HKLM\...\{3ACD85F2-BD6D-44FE-8CAE-5C1C3757ED7E}) (Version: 4.3.20 - Oracle Corporation)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PDF24 Creator 6.7.0 (HKLM\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.311.0 - Tracker Software Products Ltd)
Prerequisite installer (Version: 15.0.0005 - Nero AG) Hidden
QIP 2012 7221 Jeak-Edition (HKLM\...\QIP 2012 7221 Jeak-Edition 4.0.7221) (Version: 4.0.7221 - jeak.de)
QIP 2012 7221 Jeak-Edition (Version: 4.0.7221 - jeak.de) Hidden
QuickVerein 2014 V11 (HKLM\...\{3E3397FD-9FF6-4EF0-B7AC-1FB668DFF774}) (Version: 11.0.0 - Lexware)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6482 - Realtek Semiconductor Corp.)
Samsung CLP-360 Series (HKLM\...\Samsung CLP-360 Series) (Version: 1.12 (05.12.2013) - Samsung Electronics Co., Ltd.)
Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.3.2.12064_9 - Samsung Electronics Co., Ltd.)
Samsung Kies (Version: 2.3.2.12064_9 - Samsung Electronics Co., Ltd.) Hidden
Samsung Printer Live Update (HKLM\...\Samsung Printer Live Update) (Version: 1.01.00:04(2013-04-22) - Samsung Electronics Co., Ltd.)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.29.0 - SAMSUNG Electronics Co., Ltd.)
SDFormatter (HKLM\...\{15EB20D6-5F13-41D0-BEF9-C9C44D6AC620}) (Version: 3.0.0 - SD Association)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version: - Microsoft)
Service Pack 3 für SQL Server 2008 (KB2546951) (HKLM\...\KB2546951) (Version: 10.3.5500.0 - Microsoft Corporation)
SHIELD Streaming (Version: 3.1.100 - NVIDIA Corporation) Hidden
Skype™ 7.2 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.2.103 - Skype Technologies S.A.)
Sql Server Customer Experience Improvement Program (Version: 10.3.5500.0 - Microsoft Corporation) Hidden
StarMoney (Version: 3.0.0.124 - StarFinanz) Hidden
StarMoney (Version: 4.0.4.16 - StarFinanz) Hidden
Stronghold (HKLM\...\{C917BA70-28A3-4C74-B163-41FD8C8E1A5A}) (Version: 1.20.0000 - Firefly Studios)
TeamSpeak 3 Client (HKU\S-1-5-21-4207056575-3370044151-3894322460-1000\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
TomTom HOME (HKLM\...\{7A2BB1C8-903D-4585-9F3B-CADD67D07D37}) (Version: 2.9.8 - Ihr Firmenname)
TomTom HOME Visual Studio Merge Modules (HKLM\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
Ubisoft Game Launcher (HKLM\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Unterstützungsdateien für Microsoft SQL Server 2008-Setup (HKLM\...\{2A231800-A7CF-4223-B8A3-1FD9057BAE96}) (Version: 10.3.5500.0 - Microsoft Corporation)
Uplay (HKLM\...\Uplay) (Version: 4.6 - Ubisoft)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Winamp (HKLM\...\Winamp) (Version: 5.63 - Nullsoft, Inc)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows-Treiberpaket - Hewlett-Packard Image (04/27/2007 9.0.0.0) (HKLM\...\A6BCA7876CD547CFB5821019998F044515D81B74) (Version: 04/27/2007 9.0.0.0 - Hewlett-Packard)
Z-Cron (HKLM\...\{FD57FF4D-7225-4DAC-B15D-9BAE3E8A0E2B}) (Version: 4.9.0.53 - IMU Andreas Baumann)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-4207056575-3370044151-3894322460-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Claudi\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4207056575-3370044151-3894322460-1000_Classes\CLSID\{0713E8A2-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4207056575-3370044151-3894322460-1000_Classes\CLSID\{0713E8A8-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4207056575-3370044151-3894322460-1000_Classes\CLSID\{0713E8D2-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4207056575-3370044151-3894322460-1000_Classes\CLSID\{0713E8D8-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4207056575-3370044151-3894322460-1000_Classes\CLSID\{373FF7F0-EB8B-11CD-8820-08002B2F4F5A}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4207056575-3370044151-3894322460-1000_Classes\CLSID\{373FF7F4-EB8B-11CD-8820-08002B2F4F5A}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4207056575-3370044151-3894322460-1000_Classes\CLSID\{58DA8D8A-9D6A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4207056575-3370044151-3894322460-1000_Classes\CLSID\{58DA8D8F-9D6A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4207056575-3370044151-3894322460-1000_Classes\CLSID\{58DA8D93-9D6A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4207056575-3370044151-3894322460-1000_Classes\CLSID\{58DA8D96-9D6A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4207056575-3370044151-3894322460-1000_Classes\CLSID\{5ACBB955-5C57-11CF-8993-00AA00688B10}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4207056575-3370044151-3894322460-1000_Classes\CLSID\{5ACBB956-5C57-11CF-8993-00AA00688B10}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4207056575-3370044151-3894322460-1000_Classes\CLSID\{5ACBB957-5C57-11CF-8993-00AA00688B10}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4207056575-3370044151-3894322460-1000_Classes\CLSID\{5ACBB958-5C57-11CF-8993-00AA00688B10}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4207056575-3370044151-3894322460-1000_Classes\CLSID\{6027C2D4-FB28-11CD-8820-08002B2F4F5A}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4207056575-3370044151-3894322460-1000_Classes\CLSID\{612A8624-0FB3-11CE-8747-524153480004}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4207056575-3370044151-3894322460-1000_Classes\CLSID\{612A8628-0FB3-11CE-8747-524153480004}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4207056575-3370044151-3894322460-1000_Classes\CLSID\{62823C20-41A3-11CE-9E8B-0020AF039CA3}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4207056575-3370044151-3894322460-1000_Classes\CLSID\{6B7E638F-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4207056575-3370044151-3894322460-1000_Classes\CLSID\{6B7E6393-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4207056575-3370044151-3894322460-1000_Classes\CLSID\{6B7E63A3-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4207056575-3370044151-3894322460-1000_Classes\CLSID\{9ED94440-E5E8-101B-B9B5-444553540000}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4207056575-3370044151-3894322460-1000_Classes\CLSID\{9ED94444-E5E8-101B-B9B5-444553540000}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4207056575-3370044151-3894322460-1000_Classes\CLSID\{B66834C6-2E60-11CE-8748-524153480004}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4207056575-3370044151-3894322460-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Claudi\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4207056575-3370044151-3894322460-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Claudi\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4207056575-3370044151-3894322460-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Claudi\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4207056575-3370044151-3894322460-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Claudi\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4207056575-3370044151-3894322460-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Claudi\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4207056575-3370044151-3894322460-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Claudi\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4207056575-3370044151-3894322460-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Claudi\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4207056575-3370044151-3894322460-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Claudi\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4207056575-3370044151-3894322460-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Claudi\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
==================== Restore Points =========================
26-02-2015 17:29:08 Geplanter Prüfpunkt
06-03-2015 19:00:13 Geplanter Prüfpunkt
12-03-2015 20:15:24 Installed calibre
13-03-2015 23:12:09 Installed calibre
17-03-2015 11:58:34 avast! antivirus system restore point
17-03-2015 14:45:52 Revo Uninstaller's restore point - mystartsearch uninstall
17-03-2015 14:48:03 Revo Uninstaller's restore point - Between Lines
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {191C7B13-A2E5-416A-8428-85C9F4483AC4} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {1A7CA7EA-8A8F-4282-9644-B5160692C2E1} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {2E992470-35AD-43DB-AC10-A9CE1376D928} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {618DEE84-9E27-4E67-B8D7-2265C4D0E11A} - System32\Tasks\{094D1E08-30AE-4C6D-9378-E126CBB3CDF2} => E:\PowerLine Utility\PowerLine Utility.exe
Task: {6F7AAFB6-FD59-43E6-9A20-21F8C2D89805} - System32\Tasks\{F6E4E344-AFA4-45EC-B680-316642C7B274} => pcalua.exe -a D:\Downloads\the_settlers_7_1.09full.exe -d D:\Downloads
Task: {7256C442-D3AA-4728-A4E4-2FE8B724DAC4} - System32\Tasks\{C6450D5E-BEC1-46C0-B9D9-3BEDA450F984} => pcalua.exe -a "E:\DAEMON Tools Lite\InstallGadget.exe" -d "E:\DAEMON Tools Lite"
Task: {8BC55973-9258-4920-BE86-0D24D5D685D6} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe
Task: {AED41E5D-F890-4EE5-9E9E-B55AF601D486} - System32\Tasks\{0D53B32E-FCF5-4EC2-BFEE-66BCB2581099} => pcalua.exe -a D:\Downloads\the_settlers_7_1.10full.exe -d D:\Downloads
Task: {B434EE57-04A4-4306-821D-5768C3D504BA} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {B4D7077F-250B-4863-B751-A388DE4858E3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-04-25] (Google Inc.)
Task: {B9A0C4A2-9AE8-4820-BE0C-E731F41CBBD4} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-03-17] (Avast Software s.r.o.)
Task: {BE33C3A2-D018-439E-B12F-CEE12418FCC1} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe
Task: {C830ED48-B5C0-419F-9AEB-D46C0515296F} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Mainwurf-Claudi Mainwurf => E:\Office 2013\Office15\MsoSync.exe [2014-01-23] (Microsoft Corporation)
Task: {CC31F910-894E-4A2A-9DE8-3E33FC0B8BA3} - System32\Tasks\{6C3D7013-6959-4F74-A829-2331FD571855} => E:\PowerLine Utility\PowerLine Utility.exe
Task: {D3472535-CD02-424C-B62D-340234199A36} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
Task: {DA5BE7E9-C870-4B8A-8E20-07482868AE86} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {DD8019B9-09FA-4131-9F2E-A98C024120DA} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {E1306F84-6F52-4D0A-9BC4-ED5A8BF091F1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-04-25] (Google Inc.)
Task: {E31A6401-5975-4FA3-87FA-081775700DB5} - System32\Tasks\{1C94C6D1-C589-46BF-9E1E-73D7032ED5AF} => pcalua.exe -a C:\Users\Claudi\Desktop\setup_basic_G2710_3.exe -d C:\Users\Claudi\Desktop
Task: {E835B712-93FC-469A-AF7F-47AAEB695393} - System32\Tasks\QIPdater 2012 => E:\QIP\qipdater.exe [2012-03-27] (Caphyon LTD)
Task: {F2C691D9-F45F-4E7C-83F4-109DCCA4C4BA} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {F822BF3F-22DD-433E-95B7-93D64CA69A76} - System32\Tasks\Games\UpdateCheck_S-1-5-21-4207056575-3370044151-3894322460-1004
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\QIPdater 2012.job => E:\QIP\qipdater.exe
==================== Loaded Modules (whitelisted) ==============
2015-03-17 11:59 - 2015-03-17 11:59 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-03-17 11:59 - 2015-03-17 11:59 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-03-17 19:24 - 2015-03-17 19:24 - 02922496 _____ () C:\Program Files\AVAST Software\Avast\defs\15031701\algo.dll
2013-04-10 09:15 - 2008-01-10 13:17 - 00022723 _____ () C:\Windows\System32\ssp2ml3.dll
2014-07-09 19:16 - 2013-05-15 07:32 - 00024064 _____ () C:\Windows\System32\sst6clm.dll
2013-04-08 18:56 - 2014-07-02 20:42 - 00107992 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2015-03-17 11:59 - 2015-03-17 11:59 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-03-04 23:08 - 2015-03-04 23:08 - 00750080 _____ () C:\Users\Claudi\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-03-17 19:31 - 2015-03-17 19:31 - 00043008 _____ () c:\users\claudi\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpq8oljy.dll
2015-03-04 23:08 - 2015-03-04 23:08 - 00047616 _____ () C:\Users\Claudi\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-03-04 23:08 - 2015-03-04 23:08 - 00865280 _____ () C:\Users\Claudi\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-03-04 23:07 - 2015-03-04 23:07 - 00200704 _____ () C:\Users\Claudi\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2015-03-17 11:59 - 2015-03-17 11:59 - 01359872 _____ () C:\Program Files\AVAST Software\Avast\libglesv2.dll
2015-03-17 11:59 - 2015-03-17 11:59 - 00212992 _____ () C:\Program Files\AVAST Software\Avast\libegl.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-4207056575-3370044151-3894322460-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Claudi\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: FsUsbExService => 2
MSCONFIG\Services: NAUpdate => 2
MSCONFIG\Services: OverwolfUpdaterService => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: TomTomHOMEService => 2
MSCONFIG\startupreg: KiesPDLR => E:\Kies\External\FirmwareUpdate\KiesPDLR.exe
MSCONFIG\startupreg: KiesPreload => E:\Kies\Kies.exe /preload
MSCONFIG\startupreg: KiesTrayAgent => E:\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: PDFPrint => E:\PDF24\pdf24.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: WinampAgent => E:\Winamp\winampa.exe
==================== Accounts: =============================
Administrator (S-1-5-21-4207056575-3370044151-3894322460-500 - Administrator - Disabled)
Claudi (S-1-5-21-4207056575-3370044151-3894322460-1000 - Administrator - Enabled) => C:\Users\Claudi
Gast (S-1-5-21-4207056575-3370044151-3894322460-501 - Limited - Enabled)
Laura (S-1-5-21-4207056575-3370044151-3894322460-1005 - Limited - Enabled) => C:\Users\Laura
Lisa (S-1-5-21-4207056575-3370044151-3894322460-1004 - Limited - Enabled) => C:\Users\Lisa
==================== Faulty Device Manager Devices =============
Name: VirtualBox Host-Only Ethernet Adapter
Description: VirtualBox Host-Only Ethernet Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Oracle Corporation
Service: VBoxNetAdp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
System errors:
=============
Microsoft Office Sessions:
=========================
==================== Memory info ===========================
Processor: AMD Phenom(tm) II X4 945 Processor
Percentage of memory in use: 45%
Total physical RAM: 3069.55 MB
Available physical RAM: 1677.6 MB
Total Pagefile: 6137.39 MB
Available Pagefile: 4602.47 MB
Total Virtual: 2047.88 MB
Available Virtual: 1887.47 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:150.1 GB) (Free:97.04 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Eigene Dateien) (Fixed) (Total:74.53 GB) (Free:24.71 GB) NTFS
Drive e: (Programme Neu) (Fixed) (Total:200 GB) (Free:127.92 GB) NTFS
Drive f: (Diverser Krempel) (Fixed) (Total:250 GB) (Free:81.03 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 44E3C1CF)
Partition 1: (Active) - (Size=150.1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=250 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=481.4 GB) - (Type=OF Extended)
========================================================
Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 74.5 GB) (Disk ID: 43520020)
Partition 1: (Not Active) - (Size=74.5 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
18.03.2015, 11:44
| #6 |
| /// the machine /// TB-Ausbilder | Windows 7: Firefox versucht Datei zuladen die verseucht istESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ --> Windows 7: Firefox versucht Datei zuladen die verseucht ist |
|
18.03.2015, 19:42
| #7 |
| | Windows 7: Firefox versucht Datei zuladen die verseucht ist hi schrauber, inzwischen versucht ff tatsächlich nix mehr zu laden, was ich nicht auch will. war irgendwann gestern nach den zig programmen die auf dein Kommando drüber liefen. Hier wie gewünscht die Logs: Eset: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=7d67c3059f4e194db4439fcd4ea152fa
# engine=22962
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-03-18 02:46:47
# local_time=2015-03-18 03:46:47 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='avast! Internet Security'
# compatibility_mode=779 16777213 85 64 99959 191114096 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 19768901 178321197 0 0
# scanned=201915
# found=79
# cleaned=0
# scan_time=11644
sh=97BCCD25561F44E9B13F05F6EEF083C9CE9BA529 ft=1 fh=641f1fb3d2e699c4 vn="Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Conduit\Community Alerts\Alert.dll.vir"
sh=D09F832544B921CD7C61A7DB193F29EF6638AD88 ft=1 fh=58a116a27a6d5dbb vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Messenger\ContentPackagesActivationHandler.exe.vir"
sh=C6E3F8034D197C34D61701AC146694B6DBEC36CD ft=1 fh=7f9fa2fc68c7b7f4 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Messenger\mgAdaptersProxy.dll.vir"
sh=FC883B83DA2A9ED93AC2A4CEC9936268A6B264C2 ft=1 fh=80a06d85550fdea2 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Messenger\mgArchive.dll.vir"
sh=F3001B5F58A6C6AB8DD7E6E63CB89D20F74EF228 ft=1 fh=f50ea5fcbc656251 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Messenger\mgcommon.dll.vir"
sh=2CF3C9FBCBEBAA6D75DE43CCC487D62954538F81 ft=1 fh=446d6a4df1e456fa vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Messenger\mgcommunication.dll.vir"
sh=60FCD298549E0383DFACBE66420DC922D6BAAF84 ft=1 fh=73f28a50980afe65 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Messenger\mgconfig.dll.vir"
sh=531A5D492B39076AA7990DD76F41B762258B86A7 ft=1 fh=a45064434f491236 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Messenger\mgFlashPlayer.dll.vir"
sh=AE57E26160449200540B1FD8E839F1BD5A30327A ft=1 fh=c29c62a52f555ace vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Messenger\mghooking.dll.vir"
sh=B6E78443D25AF8B978DC24D515DF7B2F673629CC ft=1 fh=ece232c764d65d89 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Messenger\mgICQAuto.dll.vir"
sh=42B14A7D72C6EDAF5140A2C7B95149B92473853C ft=1 fh=6f2c94e91302d1a2 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Messenger\mgICQMessengerAdapter.dll.vir"
sh=B28C9BCA89A124EBD2EAAF5073370E7E0E87DB4E ft=1 fh=c56c5ff3b0e7703d vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Messenger\mglogger.dll.vir"
sh=87FF2D9A36B50B5A7DF4D08F87B92BEA86D7DAB7 ft=1 fh=71dc135578fffed6 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Messenger\mgMediaPlayer.dll.vir"
sh=C86CF9524D11A2392A491EA15ED12D2CA890F249 ft=1 fh=ae21d71fff630a17 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Messenger\mgMsnAuto.dll.vir"
sh=055E7A147AB9DCB141FDF58A0D3CCD825AE8B361 ft=1 fh=ac8cec2f7886b930 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Messenger\mgMsnMessengerAdapter.dll.vir"
sh=73987118D6F1799B0B29DB00BF7248B20347BB46 ft=1 fh=d25a2527398bc729 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Messenger\mgsimcommon.dll.vir"
sh=C786E62AB09C10B6277F3E9CFC34207FE56E1FFA ft=1 fh=6c27d70c5686a2b1 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Messenger\mgSweetIM.dll.vir"
sh=07695C8842935A01310F52C83BAB364950419841 ft=1 fh=e250219d9f9cd5af vn="Variante von Win32/SweetIM.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Messenger\mgUpdateSupport.dll.vir"
sh=093FB06E67DB8C5562A823E389853340405B8724 ft=1 fh=1b5e6676818f2ad9 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Messenger\mgxml_wrapper.dll.vir"
sh=A679EB39BB32DD88C09E150B0E5F7BAED12467A6 ft=1 fh=0ba701bbd4ac4b73 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Messenger\mgYahooAuto.dll.vir"
sh=9B45902B8B791A84EC6F7D1AD2E8099410D1A467 ft=1 fh=3191d44e293b78d5 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Messenger\mgYahooMessengerAdapter.dll.vir"
sh=AE3254BDF03A347110068EF29CB15C7B554491F0 ft=1 fh=30381f993c8268c2 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Messenger\SweetIM.exe.vir"
sh=C8F1E3F28152C6C010B7AE8FA4D167E3C388FF0C ft=1 fh=84ff0b58ed098a1d vn="Win32/SweetIM.K evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Messenger\resources\sqlite\mgSqlite3.dll.vir"
sh=C6831E788B4644AE0DCDF1789375F03E4093B40B ft=1 fh=a421b64af9dc746c vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Toolbars\Internet Explorer\ClearHist.exe.vir"
sh=DC70060EA7FA69C5257BB203A6119AC70C3B7AF1 ft=1 fh=9f16fd1670e70b2d vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Toolbars\Internet Explorer\mgcommon.dll.vir"
sh=3CDC489B1C3FFC13FF36251CC0700FC1139162CF ft=1 fh=5217c8f320444881 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Toolbars\Internet Explorer\mgconfig.dll.vir"
sh=DBBF5161FC045E081A067405FB664E4BBFA501E2 ft=1 fh=34cce9dbbc63a63f vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll.vir"
sh=5F47592891B6E6B173D048D0549500E10BB59DAC ft=1 fh=80e755e9c1ac2530 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe.vir"
sh=2A3C9F2EC019E18F86C58B6FB93BF360F4741D2B ft=1 fh=f6b0e12c07608859 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Toolbars\Internet Explorer\mghooking.dll.vir"
sh=5A6AF07692A4E73F72AF0EC2FD7E2033C162B554 ft=1 fh=e5925887eea09ad9 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Toolbars\Internet Explorer\mglogger.dll.vir"
sh=CBED6C3BC6165D2EC2D39BFE751DCDC7BAEFAEA4 ft=1 fh=f61f701680e5ab8e vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Toolbars\Internet Explorer\mgsimcommon.dll.vir"
sh=4559152B91101CD5ABDEEEFF31C54DB43352613D ft=1 fh=0729c631acba2034 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll.vir"
sh=9236A60C410DE21A4ADCCD07F08EE7749B441909 ft=1 fh=68ff4b48c9f4a7c5 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll.vir"
sh=0977698142F186068A7EA31D511C915EA4A652F7 ft=1 fh=33afa6b46a191757 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Toolbars\Internet Explorer\mgxml_wrapper.dll.vir"
sh=5FB95D21BE8CF2753FD8A42398ADD26E2B21409F ft=1 fh=0f2c5f177050d203 vn="Variante von Win32/Toolbar.Conduit.AJ evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Conduit\Multi\CT3317892\UninstallerUI.exe.vir"
sh=9816211AA2E62D9478CDE48FD9A380277FC0C11C ft=1 fh=5d69a2203b2707db vn="Variante von MSIL/Toolbar.Linkury.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Claudi\AppData\Local\Smartbar\Application\BrowserHelper.exe.vir"
sh=3454D6423CBC10A021E1D42E03C1683E77D4EC73 ft=1 fh=92e1445a54dc7b39 vn="Variante von Win32/Toolbar.Linkury.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Claudi\AppData\Local\Smartbar\Application\Smartbar.GUI.MainClient.dll.vir"
sh=13CF01B2B0472AA4D425366FBAD3BEAA9BE584BE ft=1 fh=e0a08cb8f43d3f78 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Claudi\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Core.dll.vir"
sh=ACC9BBD20CCE48D970397C6ECF1571B6887FF8BF ft=1 fh=8689ba6585eb6732 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Claudi\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.ChromeLocalPlugin.dll.vir"
sh=EE2C3C5F49A93D6B9B5D74B3E3E8ECAF36FB22FB ft=1 fh=4fbf987570188c00 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Claudi\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.FireFoxLocalPlugin.dll.vir"
sh=2217C3DC636F738B1E4EE30967977EABD673F8B2 ft=1 fh=f2d7774a51c1ff9e vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Claudi\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.InternetExplorerLocalPlugin.dll.vir"
sh=66F45076AC9065AF0EDE8F8095A96D753A1A733A ft=1 fh=6e10c6bb40bb30d6 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Claudi\AppData\Local\Smartbar\Application\Smartbar.Personalization.BusinessEntities.dll.vir"
sh=D4229C4E100172676B7C68DC986DCAFC78BC3758 ft=1 fh=0c65d3420bd761c1 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Claudi\AppData\Local\Smartbar\Application\Smartbar.Resources.ProductUninstaller.dll.vir"
sh=91DE36FDE297E8D489E2DA4763C6B36A8A9354A8 ft=1 fh=ec8c2bb3f0411e28 vn="Variante von MSIL/Toolbar.Linkury.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Claudi\AppData\Local\Smartbar\Application\Smartbar.Resources.SetBrowsersSettings.dll.vir"
sh=FD63CCF6ADDEB87B3A45E7F3502A7E794285F614 ft=1 fh=7bccfd8612d09377 vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Claudi\AppData\Local\Smartbar\Application\SmartbarInternetExplorerBHO.dll.vir"
sh=FD63CCF6ADDEB87B3A45E7F3502A7E794285F614 ft=1 fh=7bccfd8612d09377 vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Claudi\AppData\Local\Smartbar\Application\SmartbarInternetExplorerBHO2.dll.vir"
sh=0E9E784CF82628C37CE409468880766E76812745 ft=1 fh=19c73eacc8234438 vn="Variante von MSIL/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Claudi\AppData\Local\Smartbar\Application\SmartbarInternetExplorerExtension.dll.vir"
sh=0E9E784CF82628C37CE409468880766E76812745 ft=1 fh=19c73eacc8234438 vn="Variante von MSIL/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Claudi\AppData\Local\Smartbar\Application\SmartbarInternetExplorerExtension2.dll.vir"
sh=388802B6F2AC23817E48026735723104F4F78A65 ft=1 fh=c7cf282b6bbbfc64 vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Claudi\AppData\Local\Smartbar\Application\SmartbarVersionsHelper.exe.vir"
sh=FD5BF76965CD0F0490A864BBE148BC61AEAF33CB ft=1 fh=dcb8f75632d9e701 vn="Variante von Win32/Toolbar.Linkury.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Claudi\AppData\Local\Smartbar\Application\SnapDo.exe.vir"
sh=7D83539384F197F9BD87A8888EAC47C9EB713B07 ft=1 fh=44507c0e93eb49da vn="Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Claudi\AppData\Local\Smartbar\Application\amfclgbdpgndipgoegfpkkgobahigbcl\GoogleChromeRemotePlugin.dll.vir"
sh=ACC5E6B48DC7D20FA3D3CCB337794EDBF613F1B8 ft=1 fh=8a053bdb1f027637 vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Claudi\AppData\Local\Smartbar\Application\ar\Smartbar.Resources.LanguageSettings.resources.dll.vir"
sh=A6F2D6913E5012F07DFCC92C11EDBFDFE4ED1293 ft=1 fh=654f8d610f3fc252 vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Claudi\AppData\Local\Smartbar\Application\de\Smartbar.Resources.LanguageSettings.resources.dll.vir"
sh=756EF0121E9244EB75F8E1C7AF2AFE4E2335F5B8 ft=1 fh=0bfb195f5ec35fd5 vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Claudi\AppData\Local\Smartbar\Application\es\Smartbar.Resources.LanguageSettings.resources.dll.vir"
sh=47163963BEC628C659B8C418BA3E86254B581C47 ft=1 fh=f9e90df3baf97682 vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Claudi\AppData\Local\Smartbar\Application\fr\Smartbar.Resources.LanguageSettings.resources.dll.vir"
sh=6A4B0EA2C655CA7CEA63C569B0795E8DF02BEDE2 ft=1 fh=fc8f42e80e4a81d1 vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Claudi\AppData\Local\Smartbar\Application\he\Smartbar.Resources.LanguageSettings.resources.dll.vir"
sh=48C826EF00938F035C91C9F6B3E167CB21D96633 ft=1 fh=59fac0a23423ab50 vn="Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Claudi\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_16.dll.vir"
sh=45F4ABE93E1FB333545719948B418FB1207A5085 ft=1 fh=3a58b09db4698b9d vn="Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Claudi\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_17.dll.vir"
sh=FED76CBD8D5660DEC60B3F16547372DEE7F87FA6 ft=1 fh=9705b06916654cd4 vn="Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Claudi\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_18.dll.vir"
sh=C8F23EFE19C6A36D8921AE5C96F95808EBEFBE05 ft=1 fh=8064b8d931435e04 vn="Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Claudi\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_19.dll.vir"
sh=C7E054C7BA58AE2D703DB29C52346A3ED84FEF57 ft=1 fh=53532950b9749a4f vn="Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Claudi\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_20.dll.vir"
sh=C546BA3CA78F93EB65DCCEA191BC40B9F940E2EA ft=1 fh=6fd80785d353cf5d vn="Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Claudi\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_21.dll.vir"
sh=7C15DA5A80F24F0383C992CFB03CF68E95A464B1 ft=1 fh=be427aaf403ae2ff vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Claudi\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_22.dll.vir"
sh=95544372D9D68E8AFAE5E9DA8B07C14CE5406ABB ft=1 fh=dd489ec711c15129 vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Claudi\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_23.dll.vir"
sh=2340A1CC7E78AB7ACA3057000028C49EDCB40F8B ft=1 fh=920dfe5f971e0a19 vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Claudi\AppData\Local\Smartbar\Application\it\Smartbar.Resources.LanguageSettings.resources.dll.vir"
sh=12485F9D5F323CB4E2E810448D3126A05E8ED58E ft=1 fh=dd34fff25b9d4fc2 vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Claudi\AppData\Local\Smartbar\Application\nl\Smartbar.Resources.LanguageSettings.resources.dll.vir"
sh=055372FDF51D2EC7A5428894A7A26ECD0ED68253 ft=1 fh=948ef70a2aef24f0 vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Claudi\AppData\Local\Smartbar\Application\pt\Smartbar.Resources.LanguageSettings.resources.dll.vir"
sh=778CDC6C18FB1CE23E244D2286F7D2CF5269B3B4 ft=1 fh=326d71a13c53d870 vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Claudi\AppData\Local\Smartbar\Application\ru\Smartbar.Resources.LanguageSettings.resources.dll.vir"
sh=0F5B9F57B0B9078418938F68DEA1990EDF9EFD0E ft=1 fh=f354e0912aed0d24 vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Claudi\AppData\Local\Smartbar\Application\tr\Smartbar.Resources.LanguageSettings.resources.dll.vir"
sh=C6856C32ECEF81A37AFEE5929F0AF5CBB7F4029C ft=1 fh=1edb99ab84c070e7 vn="Variante von Win32/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Claudi\AppData\Roaming\OpenCandy\EF3F7B627CFB4EDCB87ED2A9AEF902C8\Installer.exe.vir"
sh=2AA6BB6CC40076B402A3C6A48FE52B9463F4B053 ft=1 fh=b2519b68a1685889 vn="Variante von Win32/Toolbar.Perion.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\system32\dmwu.exe.vir"
sh=27E476FFE5BCC7FB2727A2217274091495ACBA5E ft=1 fh=68e1f4fad698def6 vn="Variante von Win32/Toolbar.Perion.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\system32\ARFC\wrtc.exe.vir"
sh=3FCDDDFFA523FD30995BD7F1EE90AD1DAFF05C22 ft=1 fh=eb68e71596000e50 vn="Win32/SweetIM.J evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\system32\WNLT\Installation\SKSetup.exe.vir"
sh=6B97D6844255D47302665BE4EB504893477EFA9C ft=1 fh=edd6a7ebcaa5d0c2 vn="Variante von Win32/Toolbar.Perion.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\system32\WNLT\Installation\WSSetup.exe.vir"
sh=041E96802FF6FDA6430DF787B770DC60156D82CB ft=1 fh=6aab9a1d563fb9b7 vn="Variante von MSIL/DownloadGuide.D evtl. unerwünschte Anwendung" ac=I fn="D:\Dropbox\BKF\Rechnungswesen\tz-easybuch_start_installation-Downloader.exe"
sh=E1BBABBDDFD53FC99D694669FFA20A0C83A0DC4D ft=1 fh=12c368433fa831dc vn="Variante von Win32/DownloadGuide.D evtl. unerwünschte Anwendung" ac=I fn="F:\$RECYCLE.BIN\S-1-5-21-4207056575-3370044151-3894322460-1000\$RLK9M6Q\download_audiograbber.exe"
sh=072C90470795BFCC97324A837E6BBC0D1084C51E ft=1 fh=2d0d249c049dc59b vn="Variante von Win32/DownloadGuide.D evtl. unerwünschte Anwendung" ac=I fn="F:\$RECYCLE.BIN\S-1-5-21-4207056575-3370044151-3894322460-1000\$RLK9M6Q\download_audiograbber_mp3_plugin.exe"
sh=E1BBABBDDFD53FC99D694669FFA20A0C83A0DC4D ft=1 fh=12c368433fa831dc vn="Variante von Win32/DownloadGuide.D evtl. unerwünschte Anwendung" ac=I fn="H:\Programme für Roberts Laptop\download_audiograbber.exe"
sh=072C90470795BFCC97324A837E6BBC0D1084C51E ft=1 fh=2d0d249c049dc59b vn="Variante von Win32/DownloadGuide.D evtl. unerwünschte Anwendung" ac=I fn="H:\Programme für Roberts Laptop\download_audiograbber_mp3_plugin.exe"
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=7d67c3059f4e194db4439fcd4ea152fa
# engine=22968
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-03-18 05:47:36
# local_time=2015-03-18 06:47:36 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='avast! Internet Security'
# compatibility_mode=779 16777213 85 64 107209 191124946 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 19779751 178332047 0 0
# scanned=200673
# found=77
# cleaned=0
# scan_time=10381
sh=97BCCD25561F44E9B13F05F6EEF083C9CE9BA529 ft=1 fh=641f1fb3d2e699c4 vn="Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Conduit\Community Alerts\Alert.dll.vir"
sh=D09F832544B921CD7C61A7DB193F29EF6638AD88 ft=1 fh=58a116a27a6d5dbb vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Messenger\ContentPackagesActivationHandler.exe.vir"
sh=C6E3F8034D197C34D61701AC146694B6DBEC36CD ft=1 fh=7f9fa2fc68c7b7f4 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Messenger\mgAdaptersProxy.dll.vir"
sh=FC883B83DA2A9ED93AC2A4CEC9936268A6B264C2 ft=1 fh=80a06d85550fdea2 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Messenger\mgArchive.dll.vir"
sh=F3001B5F58A6C6AB8DD7E6E63CB89D20F74EF228 ft=1 fh=f50ea5fcbc656251 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Messenger\mgcommon.dll.vir"
sh=2CF3C9FBCBEBAA6D75DE43CCC487D62954538F81 ft=1 fh=446d6a4df1e456fa vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Messenger\mgcommunication.dll.vir"
sh=60FCD298549E0383DFACBE66420DC922D6BAAF84 ft=1 fh=73f28a50980afe65 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Messenger\mgconfig.dll.vir"
sh=531A5D492B39076AA7990DD76F41B762258B86A7 ft=1 fh=a45064434f491236 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Messenger\mgFlashPlayer.dll.vir"
sh=AE57E26160449200540B1FD8E839F1BD5A30327A ft=1 fh=c29c62a52f555ace vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Messenger\mghooking.dll.vir"
sh=B6E78443D25AF8B978DC24D515DF7B2F673629CC ft=1 fh=ece232c764d65d89 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Messenger\mgICQAuto.dll.vir"
sh=42B14A7D72C6EDAF5140A2C7B95149B92473853C ft=1 fh=6f2c94e91302d1a2 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Messenger\mgICQMessengerAdapter.dll.vir"
sh=B28C9BCA89A124EBD2EAAF5073370E7E0E87DB4E ft=1 fh=c56c5ff3b0e7703d vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Messenger\mglogger.dll.vir"
sh=87FF2D9A36B50B5A7DF4D08F87B92BEA86D7DAB7 ft=1 fh=71dc135578fffed6 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Messenger\mgMediaPlayer.dll.vir"
sh=C86CF9524D11A2392A491EA15ED12D2CA890F249 ft=1 fh=ae21d71fff630a17 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Messenger\mgMsnAuto.dll.vir"
sh=055E7A147AB9DCB141FDF58A0D3CCD825AE8B361 ft=1 fh=ac8cec2f7886b930 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Messenger\mgMsnMessengerAdapter.dll.vir"
sh=73987118D6F1799B0B29DB00BF7248B20347BB46 ft=1 fh=d25a2527398bc729 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Messenger\mgsimcommon.dll.vir"
sh=C786E62AB09C10B6277F3E9CFC34207FE56E1FFA ft=1 fh=6c27d70c5686a2b1 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Messenger\mgSweetIM.dll.vir"
sh=07695C8842935A01310F52C83BAB364950419841 ft=1 fh=e250219d9f9cd5af vn="Variante von Win32/SweetIM.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Messenger\mgUpdateSupport.dll.vir"
sh=093FB06E67DB8C5562A823E389853340405B8724 ft=1 fh=1b5e6676818f2ad9 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Messenger\mgxml_wrapper.dll.vir"
sh=A679EB39BB32DD88C09E150B0E5F7BAED12467A6 ft=1 fh=0ba701bbd4ac4b73 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Messenger\mgYahooAuto.dll.vir"
sh=9B45902B8B791A84EC6F7D1AD2E8099410D1A467 ft=1 fh=3191d44e293b78d5 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Messenger\mgYahooMessengerAdapter.dll.vir"
sh=AE3254BDF03A347110068EF29CB15C7B554491F0 ft=1 fh=30381f993c8268c2 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Messenger\SweetIM.exe.vir"
sh=C8F1E3F28152C6C010B7AE8FA4D167E3C388FF0C ft=1 fh=84ff0b58ed098a1d vn="Win32/SweetIM.K evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Messenger\resources\sqlite\mgSqlite3.dll.vir"
sh=C6831E788B4644AE0DCDF1789375F03E4093B40B ft=1 fh=a421b64af9dc746c vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Toolbars\Internet Explorer\ClearHist.exe.vir"
sh=DC70060EA7FA69C5257BB203A6119AC70C3B7AF1 ft=1 fh=9f16fd1670e70b2d vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Toolbars\Internet Explorer\mgcommon.dll.vir"
sh=3CDC489B1C3FFC13FF36251CC0700FC1139162CF ft=1 fh=5217c8f320444881 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Toolbars\Internet Explorer\mgconfig.dll.vir"
sh=DBBF5161FC045E081A067405FB664E4BBFA501E2 ft=1 fh=34cce9dbbc63a63f vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll.vir"
sh=5F47592891B6E6B173D048D0549500E10BB59DAC ft=1 fh=80e755e9c1ac2530 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe.vir"
sh=2A3C9F2EC019E18F86C58B6FB93BF360F4741D2B ft=1 fh=f6b0e12c07608859 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Toolbars\Internet Explorer\mghooking.dll.vir"
sh=5A6AF07692A4E73F72AF0EC2FD7E2033C162B554 ft=1 fh=e5925887eea09ad9 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Toolbars\Internet Explorer\mglogger.dll.vir"
sh=CBED6C3BC6165D2EC2D39BFE751DCDC7BAEFAEA4 ft=1 fh=f61f701680e5ab8e vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Toolbars\Internet Explorer\mgsimcommon.dll.vir"
sh=4559152B91101CD5ABDEEEFF31C54DB43352613D ft=1 fh=0729c631acba2034 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll.vir"
sh=9236A60C410DE21A4ADCCD07F08EE7749B441909 ft=1 fh=68ff4b48c9f4a7c5 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll.vir"
sh=0977698142F186068A7EA31D511C915EA4A652F7 ft=1 fh=33afa6b46a191757 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SweetIM\Toolbars\Internet Explorer\mgxml_wrapper.dll.vir"
sh=5FB95D21BE8CF2753FD8A42398ADD26E2B21409F ft=1 fh=0f2c5f177050d203 vn="Variante von Win32/Toolbar.Conduit.AJ evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Conduit\Multi\CT3317892\UninstallerUI.exe.vir"
sh=9816211AA2E62D9478CDE48FD9A380277FC0C11C ft=1 fh=5d69a2203b2707db vn="Variante von MSIL/Toolbar.Linkury.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Claudi\AppData\Local\Smartbar\Application\BrowserHelper.exe.vir"
sh=3454D6423CBC10A021E1D42E03C1683E77D4EC73 ft=1 fh=92e1445a54dc7b39 vn="Variante von Win32/Toolbar.Linkury.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Claudi\AppData\Local\Smartbar\Application\Smartbar.GUI.MainClient.dll.vir"
sh=13CF01B2B0472AA4D425366FBAD3BEAA9BE584BE ft=1 fh=e0a08cb8f43d3f78 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Claudi\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Core.dll.vir"
sh=ACC9BBD20CCE48D970397C6ECF1571B6887FF8BF ft=1 fh=8689ba6585eb6732 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Claudi\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.ChromeLocalPlugin.dll.vir"
sh=EE2C3C5F49A93D6B9B5D74B3E3E8ECAF36FB22FB ft=1 fh=4fbf987570188c00 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Claudi\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.FireFoxLocalPlugin.dll.vir"
sh=2217C3DC636F738B1E4EE30967977EABD673F8B2 ft=1 fh=f2d7774a51c1ff9e vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Claudi\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.InternetExplorerLocalPlugin.dll.vir"
sh=66F45076AC9065AF0EDE8F8095A96D753A1A733A ft=1 fh=6e10c6bb40bb30d6 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Claudi\AppData\Local\Smartbar\Application\Smartbar.Personalization.BusinessEntities.dll.vir"
sh=D4229C4E100172676B7C68DC986DCAFC78BC3758 ft=1 fh=0c65d3420bd761c1 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Claudi\AppData\Local\Smartbar\Application\Smartbar.Resources.ProductUninstaller.dll.vir"
sh=91DE36FDE297E8D489E2DA4763C6B36A8A9354A8 ft=1 fh=ec8c2bb3f0411e28 vn="Variante von MSIL/Toolbar.Linkury.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Claudi\AppData\Local\Smartbar\Application\Smartbar.Resources.SetBrowsersSettings.dll.vir"
sh=FD63CCF6ADDEB87B3A45E7F3502A7E794285F614 ft=1 fh=7bccfd8612d09377 vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Claudi\AppData\Local\Smartbar\Application\SmartbarInternetExplorerBHO.dll.vir"
sh=FD63CCF6ADDEB87B3A45E7F3502A7E794285F614 ft=1 fh=7bccfd8612d09377 vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Claudi\AppData\Local\Smartbar\Application\SmartbarInternetExplorerBHO2.dll.vir"
sh=0E9E784CF82628C37CE409468880766E76812745 ft=1 fh=19c73eacc8234438 vn="Variante von MSIL/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Claudi\AppData\Local\Smartbar\Application\SmartbarInternetExplorerExtension.dll.vir"
sh=0E9E784CF82628C37CE409468880766E76812745 ft=1 fh=19c73eacc8234438 vn="Variante von MSIL/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Claudi\AppData\Local\Smartbar\Application\SmartbarInternetExplorerExtension2.dll.vir"
sh=388802B6F2AC23817E48026735723104F4F78A65 ft=1 fh=c7cf282b6bbbfc64 vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Claudi\AppData\Local\Smartbar\Application\SmartbarVersionsHelper.exe.vir"
sh=FD5BF76965CD0F0490A864BBE148BC61AEAF33CB ft=1 fh=dcb8f75632d9e701 vn="Variante von Win32/Toolbar.Linkury.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Claudi\AppData\Local\Smartbar\Application\SnapDo.exe.vir"
sh=7D83539384F197F9BD87A8888EAC47C9EB713B07 ft=1 fh=44507c0e93eb49da vn="Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Claudi\AppData\Local\Smartbar\Application\amfclgbdpgndipgoegfpkkgobahigbcl\GoogleChromeRemotePlugin.dll.vir"
sh=ACC5E6B48DC7D20FA3D3CCB337794EDBF613F1B8 ft=1 fh=8a053bdb1f027637 vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Claudi\AppData\Local\Smartbar\Application\ar\Smartbar.Resources.LanguageSettings.resources.dll.vir"
sh=A6F2D6913E5012F07DFCC92C11EDBFDFE4ED1293 ft=1 fh=654f8d610f3fc252 vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Claudi\AppData\Local\Smartbar\Application\de\Smartbar.Resources.LanguageSettings.resources.dll.vir"
sh=756EF0121E9244EB75F8E1C7AF2AFE4E2335F5B8 ft=1 fh=0bfb195f5ec35fd5 vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Claudi\AppData\Local\Smartbar\Application\es\Smartbar.Resources.LanguageSettings.resources.dll.vir"
sh=47163963BEC628C659B8C418BA3E86254B581C47 ft=1 fh=f9e90df3baf97682 vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Claudi\AppData\Local\Smartbar\Application\fr\Smartbar.Resources.LanguageSettings.resources.dll.vir"
sh=6A4B0EA2C655CA7CEA63C569B0795E8DF02BEDE2 ft=1 fh=fc8f42e80e4a81d1 vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Claudi\AppData\Local\Smartbar\Application\he\Smartbar.Resources.LanguageSettings.resources.dll.vir"
sh=48C826EF00938F035C91C9F6B3E167CB21D96633 ft=1 fh=59fac0a23423ab50 vn="Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Claudi\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_16.dll.vir"
sh=45F4ABE93E1FB333545719948B418FB1207A5085 ft=1 fh=3a58b09db4698b9d vn="Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Claudi\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_17.dll.vir"
sh=FED76CBD8D5660DEC60B3F16547372DEE7F87FA6 ft=1 fh=9705b06916654cd4 vn="Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Claudi\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_18.dll.vir"
sh=C8F23EFE19C6A36D8921AE5C96F95808EBEFBE05 ft=1 fh=8064b8d931435e04 vn="Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Claudi\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_19.dll.vir"
sh=C7E054C7BA58AE2D703DB29C52346A3ED84FEF57 ft=1 fh=53532950b9749a4f vn="Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Claudi\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_20.dll.vir"
sh=C546BA3CA78F93EB65DCCEA191BC40B9F940E2EA ft=1 fh=6fd80785d353cf5d vn="Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Claudi\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_21.dll.vir"
sh=7C15DA5A80F24F0383C992CFB03CF68E95A464B1 ft=1 fh=be427aaf403ae2ff vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Claudi\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_22.dll.vir"
sh=95544372D9D68E8AFAE5E9DA8B07C14CE5406ABB ft=1 fh=dd489ec711c15129 vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Claudi\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_23.dll.vir"
sh=2340A1CC7E78AB7ACA3057000028C49EDCB40F8B ft=1 fh=920dfe5f971e0a19 vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Claudi\AppData\Local\Smartbar\Application\it\Smartbar.Resources.LanguageSettings.resources.dll.vir"
sh=12485F9D5F323CB4E2E810448D3126A05E8ED58E ft=1 fh=dd34fff25b9d4fc2 vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Claudi\AppData\Local\Smartbar\Application\nl\Smartbar.Resources.LanguageSettings.resources.dll.vir"
sh=055372FDF51D2EC7A5428894A7A26ECD0ED68253 ft=1 fh=948ef70a2aef24f0 vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Claudi\AppData\Local\Smartbar\Application\pt\Smartbar.Resources.LanguageSettings.resources.dll.vir"
sh=778CDC6C18FB1CE23E244D2286F7D2CF5269B3B4 ft=1 fh=326d71a13c53d870 vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Claudi\AppData\Local\Smartbar\Application\ru\Smartbar.Resources.LanguageSettings.resources.dll.vir"
sh=0F5B9F57B0B9078418938F68DEA1990EDF9EFD0E ft=1 fh=f354e0912aed0d24 vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Claudi\AppData\Local\Smartbar\Application\tr\Smartbar.Resources.LanguageSettings.resources.dll.vir"
sh=C6856C32ECEF81A37AFEE5929F0AF5CBB7F4029C ft=1 fh=1edb99ab84c070e7 vn="Variante von Win32/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Claudi\AppData\Roaming\OpenCandy\EF3F7B627CFB4EDCB87ED2A9AEF902C8\Installer.exe.vir"
sh=2AA6BB6CC40076B402A3C6A48FE52B9463F4B053 ft=1 fh=b2519b68a1685889 vn="Variante von Win32/Toolbar.Perion.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\system32\dmwu.exe.vir"
sh=27E476FFE5BCC7FB2727A2217274091495ACBA5E ft=1 fh=68e1f4fad698def6 vn="Variante von Win32/Toolbar.Perion.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\system32\ARFC\wrtc.exe.vir"
sh=3FCDDDFFA523FD30995BD7F1EE90AD1DAFF05C22 ft=1 fh=eb68e71596000e50 vn="Win32/SweetIM.J evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\system32\WNLT\Installation\SKSetup.exe.vir"
sh=6B97D6844255D47302665BE4EB504893477EFA9C ft=1 fh=edd6a7ebcaa5d0c2 vn="Variante von Win32/Toolbar.Perion.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\system32\WNLT\Installation\WSSetup.exe.vir"
sh=041E96802FF6FDA6430DF787B770DC60156D82CB ft=1 fh=6aab9a1d563fb9b7 vn="Variante von MSIL/DownloadGuide.D evtl. unerwünschte Anwendung" ac=I fn="D:\Dropbox\BKF\Rechnungswesen\tz-easybuch_start_installation-Downloader.exe"
sh=E1BBABBDDFD53FC99D694669FFA20A0C83A0DC4D ft=1 fh=12c368433fa831dc vn="Variante von Win32/DownloadGuide.D evtl. unerwünschte Anwendung" ac=I fn="F:\$RECYCLE.BIN\S-1-5-21-4207056575-3370044151-3894322460-1000\$RLK9M6Q\download_audiograbber.exe"
sh=072C90470795BFCC97324A837E6BBC0D1084C51E ft=1 fh=2d0d249c049dc59b vn="Variante von Win32/DownloadGuide.D evtl. unerwünschte Anwendung" ac=I fn="F:\$RECYCLE.BIN\S-1-5-21-4207056575-3370044151-3894322460-1000\$RLK9M6Q\download_audiograbber_mp3_plugin.exe"
Code:
ATTFilter Results of screen317's Security Check version 0.99.97
Windows 7 Service Pack 1 x86 (UAC is disabled!)
``````````````Antivirus/Firewall Check:``````````````
avast! Antivirus
Antivirus out of date!
`````````Anti-malware/Other Utilities Check:`````````
Java 8 Update 31
Java version 32-bit out of Date!
Java 64-bit 8 Update 31
Adobe Flash Player 16.0.0.305
Mozilla Firefox (36.0.1)
Mozilla Thunderbird (31.5.0)
Google Chrome (40.0.2214.115)
Google Chrome (41.0.2272.89)
````````Process Check: objlist.exe by Laurent````````
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
AVAST Software Avast ng vbox\AvastVBoxSVC.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by Claudi (administrator) on MAINWURF on 18-03-2015 19:46:44
Running from C:\Users\Claudi\Desktop\Checks
Loaded Profiles: Claudi (Available profiles: Claudi & Lisa & Laura)
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(Geek Software GmbH) E:\PDF24\pdf24.exe
(Hewlett-Packard) E:\HP\HP Software Update\hpwuschd2.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Dropbox, Inc.) C:\Users\Claudi\AppData\Roaming\Dropbox\bin\Dropbox.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SERVEREXP2008\MSSQL\Binn\sqlservr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TomTom) E:\TT Home\TomTom HOME 2\TomTomHOMEService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(TeamSpeak Systems GmbH) E:\TeamSpeak3\ts3client_win32.exe
(Mozilla Corporation) E:\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [11430504 2011-10-17] (Realtek Semiconductor)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5511352 2015-03-17] (Avast Software s.r.o.)
HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2403288 2014-08-09] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NeroFilterCheck] => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [161328 2007-03-26] (Nero AG)
HKLM\...\Run: [PDFPrint] => E:\PDF24\pdf24.exe [191528 2014-07-04] (Geek Software GmbH)
HKLM\...\Run: [HP Software Update] => E:\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKU\S-1-5-21-4207056575-3370044151-3894322460-1000\...\Run: [EEDSpeedLauncher] => rundll32.exe C:\Windows\system32\eed_ec.dll,SpeedLauncher
Startup: C:\Users\Claudi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Claudi\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Claudi\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Claudi\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Claudi\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Claudi\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Claudi\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Claudi\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Claudi\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Claudi\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (Avast Software s.r.o.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-4207056575-3370044151-3894322460-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-4207056575-3370044151-3894322460-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-4207056575-3370044151-3894322460-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> E:\Office 2013\Office15\OCHelper.dll [2014-01-23] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-01-27] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> E:\Office 2013\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-27] (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - E:\Office 2013\Office15\MSOSB.DLL [2014-03-12] (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Claudi\AppData\Roaming\Mozilla\Firefox\Profiles\abqeew4h.default
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-05] ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> E:\PDF Viewer\PDF Viewer\npPDFXCviewNPPlugin.dll [2014-10-28] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> E:\FOXIT READER\plugins\npFoxitReaderPlugin.dll No File
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-27] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-27] (Oracle Corporation)
FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> E:\Office 2013\Office15\NPSPWRAP.DLL No File
FF Plugin: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin: @Nero.com/KM -> C:\PROGRA~1\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL No File
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-07-02] (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-07-02] (NVIDIA Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> E:\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin HKU\S-1-5-21-4207056575-3370044151-3894322460-1000: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> E:\PDF Viewer\PDF Viewer\npPDFXCviewNPPlugin.dll [2014-10-28] (Tracker Software Products (Canada) Ltd.)
FF Extension: Xmarks - C:\Users\Claudi\AppData\Roaming\Mozilla\Firefox\Profiles\abqeew4h.default\Extensions\foxmarks@kei.com [2014-11-23]
FF Extension: FireFTP - C:\Users\Claudi\AppData\Roaming\Mozilla\Firefox\Profiles\abqeew4h.default\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f} [2015-01-16]
FF Extension: Bookmark Backup - C:\Users\Claudi\AppData\Roaming\Mozilla\Firefox\Profiles\abqeew4h.default\Extensions\{3474c305-9dad-11d8-9207-00055d74c2e4}.xpi [2013-04-08]
FF Extension: Adblock Plus - C:\Users\Claudi\AppData\Roaming\Mozilla\Firefox\Profiles\abqeew4h.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-04-08]
FF Extension: DownThemAll! - C:\Users\Claudi\AppData\Roaming\Mozilla\Firefox\Profiles\abqeew4h.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2013-04-08]
FF Extension: Scriptish - C:\Users\Claudi\AppData\Roaming\Mozilla\Firefox\Profiles\t1i2rmcl.lori\Extensions\scriptish@erikvold.com.xpi [2013-04-08]
FF Extension: No Name - C:\Users\Claudi\AppData\Roaming\Mozilla\Firefox\Profiles\t1i2rmcl.lori\Extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}.xpi [2013-04-08]
StartMenuInternet: FIREFOX.EXE - E:\Mozilla Firefox\firefox.exe
Chrome:
=======
CHR Profile: C:\Users\Claudi\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Claudi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-25]
CHR Extension: (Google Drive) - C:\Users\Claudi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-25]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Claudi\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-02]
CHR Extension: (YouTube) - C:\Users\Claudi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-25]
CHR Extension: (Google Search) - C:\Users\Claudi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-25]
CHR Extension: (Google Wallet) - C:\Users\Claudi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-25]
CHR Extension: (Gmail) - C:\Users\Claudi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-25]
Opera:
=======
StartMenuInternet: (HKU\S-1-5-21-4207056575-3370044151-3894322460-1000) Opera - "E:\Opera\Opera.exe"
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-03-17] (Avast Software s.r.o.)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3205216 2015-03-17] (Avast Software)
S4 FsUsbExService; C:\Windows\system32\FsUsbExService.Exe [233472 2013-10-30] (Teruten) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 MSSQL$SERVEREXP2008; C:\Program Files\Microsoft SQL Server\MSSQL10.SERVEREXP2008\MSSQL\Binn\sqlservr.exe [43028328 2011-09-22] (Microsoft Corporation)
S4 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [762192 2013-07-18] (Nero AG)
R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1720792 2014-08-09] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [17550808 2014-08-09] (NVIDIA Corporation)
S4 SQLAgent$SERVEREXP2008; C:\Program Files\Microsoft SQL Server\MSSQL10.SERVEREXP2008\MSSQL\Binn\SQLAGENT.EXE [370024 2011-09-22] (Microsoft Corporation)
R2 TomTomHOMEService; E:\TT Home\TomTom HOME 2\TomTomHOMEService.exe [93040 2014-06-05] (TomTom)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag.sys [23040 2012-07-03] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem.sys [27776 2012-07-03] (LG Electronics Inc.)
S3 andnetndis; C:\Windows\System32\DRIVERS\lgandnetndis.sys [73728 2012-07-04] (LG Electronics Inc.)
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [19056 2011-11-02] ()
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24144 2015-03-17] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [73440 2015-03-17] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81728 2015-03-17] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49904 2015-03-17] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [788272 2015-03-17] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427480 2015-03-17] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [206976 2015-03-17] ()
S2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [41984 2008-01-10] (Samsung Electronics Co., Ltd.) [File not signed]
S3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [37344 2013-10-30] () [File not signed]
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19416 2014-08-09] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [34080 2014-03-31] (NVIDIA Corporation)
S4 RsFx0105; C:\Windows\System32\DRIVERS\RsFx0105.sys [238696 2011-09-22] (Microsoft Corporation)
S3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [629760 2010-08-10] (Realtek Semiconductor Corporation )
R2 SSPORT; C:\Windows\system32\Drivers\SSPORT.sys [5120 2013-11-26] (Samsung Electronics) [File not signed]
S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [184192 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [35288 2013-08-22] (The OpenVPN Project)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [220240 2015-03-17] (Avast Software)
S3 catchme; \??\C:\Users\Claudi\AppData\Local\Temp\catchme.sys [X]
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S3 MSICDSetup; \??\G:\CDriver.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-17 15:00 - 2015-03-17 15:00 - 00021052 _____ () C:\ComboFix.txt
2015-03-17 14:50 - 2015-03-17 15:00 - 00000000 ____D () C:\Qoobox
2015-03-17 14:50 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-03-17 14:50 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-03-17 14:50 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-03-17 14:50 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-03-17 14:50 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-03-17 14:50 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-03-17 14:50 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-03-17 14:50 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-03-17 14:49 - 2015-03-17 14:59 - 00000000 ____D () C:\Windows\erdnt
2015-03-17 13:03 - 2015-03-17 13:03 - 00000000 ____D () C:\Windows\system32\vbox
2015-03-17 12:43 - 2015-03-18 19:46 - 00000000 ____D () C:\FRST
2015-03-17 12:42 - 2015-03-17 12:42 - 00000000 _____ () C:\Users\Claudi\defogger_reenable
2015-03-17 12:10 - 2015-03-18 19:46 - 00000000 ____D () C:\Users\Claudi\Desktop\Checks
2015-03-17 12:01 - 2015-03-17 19:23 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-17 12:00 - 2015-03-17 12:00 - 00000626 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-03-17 12:00 - 2015-03-17 12:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-03-17 12:00 - 2015-03-17 12:00 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-17 12:00 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-17 12:00 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-17 12:00 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-17 11:59 - 2015-03-17 11:59 - 00291312 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
2015-03-17 11:59 - 2015-03-17 11:59 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
2015-03-16 17:44 - 2015-03-16 17:44 - 00002037 _____ () C:\Users\Claudi\Desktop\JDownloader 2.lnk
2015-03-16 17:43 - 2015-03-17 13:40 - 00000000 ____D () C:\Users\Claudi\AppData\Local\JDownloader v2.0
2015-03-16 17:40 - 2015-03-16 17:44 - 00000000 ____D () C:\Users\Claudi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDownloader
2015-03-16 15:10 - 2015-03-16 15:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heroes of the Storm
2015-03-16 14:15 - 2015-03-17 16:28 - 00000000 ____D () C:\Users\Claudi\Desktop\kur
2015-03-14 12:05 - 2015-03-14 12:05 - 00000000 ____D () C:\Users\Claudi\Tracing
2015-03-12 20:17 - 2015-03-14 11:54 - 00000000 ____D () C:\Users\Claudi\AppData\Local\calibre-cache
2015-03-12 20:16 - 2015-03-14 11:53 - 00000000 ____D () C:\Users\Claudi\AppData\Roaming\calibre
2015-03-12 20:16 - 2015-03-13 23:12 - 00000890 _____ () C:\Users\Public\Desktop\calibre - E-book management.lnk
2015-03-12 20:15 - 2015-03-13 23:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management
2015-03-12 20:15 - 2015-03-13 23:12 - 00000000 ____D () C:\Program Files\Calibre2
2015-02-20 15:15 - 2015-02-20 15:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III Public Test
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-18 19:31 - 2014-04-25 14:50 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-18 19:12 - 2014-04-30 19:59 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-18 19:09 - 2014-03-10 20:48 - 00000000 ____D () C:\Users\Claudi\AppData\Local\Battle.net
2015-03-18 13:28 - 2013-04-08 18:47 - 01513813 _____ () C:\Windows\WindowsUpdate.log
2015-03-18 12:16 - 2010-11-20 22:01 - 01807830 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-18 12:01 - 2009-07-14 05:34 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-18 12:01 - 2009-07-14 05:34 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-18 11:54 - 2013-04-08 20:40 - 00000228 _____ () C:\Windows\Tasks\QIPdater 2012.job
2015-03-18 11:54 - 2013-04-08 19:17 - 00000000 ____D () C:\Users\Claudi\AppData\Roaming\Dropbox
2015-03-18 11:54 - 2009-07-14 05:39 - 00193260 _____ () C:\Windows\setupact.log
2015-03-18 11:53 - 2014-04-25 14:50 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-18 11:53 - 2013-04-08 18:56 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-03-18 11:53 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-17 19:47 - 2013-04-08 19:07 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment
2015-03-17 19:30 - 2010-11-20 22:48 - 00337122 _____ () C:\Windows\PFRO.log
2015-03-17 19:29 - 2013-10-11 18:58 - 00000000 ____D () C:\AdwCleaner
2015-03-17 19:22 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\PLA
2015-03-17 19:21 - 2013-04-08 18:08 - 00000000 ____D () C:\Users\Claudi\AppData\Roaming\Nettalk
2015-03-17 15:00 - 2009-07-14 03:37 - 00000000 __RHD () C:\Users\Default
2015-03-17 15:00 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Public
2015-03-17 14:59 - 2009-07-14 03:04 - 00000215 _____ () C:\Windows\system.ini
2015-03-17 12:42 - 2013-04-08 18:45 - 00000000 ____D () C:\Users\Claudi
2015-03-17 11:59 - 2014-04-24 18:44 - 00024144 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-03-17 11:59 - 2013-04-08 19:14 - 00788272 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys
2015-03-17 11:59 - 2013-04-08 19:14 - 00427480 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSP.sys
2015-03-17 11:59 - 2013-04-08 19:14 - 00206976 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-03-17 11:59 - 2013-04-08 19:14 - 00081728 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr2.sys
2015-03-17 11:59 - 2013-04-08 19:14 - 00073440 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-03-17 11:59 - 2013-04-08 19:14 - 00049904 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-03-16 21:05 - 2013-05-03 20:19 - 00000000 ____D () C:\Users\Claudi\AppData\Roaming\Skype
2015-03-15 20:36 - 2014-06-25 19:13 - 00000000 ____D () C:\Users\Claudi\Desktop\beraeuner2007
2015-03-14 12:04 - 2014-03-23 14:55 - 00000000 ___RD () C:\Program Files\Skype
2015-03-14 12:04 - 2013-05-03 20:19 - 00000000 ____D () C:\ProgramData\Skype
2015-03-10 19:02 - 2013-04-08 19:18 - 00000000 ____D () C:\Users\Claudi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-03-08 12:51 - 2013-04-08 19:15 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-03-01 22:47 - 2014-12-14 12:46 - 00000000 ____D () C:\Users\Claudi\AppData\Roaming\vlc
2015-02-28 22:24 - 2014-03-10 20:48 - 00000000 ____D () C:\Program Files\Battle.net
2015-02-20 15:15 - 2013-04-08 19:07 - 00000000 ____D () C:\Program Files\Common Files\Blizzard Entertainment
2015-02-19 19:55 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\NDF
==================== Files in the root of some directories =======
2013-12-17 20:24 - 2014-11-29 17:36 - 0006656 _____ () C:\Users\Claudi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-12-24 14:56 - 2014-12-24 14:56 - 0000846 _____ () C:\Users\Claudi\AppData\Local\recently-used.xbel
2014-04-21 15:26 - 2014-11-28 21:18 - 0007620 _____ () C:\Users\Claudi\AppData\Local\Resmon.ResmonCfg
2014-10-30 19:33 - 2014-11-15 16:08 - 0015220 _____ () C:\ProgramData\hpzinstall.log
2013-06-24 13:24 - 2013-06-24 13:24 - 0000099 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
Some content of TEMP:
====================
C:\Users\Claudi\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp0_c3k7.dll
C:\Users\Claudi\AppData\Local\Temp\Quarantine.exe
C:\Users\Claudi\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-03-15 18:29
==================== End Of Log ============================
FRST_Addition: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-03-2015
Ran by Claudi at 2015-03-18 19:47:10
Running from C:\Users\Claudi\Desktop\Checks
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.22beta (HKLM\...\7-Zip) (Version: - )
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Age of Empires III (HKLM\...\InstallShield_{A8CF5C37-8EC5-4C33-BB4A-87F468B77D45}) (Version: 1.00.0000 - Microsoft Game Studios)
Age of Empires III (Version: 1.00.0000 - Microsoft Game Studios) Hidden
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.0.4.4 - Atheros Communications Inc.)
Audacity 2.0.3 (HKLM\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
Avast Free Antivirus (HKLM\...\avast) (Version: 10.2.2214 - AVAST Software)
Battle.net (HKLM\...\Battle.net) (Version: - Blizzard Entertainment)
Benutzerhandbuch anzeigen (HKLM\...\View User Guide) (Version: 3.60.02.0 - )
calibre (HKLM\...\{8854EE3C-5031-499F-B5EB-51A82F1B28EF}) (Version: 2.21.0 - Kovid Goyal)
CoreAAC Audio Decoder (remove only) (HKLM\...\CoreAAC Audio Decoder) (Version: - )
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DDBAC (HKLM\...\{E3B6D3FB-A593-41BA-9AB1-FFE46F608565}) (Version: 5.3.21 - DataDesign)
Destinations (Version: 130.0.0.0 - Hewlett-Packard) Hidden
Diablo II (HKLM\...\Diablo II) (Version: - Blizzard Entertainment)
Diablo III (HKLM\...\Diablo III) (Version: - Blizzard Entertainment)
Diablo III Public Test (HKLM\...\Diablo III Public Test) (Version: - Blizzard Entertainment)
Die Siedler - Aufbruch der Kulturen (HKLM\...\SADK) (Version: - )
DIE SIEDLER - Aufstieg eines Königreichs (HKLM\...\{D3F80A98-05AB-4D8C-9272-766CCFA6A48D}) (Version: 1.00.0000 - Ubisoft)
Die Siedler 7 (HKLM\...\{9C916142-C18C-429D-BFED-40094A7E0BEB}) (Version: 1.12.1396 - Ubisoft)
DocProc (Version: 13.0.0.0 - Hewlett-Packard) Hidden
Dropbox (HKU\S-1-5-21-4207056575-3370044151-3894322460-1000\...\Dropbox) (Version: 3.2.9 - Dropbox, Inc.)
Fotogalerie (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Chrome (HKLM\...\Google Chrome) (Version: 41.0.2272.89 - Google Inc.)
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
Hearthstone (HKLM\...\Hearthstone) (Version: - Blizzard Entertainment)
Heroes of the Storm (HKLM\...\Heroes of the Storm) (Version: - Blizzard Entertainment)
IBANKonverterQuickVerein (HKLM\...\{1F1FC068-123F-4302-9555-8FF3CAEB0506}) (Version: 1.00.0000 - Ihr Firmenname)
Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
JDownloader 2 (HKLM\...\jdownloader2-1) (Version: 2.0 - AppWork GmbH)
LG United Mobile Drivers (HKLM\...\{5DB849D6-9392-4FB7-9ABB-87ED433152E5}) (Version: 3.8.1 - LG Electronics)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Access database engine 2007 (German) (HKLM\...\{90120000-00D1-0407-0000-0000000FF1CE}) (Version: 12.0.4518.1049 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 (HKLM\...\Microsoft SQL Server 10 Release) (Version: - Microsoft Corporation)
Microsoft SQL Server 2008 Browser (HKLM\...\{4AF2248C-B3DF-46FB-9596-87F5DB193689}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Native Client (HKLM\...\{539A0EAA-E1BB-4163-9C1E-6C8BF4A17FA2}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{D074DC76-F6C9-440E-A1D0-1DE958417FDB}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Movie Maker (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 36.0.1 (x86 de) (HKLM\...\Mozilla Firefox 36.0.1 (x86 de)) (Version: 36.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
Mozilla Thunderbird 31.5.0 (x86 de) (HKLM\...\Mozilla Thunderbird 31.5.0 (x86 de)) (Version: 31.5.0 - Mozilla)
MSI to redistribute MS VS2005 CRT libraries (HKLM\...\{A8D93648-9F7F-407D-915C-62044644C3DA}) (Version: 8.0.50727.42 - The Firebird Project)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Nero 7 Essentials (HKLM\...\{97F32DF8-D66E-446A-A425-C1D7B45C1031}) (Version: 7.02.6782 - Nero AG)
Nero Video 2014 (HKLM\...\{F9BC3E29-E14A-417F-AAC7-289137234C8E}) (Version: 15.0.03000 - Nero AG)
Nettalk 6.7 (HKLM\...\Nettalk_is1) (Version: - Nicolas Kruse)
NVIDIA 3D Vision Controller-Treiber 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.52 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.1.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.1.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA PhysX (Legacy) (HKLM\...\{FAAC26AD-73BA-40CE-86AA-C9213F9E064A}) (Version: 9.13.0604 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
ON_OFF Charge B11.1102.1 (HKLM\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
Opera 12.16 (HKU\S-1-5-21-4207056575-3370044151-3894322460-1000\...\Opera 12.16.1860) (Version: 12.16.1860 - Opera Software ASA)
Oracle VM VirtualBox 4.3.20 (HKLM\...\{3ACD85F2-BD6D-44FE-8CAE-5C1C3757ED7E}) (Version: 4.3.20 - Oracle Corporation)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PDF24 Creator 6.7.0 (HKLM\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.311.0 - Tracker Software Products Ltd)
Prerequisite installer (Version: 15.0.0005 - Nero AG) Hidden
QIP 2012 7221 Jeak-Edition (HKLM\...\QIP 2012 7221 Jeak-Edition 4.0.7221) (Version: 4.0.7221 - jeak.de)
QIP 2012 7221 Jeak-Edition (Version: 4.0.7221 - jeak.de) Hidden
QuickVerein 2014 V11 (HKLM\...\{3E3397FD-9FF6-4EF0-B7AC-1FB668DFF774}) (Version: 11.0.0 - Lexware)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6482 - Realtek Semiconductor Corp.)
Samsung CLP-360 Series (HKLM\...\Samsung CLP-360 Series) (Version: 1.12 (05.12.2013) - Samsung Electronics Co., Ltd.)
Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.3.2.12064_9 - Samsung Electronics Co., Ltd.)
Samsung Kies (Version: 2.3.2.12064_9 - Samsung Electronics Co., Ltd.) Hidden
Samsung Printer Live Update (HKLM\...\Samsung Printer Live Update) (Version: 1.01.00:04(2013-04-22) - Samsung Electronics Co., Ltd.)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.29.0 - SAMSUNG Electronics Co., Ltd.)
SDFormatter (HKLM\...\{15EB20D6-5F13-41D0-BEF9-C9C44D6AC620}) (Version: 3.0.0 - SD Association)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version: - Microsoft)
Service Pack 3 für SQL Server 2008 (KB2546951) (HKLM\...\KB2546951) (Version: 10.3.5500.0 - Microsoft Corporation)
SHIELD Streaming (Version: 3.1.100 - NVIDIA Corporation) Hidden
Skype™ 7.2 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.2.103 - Skype Technologies S.A.)
Sql Server Customer Experience Improvement Program (Version: 10.3.5500.0 - Microsoft Corporation) Hidden
StarMoney (Version: 3.0.0.124 - StarFinanz) Hidden
StarMoney (Version: 4.0.4.16 - StarFinanz) Hidden
Stronghold (HKLM\...\{C917BA70-28A3-4C74-B163-41FD8C8E1A5A}) (Version: 1.20.0000 - Firefly Studios)
TeamSpeak 3 Client (HKU\S-1-5-21-4207056575-3370044151-3894322460-1000\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
TomTom HOME (HKLM\...\{7A2BB1C8-903D-4585-9F3B-CADD67D07D37}) (Version: 2.9.8 - Ihr Firmenname)
TomTom HOME Visual Studio Merge Modules (HKLM\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
Ubisoft Game Launcher (HKLM\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Unterstützungsdateien für Microsoft SQL Server 2008-Setup (HKLM\...\{2A231800-A7CF-4223-B8A3-1FD9057BAE96}) (Version: 10.3.5500.0 - Microsoft Corporation)
Uplay (HKLM\...\Uplay) (Version: 4.6 - Ubisoft)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Winamp (HKLM\...\Winamp) (Version: 5.63 - Nullsoft, Inc)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows-Treiberpaket - Hewlett-Packard Image (04/27/2007 9.0.0.0) (HKLM\...\A6BCA7876CD547CFB5821019998F044515D81B74) (Version: 04/27/2007 9.0.0.0 - Hewlett-Packard)
Z-Cron (HKLM\...\{FD57FF4D-7225-4DAC-B15D-9BAE3E8A0E2B}) (Version: 4.9.0.53 - IMU Andreas Baumann)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-4207056575-3370044151-3894322460-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Claudi\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4207056575-3370044151-3894322460-1000_Classes\CLSID\{0713E8A2-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4207056575-3370044151-3894322460-1000_Classes\CLSID\{0713E8A8-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4207056575-3370044151-3894322460-1000_Classes\CLSID\{0713E8D2-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4207056575-3370044151-3894322460-1000_Classes\CLSID\{0713E8D8-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4207056575-3370044151-3894322460-1000_Classes\CLSID\{373FF7F0-EB8B-11CD-8820-08002B2F4F5A}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4207056575-3370044151-3894322460-1000_Classes\CLSID\{373FF7F4-EB8B-11CD-8820-08002B2F4F5A}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4207056575-3370044151-3894322460-1000_Classes\CLSID\{58DA8D8A-9D6A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4207056575-3370044151-3894322460-1000_Classes\CLSID\{58DA8D8F-9D6A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4207056575-3370044151-3894322460-1000_Classes\CLSID\{58DA8D93-9D6A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4207056575-3370044151-3894322460-1000_Classes\CLSID\{58DA8D96-9D6A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4207056575-3370044151-3894322460-1000_Classes\CLSID\{5ACBB955-5C57-11CF-8993-00AA00688B10}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4207056575-3370044151-3894322460-1000_Classes\CLSID\{5ACBB956-5C57-11CF-8993-00AA00688B10}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4207056575-3370044151-3894322460-1000_Classes\CLSID\{5ACBB957-5C57-11CF-8993-00AA00688B10}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4207056575-3370044151-3894322460-1000_Classes\CLSID\{5ACBB958-5C57-11CF-8993-00AA00688B10}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4207056575-3370044151-3894322460-1000_Classes\CLSID\{6027C2D4-FB28-11CD-8820-08002B2F4F5A}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4207056575-3370044151-3894322460-1000_Classes\CLSID\{612A8624-0FB3-11CE-8747-524153480004}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4207056575-3370044151-3894322460-1000_Classes\CLSID\{612A8628-0FB3-11CE-8747-524153480004}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4207056575-3370044151-3894322460-1000_Classes\CLSID\{62823C20-41A3-11CE-9E8B-0020AF039CA3}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4207056575-3370044151-3894322460-1000_Classes\CLSID\{6B7E638F-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4207056575-3370044151-3894322460-1000_Classes\CLSID\{6B7E6393-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4207056575-3370044151-3894322460-1000_Classes\CLSID\{6B7E63A3-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4207056575-3370044151-3894322460-1000_Classes\CLSID\{9ED94440-E5E8-101B-B9B5-444553540000}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4207056575-3370044151-3894322460-1000_Classes\CLSID\{9ED94444-E5E8-101B-B9B5-444553540000}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4207056575-3370044151-3894322460-1000_Classes\CLSID\{B66834C6-2E60-11CE-8748-524153480004}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4207056575-3370044151-3894322460-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Claudi\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4207056575-3370044151-3894322460-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Claudi\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4207056575-3370044151-3894322460-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Claudi\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4207056575-3370044151-3894322460-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Claudi\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4207056575-3370044151-3894322460-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Claudi\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4207056575-3370044151-3894322460-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Claudi\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4207056575-3370044151-3894322460-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Claudi\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4207056575-3370044151-3894322460-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Claudi\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4207056575-3370044151-3894322460-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Claudi\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
==================== Restore Points =========================
26-02-2015 17:29:08 Geplanter Prüfpunkt
06-03-2015 19:00:13 Geplanter Prüfpunkt
12-03-2015 20:15:24 Installed calibre
13-03-2015 23:12:09 Installed calibre
17-03-2015 11:58:34 avast! antivirus system restore point
17-03-2015 14:45:52 Revo Uninstaller's restore point - mystartsearch uninstall
17-03-2015 14:48:03 Revo Uninstaller's restore point - Between Lines
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {191C7B13-A2E5-416A-8428-85C9F4483AC4} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {1A7CA7EA-8A8F-4282-9644-B5160692C2E1} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {2E992470-35AD-43DB-AC10-A9CE1376D928} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {618DEE84-9E27-4E67-B8D7-2265C4D0E11A} - System32\Tasks\{094D1E08-30AE-4C6D-9378-E126CBB3CDF2} => E:\PowerLine Utility\PowerLine Utility.exe
Task: {6F7AAFB6-FD59-43E6-9A20-21F8C2D89805} - System32\Tasks\{F6E4E344-AFA4-45EC-B680-316642C7B274} => pcalua.exe -a D:\Downloads\the_settlers_7_1.09full.exe -d D:\Downloads
Task: {7256C442-D3AA-4728-A4E4-2FE8B724DAC4} - System32\Tasks\{C6450D5E-BEC1-46C0-B9D9-3BEDA450F984} => pcalua.exe -a "E:\DAEMON Tools Lite\InstallGadget.exe" -d "E:\DAEMON Tools Lite"
Task: {8BC55973-9258-4920-BE86-0D24D5D685D6} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe
Task: {AED41E5D-F890-4EE5-9E9E-B55AF601D486} - System32\Tasks\{0D53B32E-FCF5-4EC2-BFEE-66BCB2581099} => pcalua.exe -a D:\Downloads\the_settlers_7_1.10full.exe -d D:\Downloads
Task: {B434EE57-04A4-4306-821D-5768C3D504BA} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {B4D7077F-250B-4863-B751-A388DE4858E3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-04-25] (Google Inc.)
Task: {B9A0C4A2-9AE8-4820-BE0C-E731F41CBBD4} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-03-17] (Avast Software s.r.o.)
Task: {BE33C3A2-D018-439E-B12F-CEE12418FCC1} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe
Task: {C830ED48-B5C0-419F-9AEB-D46C0515296F} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Mainwurf-Claudi Mainwurf => E:\Office 2013\Office15\MsoSync.exe [2014-01-23] (Microsoft Corporation)
Task: {CC31F910-894E-4A2A-9DE8-3E33FC0B8BA3} - System32\Tasks\{6C3D7013-6959-4F74-A829-2331FD571855} => E:\PowerLine Utility\PowerLine Utility.exe
Task: {D3472535-CD02-424C-B62D-340234199A36} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
Task: {DA5BE7E9-C870-4B8A-8E20-07482868AE86} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {DD8019B9-09FA-4131-9F2E-A98C024120DA} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {E1306F84-6F52-4D0A-9BC4-ED5A8BF091F1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-04-25] (Google Inc.)
Task: {E31A6401-5975-4FA3-87FA-081775700DB5} - System32\Tasks\{1C94C6D1-C589-46BF-9E1E-73D7032ED5AF} => pcalua.exe -a C:\Users\Claudi\Desktop\setup_basic_G2710_3.exe -d C:\Users\Claudi\Desktop
Task: {E835B712-93FC-469A-AF7F-47AAEB695393} - System32\Tasks\QIPdater 2012 => E:\QIP\qipdater.exe [2012-03-27] (Caphyon LTD)
Task: {F2C691D9-F45F-4E7C-83F4-109DCCA4C4BA} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {F822BF3F-22DD-433E-95B7-93D64CA69A76} - System32\Tasks\Games\UpdateCheck_S-1-5-21-4207056575-3370044151-3894322460-1004
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\QIPdater 2012.job => E:\QIP\qipdater.exe
==================== Loaded Modules (whitelisted) ==============
2015-03-17 11:59 - 2015-03-17 11:59 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-03-17 11:59 - 2015-03-17 11:59 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-03-18 11:55 - 2015-03-18 11:55 - 02922496 _____ () C:\Program Files\AVAST Software\Avast\defs\15031800\algo.dll
2013-04-08 18:56 - 2014-07-02 20:42 - 00107992 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2013-04-10 09:15 - 2008-01-10 13:17 - 00022723 _____ () C:\Windows\System32\ssp2ml3.dll
2014-07-09 19:16 - 2013-05-15 07:32 - 00024064 _____ () C:\Windows\System32\sst6clm.dll
2015-03-17 11:59 - 2015-03-17 11:59 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-03-04 23:08 - 2015-03-04 23:08 - 00750080 _____ () C:\Users\Claudi\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-03-18 11:54 - 2015-03-18 11:54 - 00043008 _____ () c:\users\claudi\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp0_c3k7.dll
2015-03-04 23:08 - 2015-03-04 23:08 - 00047616 _____ () C:\Users\Claudi\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-03-04 23:08 - 2015-03-04 23:08 - 00865280 _____ () C:\Users\Claudi\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-03-04 23:07 - 2015-03-04 23:07 - 00200704 _____ () C:\Users\Claudi\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2015-03-17 11:59 - 2015-03-17 11:59 - 01359872 _____ () C:\Program Files\AVAST Software\Avast\libglesv2.dll
2015-03-17 11:59 - 2015-03-17 11:59 - 00212992 _____ () C:\Program Files\AVAST Software\Avast\libegl.dll
2014-02-28 14:33 - 2014-02-28 14:33 - 00148480 _____ () E:\TeamSpeak3\quazip.dll
2014-02-27 14:46 - 2014-02-27 14:46 - 00864768 _____ () E:\TeamSpeak3\platforms\qwindows.dll
2014-02-27 14:45 - 2014-02-27 14:45 - 00677376 _____ () E:\TeamSpeak3\sqldrivers\qsqlite.dll
2014-02-28 14:41 - 2014-08-10 19:41 - 00092104 _____ () E:\TeamSpeak3\soundbackends\directsound_win32.dll
2014-02-28 14:41 - 2014-08-10 19:41 - 00105416 _____ () E:\TeamSpeak3\soundbackends\windowsaudiosession_win32.dll
2014-02-27 14:46 - 2014-02-27 14:46 - 00025600 _____ () E:\TeamSpeak3\imageformats\qgif.dll
2014-02-27 14:46 - 2014-02-27 14:46 - 00242688 _____ () E:\TeamSpeak3\imageformats\qjpeg.dll
2014-02-28 14:42 - 2014-08-10 19:41 - 00477128 _____ () E:\TeamSpeak3\plugins\clientquery_plugin.dll
2014-02-28 14:42 - 2014-08-10 19:41 - 00484808 _____ () E:\TeamSpeak3\plugins\teamspeak_control_plugin.dll
2014-02-27 14:46 - 2014-02-27 14:46 - 00123904 _____ () E:\TeamSpeak3\accessible\qtaccessiblewidgets.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-4207056575-3370044151-3894322460-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Claudi\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: FsUsbExService => 2
MSCONFIG\Services: NAUpdate => 2
MSCONFIG\Services: OverwolfUpdaterService => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: TomTomHOMEService => 2
MSCONFIG\startupreg: KiesPDLR => E:\Kies\External\FirmwareUpdate\KiesPDLR.exe
MSCONFIG\startupreg: KiesPreload => E:\Kies\Kies.exe /preload
MSCONFIG\startupreg: KiesTrayAgent => E:\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: PDFPrint => E:\PDF24\pdf24.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: WinampAgent => E:\Winamp\winampa.exe
==================== Accounts: =============================
Administrator (S-1-5-21-4207056575-3370044151-3894322460-500 - Administrator - Disabled)
Claudi (S-1-5-21-4207056575-3370044151-3894322460-1000 - Administrator - Enabled) => C:\Users\Claudi
Gast (S-1-5-21-4207056575-3370044151-3894322460-501 - Limited - Enabled)
Laura (S-1-5-21-4207056575-3370044151-3894322460-1005 - Limited - Enabled) => C:\Users\Laura
Lisa (S-1-5-21-4207056575-3370044151-3894322460-1004 - Limited - Enabled) => C:\Users\Lisa
==================== Faulty Device Manager Devices =============
Name: VirtualBox Host-Only Ethernet Adapter
Description: VirtualBox Host-Only Ethernet Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Oracle Corporation
Service: VBoxNetAdp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (03/18/2015 11:54:33 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (03/18/2015 11:53:28 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%20
Microsoft Office Sessions:
=========================
Error: (03/18/2015 11:54:33 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
==================== Memory info ===========================
Processor: AMD Phenom(tm) II X4 945 Processor
Percentage of memory in use: 38%
Total physical RAM: 3069.55 MB
Available physical RAM: 1899.55 MB
Total Pagefile: 6137.39 MB
Available Pagefile: 4367.27 MB
Total Virtual: 2047.88 MB
Available Virtual: 1892.49 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:150.1 GB) (Free:95 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Eigene Dateien) (Fixed) (Total:74.53 GB) (Free:24.71 GB) NTFS
Drive e: (Programme Neu) (Fixed) (Total:200 GB) (Free:127.92 GB) NTFS
Drive f: (Diverser Krempel) (Fixed) (Total:250 GB) (Free:84.61 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 44E3C1CF)
Partition 1: (Active) - (Size=150.1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=250 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=481.4 GB) - (Type=OF Extended)
========================================================
Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 74.5 GB) (Disk ID: 43520020)
Partition 1: (Not Active) - (Size=74.5 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Viele Grüße und ein fettes Danke für die Hilfe! Claudia Geändert von CIaudi (18.03.2015 um 19:49 Uhr) |
|
19.03.2015, 10:10
| #8 |
| /// the machine /// TB-Ausbilder | Windows 7: Firefox versucht Datei zuladen die verseucht ist Java updaten. Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter D:\Dropbox\BKF\Rechnungswesen\tz-easybuch_start_installation-Downloader.exe
F:\$RECYCLE.BIN\S-1-5-21-4207056575-3370044151-3894322460-1000\$RLK9M6Q\download_audiograbber.exe
F:\$RECYCLE.BIN\S-1-5-21-4207056575-3370044151-3894322460-1000\$RLK9M6Q\download_audiograbber_mp3_plugin.exe
H:\Programme für Roberts Laptop\download_audiograbber.exe
H:\Programme für Roberts Laptop\download_audiograbber_mp3_plugin.exe
HKU\S-1-5-21-4207056575-3370044151-3894322460-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
Emptytemp:
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
 Cleanup: (Die Reihenfolge ist hier entscheidend) Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken. Falls Combofix verwendet wurde:  Combofix deinstallieren
Alle Logs gepostet? Dann lade Dir bitte  DelFix herunter.
Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst. Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen. Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...  und/oder das Forum mit einer kleinen Spende  unterstützen.   Absicherung: Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen: Browser Java Flash-Player PDF-Reader Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren. Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen. Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig. Verwende ein Antivirusprogramm mit Echtzeitscanner und stets aktueller Signaturendatenbank. Meine Empfehlung:  Emsisoft Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen. Optional:  NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen. Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.Lade Software von einem sauberen Portal wie  .Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen. Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner . Abschließend noch ein paar grundsätzliche Bemerkungen: Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems. Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
19.03.2015, 12:10
| #9 |
| | Windows 7: Firefox versucht Datei zuladen die verseucht ist Guten Morgen! Danke für die Hilfe! Die Fixlist habe ich erstellt und durchlaufen lassen mti FRST. Dummerweise hatte ich vergessen die Externe wieder anzuhängen und habe das Programm erneut durchlaufen lassen. Da ich das Log aber nicht sicherte, kann ich folgendes aus dem ersten log noch sagen: D:\Dropbox\BKF\Rechnungswesen\tz-easybuch_start_installation-Downloader.exe" => <-- wurde gelöscht "F:\$RECYCLE.BIN\S-1-5-21-4207056575-3370044151-3894322460-1000\$RLK9M6Q\download_audiograbber.exe" => File/Directory not found. "F:\$RECYCLE.BIN\S-1-5-21-4207056575-3370044151-3894322460-1000\$RLK9M6Q\download_audiograbber_mp3_plugin.exe" => File/Directory not found. weiß ich nicht mehr. "H:\Programme für Roberts Laptop\download_audiograbber.exe" => File/Directory not found. "H:\Programme für Roberts Laptop\download_audiograbber_mp3_plugin.exe" => File/Directory not found. Platte war nicht angehängt. HKU\S-1-5-21-4207056575-3370044151-3894322460-1000\SOFTWARE\Policies\Microsoft\Internet Explorer => <-- wurde auch gelöscht Hier das zweite Log: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 11-03-2015
Ran by Claudi at 2015-03-19 11:44:03 Run:2
Running from C:\Users\Claudi\Desktop\Checks
Loaded Profiles: Claudi (Available profiles: Claudi & Lisa & Laura)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
D:\Dropbox\BKF\Rechnungswesen\tz-easybuch_start_installation-Downloader.exe
F:\$RECYCLE.BIN\S-1-5-21-4207056575-3370044151-3894322460-1000\$RLK9M6Q\download_audiograbber.exe
F:\$RECYCLE.BIN\S-1-5-21-4207056575-3370044151-3894322460-1000\$RLK9M6Q\download_audiograbber_mp3_plugin.exe
H:\Programme für Roberts Laptop\download_audiograbber.exe
H:\Programme für Roberts Laptop\download_audiograbber_mp3_plugin.exe
HKU\S-1-5-21-4207056575-3370044151-3894322460-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
Emptytemp:
*****************
"D:\Dropbox\BKF\Rechnungswesen\tz-easybuch_start_installation-Downloader.exe" => File/Directory not found.
"F:\$RECYCLE.BIN\S-1-5-21-4207056575-3370044151-3894322460-1000\$RLK9M6Q\download_audiograbber.exe" => File/Directory not found.
"F:\$RECYCLE.BIN\S-1-5-21-4207056575-3370044151-3894322460-1000\$RLK9M6Q\download_audiograbber_mp3_plugin.exe" => File/Directory not found.
"H:\Programme für Roberts Laptop\download_audiograbber.exe" => File/Directory not found.
"H:\Programme für Roberts Laptop\download_audiograbber_mp3_plugin.exe" => File/Directory not found.
HKU\S-1-5-21-4207056575-3370044151-3894322460-1000\SOFTWARE\Policies\Microsoft\Internet Explorer => Key not found.
EmptyTemp: => Removed 19.5 MB temporary data.
The system needed a reboot.
==== End of Fixlog 11:44:14 ====
Java wurde auf 8.40 aktuallisiert. Adobe Reader verwende ich nicht. Google Chrome, Opera habe ich beides eben deinstalliert, benötige ich nicht (mehr). Die Zeiten des Multi-Browser-Using in Onlinegames sind lange vorbei. Defogger hatte nix deaktiviert, da ich keine emulierten Laufwerke hatte :-) Combofix wurde zwar verwendet, aber der Befehl bringt nichts außer "konnte nicht gefunden werden. Stellen sie sicher dass der Name richtig geschrieben..." Windows Update ist soeben aktiviert worden und lädt gerade die Updates. Windows Defender ist ebenso wieder aktiviert. Wusste gar nicht, dass er nicht aktiv ist... Bevor ich nun Cleanup laufen lasse, warte ich nochmals auf dein OK, bzgl. Combofix/not found. Weitere Frage: Antivirus-Software: Avast Free AntiVirus ist ausreichend oder sollte ich umsteigen? Gruß Claudia |
|
19.03.2015, 21:12
| #10 |
| /// the machine /// TB-Ausbilder | Windows 7: Firefox versucht Datei zuladen die verseucht ist Liegt Combofix auf dem Desktop?`Wenn ja tipp mal folgendes in das Ausführen-Fenster: "%userprofile%\desktop\Combofix.exe" /Uninstall
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
19.03.2015, 21:53
| #11 |
| | Windows 7: Firefox versucht Datei zuladen die verseucht ist im unterordner checks auf dem Desktop. Damit gings aber. Combofile wurde erfolgreich deinstalliert. Ich lass nun DelFix laufen und geb dir morgen eine letzte rückmeldung :-) |
|
20.03.2015, 06:48
| #12 |
| /// the machine /// TB-Ausbilder | Windows 7: Firefox versucht Datei zuladen die verseucht ist ok
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
20.03.2015, 12:08
| #13 |
| | Windows 7: Firefox versucht Datei zuladen die verseucht istCode:
ATTFilter # DelFix v10.8 - Datei am 19/03/2015 um 21:55:02 erstellt
# Aktualisiert am 29/07/2014 von Xplode
# Benutzer : Claudi - MAINWURF
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (32 bits)
~ Aktiviere die Benutzerkontensteuerung ... OK
~ Entferne die Bereinigungsprogramme ...
Gelöscht : C:\FRST
Gelöscht : C:\AdwCleaner
Gelöscht : HKLM\SOFTWARE\AdwCleaner
Gelöscht : HKLM\SOFTWARE\Swearware
~ Erstelle ein Backup der Registrierungsdatenbank ... OK
~ Lösche die Wiederherstellungspunkte ...
Gelöscht : RP #514 [ComboFix created restore point | 03/19/2015 20:51:56]
Ein neuer Wiederherstellungspunkt wurde erstellt !
~ Stelle die Systemeinstellungen wieder her ... OK
########## - EOF - ##########
|
|
21.03.2015, 09:57
| #14 |
| /// the machine /// TB-Ausbilder | Windows 7: Firefox versucht Datei zuladen die verseucht ist Gern Geschehen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
dann auf 
und dann auf 
. 
WARNUNG an die MITLESER: 
+ R Taste und schreibe Combofix /Uninstall in das 
Linear-Darstellung
