| |
| |||||||
Log-Analyse und Auswertung: Windows 7 Laptop: Probleme mit Maleware Befall, was kann ich tun?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
08.06.2015, 01:41
| #1 |
| |  Windows 7 Laptop: Probleme mit Maleware Befall, was kann ich tun? Hallo, seit einiger Zeit ist mein physikalischer Arbeitsspeicher zunehmend ausgelastet. Außerdem muss ich für Seiten wie z.B. Youtube einen Adblocker benutzen, weil ich sonst von Werbung (keine reguläre Werbung im Video, sondern Werbung auf der Benutzeroberfläche) überschwemmt werde (Stichtest vor 5 Minuten: 3 Sekunden und 25 Blocks, hatte aber auch schon einmal eine Youtube Seite mit 200 Blocks). Ich habe folgende Logs wie angewiesen durchgeführt: defogger_disable.txt: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 01:47 on 08/06/2015 (Marrel)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-06-08 01:39:08
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD64 rev.01.0 596.17GB
Running: Gmer-19357.exe; Driver: C:\Users\Marrel\AppData\Local\Temp\kxriypog.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff80003002000 63 bytes [43, 4D, 32, 35, 01, 00, 00, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 592 fffff80003002040 13 bytes [01, 80, AC, 16, A0, F8, FF, ...]
---- User code sections - GMER 2.1 ----
.text c:\postgreSQL\bin\postgres.exe[1156] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074ff1465 2 bytes [FF, 74]
.text c:\postgreSQL\bin\postgres.exe[1156] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074ff14bb 2 bytes [FF, 74]
.text ... * 2
---- Processes - GMER 2.1 ----
Process C:\ProgramData\DatacardService\DCService.exe (*** suspicious ***) @ C:\ProgramData\DatacardService\DCService.exe [1608](2010-05-08 11:48:36) 0000000000400000
Process C:\ProgramData\DatacardService\DCSHelper.exe (*** suspicious ***) @ C:\ProgramData\DatacardService\DCSHelper.exe [2588] (DataCardMonitor MFC Application/Huawei Technologies Co., Ltd.)(2010-05-08 11:48:26) 0000000000400000
Library C:\Users\Marrel\Downloads\FRST64.exe (*** suspicious ***) @ C:\Users\Marrel\Downloads\FRST64.exe [2124] 000000013f530000
---- EOF - GMER 2.1 ----
Code:
ATTFilter dditional scan result of Farbar Recovery Scan Tool (x64) Version:07-06-2015
Ran by Marrel at 2015-06-08 00:17:09
Running from C:\Users\Marrel\Downloads
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1623171927-3149244632-4192914800-500 - Administrator - Disabled)
Gast (S-1-5-21-1623171927-3149244632-4192914800-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1623171927-3149244632-4192914800-1002 - Limited - Enabled)
Marrel (S-1-5-21-1623171927-3149244632-4192914800-1000 - Administrator - Enabled) => C:\Users\Marrel
X (S-1-5-21-1623171927-3149244632-4192914800-1003 - Limited - Enabled) => C:\Users\X
postgres (S-1-5-21-1623171927-3149244632-4192914800-1005 - Limited - Enabled) => C:\Users\postgres
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Antivirus (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Norton Internet Security (Disabled - Out of date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Avira Antivirus (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Disabled - Out of date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security (Disabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
1310 (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
1310_Help (x32 Version: 82.0.58.000 - Hewlett-Packard) Hidden
1310Trb (x32 Version: 82.0.242.000 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (Version: 6.2.1 - Hewlett-Packard) Hidden
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )
a2zLyrics (HKLM-x32\...\7D05A411-F1D1-7148-7450-5F318274BDB1) (Version: - a2zLyrics-software) <==== ATTENTION
Abyss (HKLM-x32\...\{406656D9-548A-4451-8FDD-69A8A60B3DBC}) (Version: 1.0.0.0 - DigiPen Institute of Technology)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.7.700.202 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.4.402.278 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.03) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.03 - Adobe Systems Incorporated)
AIO_CDB_ProductContext (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_CDB_Software (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_Scan (x32 Version: 130.0.421.000 - Hewlett-Packard) Hidden
ANNO 1602 Königs-Edition (HKLM-x32\...\ANNO 1602 Königs-Edition) (Version: - )
Apophysis 2.0 (HKLM-x32\...\Apophysis 2.0) (Version: - )
Apowersoft Gratis - Audiorekorder V2.1.7 (HKLM-x32\...\{E35F91E4-C68C-43E8-BE90-35CDEE4E5730}_is1) (Version: 2.1.7 - Apowersoft)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.10 - Michael Tippach)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.33 - Atheros Communications Inc.)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Avira (HKLM-x32\...\{bd538030-07d4-4999-a525-7fafa2483f56}) (Version: 1.1.30.21727 - Avira Operations & Co. KG)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.10.434 - Avira Operations GmbH & Co. KG)
BabylonObjectInstaller (HKLM-x32\...\{E55E7026-EF2A-4A17-AAA7-DB98EA3FD1B1}) (Version: 2.0.0.4 - Babylon Ltd) <==== ATTENTION
Beat Hazard (HKLM-x32\...\Steam App 49600) (Version: - Cold Beam Games)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
CamStudio (HKLM-x32\...\CamStudio) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 4.16 - Piriform)
Command & Conquer Teil 3: Operation Tiberian Sun (HKLM-x32\...\Tiberian Sun) (Version: - )
Copy (x32 Version: 130.0.428.000 - Hewlett-Packard) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.47.1.0333 - Disc Soft Ltd)
DealBulldog Toolbar (HKLM-x32\...\DealBulldog Toolbar) (Version: - ) <==== ATTENTION
Debut Videorekorder (HKLM-x32\...\Debut) (Version: 1.95 - NCH Software)
Deponia (HKLM-x32\...\Deponia) (Version: 1.0 - Daedalic Entertainment)
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
Dev-C++ 5 beta 9 release (4.9.9.2) (HKLM-x32\...\Dev-C++) (Version: - )
DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
EA SPORTS Game Face Browser Plugin 1.8.0.0 (HKU\S-1-5-21-1623171927-3149244632-4192914800-1000\...\EA SPORTS Game Face Browser Plugin) (Version: 1.8.0.0 - Electronic Arts)
EA SPORTS Game Face Browser Plugin 1.8.0.0 (HKU\S-1-5-21-1623171927-3149244632-4192914800-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\EA SPORTS Game Face Browser Plugin) (Version: 1.8.0.0 - Electronic Arts)
eBay Worldwide (HKLM-x32\...\{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}) (Version: 2.1.0901 - OEM)
Elite Force (HKLM-x32\...\Elite Force) (Version: - )
eMachines Power Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 4.05.3007 - Acer Incorporated)
eMachines Recovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3013 - Acer Incorporated)
eMachines Registration (HKLM-x32\...\eMachines Registration) (Version: 1.03.3003 - Acer Incorporated)
eMachines ScreenSaver (HKLM-x32\...\eMachines Screensaver) (Version: 1.1.0805 - eMachines Incorporated)
eMachines Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3001 - Acer Incorporated)
Fax (x32 Version: 130.0.418.000 - Hewlett-Packard) Hidden
Firebird SQL Server - MAGIX Edition (HKLM-x32\...\Firebird SQL Server D) (Version: 2.0.1.13 - MAGIX AG)
Free Hide IP (HKLM-x32\...\FreeHideIP) (Version: 4.0.1.6 - )
Free Screen To Video V 2.0 (HKLM-x32\...\Free Screen To Video_is1) (Version: 2.0.0.0 - Koyote Soft)
Free YouTube to MP3 Converter version 3.11.35.1031 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.11.35.1031 - DVDVideoSoft Ltd.)
Fritz6 (HKLM-x32\...\{E51F8EB2-0F55-4F80-9A1E-CE84BE063045}) (Version: - )
Game Booster 3 (HKLM-x32\...\Game Booster 3_is1) (Version: 3.0 - IObit)
GoforFiles (HKU\S-1-5-21-1623171927-3149244632-4192914800-1000\...\GoforFiles) (Version: 1.7.1 - hxxp://www.goforfiles.com/) <==== ATTENTION
GoforFiles (HKU\S-1-5-21-1623171927-3149244632-4192914800-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\GoforFiles) (Version: 1.7.1 - hxxp://www.goforfiles.com/) <==== ATTENTION
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.81 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
Heroes of Might and Magic® III (HKLM-x32\...\Heroes of Might and Magic® III) (Version: - )
Holdem Manager 2 (HKLM-x32\...\HoldemManager2) (Version: - )
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B (HKLM\...\{B61ED343-0B14-4241-999C-490CB1A20DA4}) (Version: 13.0 - HP)
HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{7059BDA7-E1DB-442C-B7A1-6144596720A4}) (Version: 4.000.011.006 - Hewlett-Packard)
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HyperCam 2 (HKLM-x32\...\HyperCam 2) (Version: 2.25.01 - Hyperionics Technology LLC)
ICM Trainer (HKLM-x32\...\{47EA4DDF-FD99-46B3-846C-9F3F315268AD}) (Version: 1.0.0 - PokerStrategy)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1892 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.2.1001 - Intel Corporation)
Internet Turbo (HKLM-x32\...\{B69EF583-75E4-4C52-B912-C711D937D648}) (Version: 10.197.20.13927 - ReSoft Ltd.)
Internet Turbo Engine (HKU\S-1-5-21-1623171927-3149244632-4192914800-1000\...\{09961fa0-90bc-4ba8-9782-f4109c8597c2}) (Version: 1.31.20.10825 - ReSoft Ltd.)
Internet Turbo Engine (HKU\S-1-5-21-1623171927-3149244632-4192914800-1000\...\{fa665153-9cc6-47ab-8414-c06913b4d13a}) (Version: 10.197.20.13927 - ReSoft Ltd.)
Internet Turbo Engine (HKU\S-1-5-21-1623171927-3149244632-4192914800-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\{09961fa0-90bc-4ba8-9782-f4109c8597c2}) (Version: 1.31.20.10825 - ReSoft Ltd.)
Internet Turbo Engine (HKU\S-1-5-21-1623171927-3149244632-4192914800-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\{fa665153-9cc6-47ab-8414-c06913b4d13a}) (Version: 10.197.20.13927 - ReSoft Ltd.)
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
kikin Plugin (NO23 Edition) 1.11 (HKLM-x32\...\kikin Plugin (NO23 Edition)) (Version: 1.11 - kikin)
Launch Manager (HKLM-x32\...\LManager) (Version: 3.0.03 - eMachines)
MAGIX Music Maker for MySpace 15.0.1.8 (D) (HKLM-x32\...\MAGIX Music Maker for MySpace D) (Version: 15.0.1.8 - MAGIX AG)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 4.5 DEU Language Pack (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{B3B750C0-8C22-439D-B7CE-67F3ED99CC2B}) (Version: 1.20.146.0 - Microsoft)
Minecraft PC Gamer Demo version 1.5 (HKLM-x32\...\{55D65D27-C0CD-4375-9021-F3D3D024ED90}_is1) (Version: 1.5 - Mojang)
Mobile Partner (HKLM-x32\...\Mobile Partner) (Version: 16.002.03.03.511 - Huawei Technologies Co.,Ltd)
Mozilla Firefox 35.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0 (x86 de)) (Version: 35.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
NCH EN Toolbar (HKLM-x32\...\NCH_EN Toolbar) (Version: 6.8.5.1 - NCH EN)
Network64 (Version: 130.0.572.000 - Hewlett-Packard) Hidden
No23 Recorder (HKLM-x32\...\{22B0E143-2B0B-435B-9F56-136A3D16065F}) (Version: 2.1.0.3 - No23)
Norton Internet Security (HKLM-x32\...\NIS) (Version: 18.7.2.3 - Symantec Corporation)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
Nous Ver: 1.04 (HKLM-x32\...\{9A96022A-B5D0-4314-AA09-459907AF6F3D}_is1) (Version: - DigiPen)
NTI Backup Now 5 (HKLM-x32\...\InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}) (Version: 5.1.2.630 - NewTech Infosystems)
NTI Backup Now Standard (x32 Version: 5.1.2.630 - NewTech Infosystems) Hidden
NTI Media Maker 8 (HKLM-x32\...\InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}) (Version: 8.0.12.6636 - NewTech Infosystems)
NTI Media Maker 8 (x32 Version: 8.0.12.6636 - NewTech Infosystems) Hidden
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - )
OpenOffice.org 3.3 (HKLM-x32\...\{4286716B-1287-48E7-9078-3DC8248DBA96}) (Version: 3.3.9567 - OpenOffice.org)
Opera Stable 29.0.1795.60 (HKLM-x32\...\Opera 29.0.1795.60) (Version: 29.0.1795.60 - Opera Software ASA)
PokerStars (HKLM-x32\...\PokerStars) (Version: - PokerStars)
PokerStars.net (HKLM-x32\...\PokerStars.net) (Version: - PokerStars.net)
PokerStrategy.com Equilab (HKLM-x32\...\{D4131DB6-878D-4D3C-89C1-D1AFBB8E6B3D}) (Version: 1.2.5.0 - PokerStrategy.com)
PostgreSQL 8.4 (HKLM-x32\...\PostgreSQL 8.4) (Version: 8.4 - PostgreSQL Global Development Group)
Prism Videodatei-Konverter (HKLM-x32\...\Prism) (Version: 2.27 - NCH Software)
Project 64 version 2.1.0.1 (HKLM-x32\...\Project 64_is1) (Version: 2.1.0.1 - )
Project64 1.6 (HKLM-x32\...\{9559F7CA-5E34-4237-A2D9-D856464AD727}) (Version: 1.6 - Project64)
PSD Viewer (HKLM-x32\...\{D8EEDC94-EE82-46A0-A7DB-812E3C6A0A6E}_is1) (Version: - IdeaMK)
R for Windows 2.15.0 (HKLM\...\R for Windows 2.15.0_is1) (Version: 2.15.0 - R Development Core Team)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6151 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30104 - Realtek Semiconductor Corp.)
RecordPad Sound Recorder (HKLM-x32\...\Recordpad) (Version: 4.32 - NCH Software)
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Shockwave (HKLM-x32\...\Shockwave) (Version: - )
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
Skispringen 2002 (HKLM-x32\...\{5E4EF02B-4C5F-4B35-AB77-41284456165A}) (Version: - )
Skype™ 7.4 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.4.102 - Skype Technologies S.A.)
SmartWebPrinting (x32 Version: 130.0.457.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
SoundTap Streaming Audio Recorder (HKLM-x32\...\SoundTap) (Version: 2.26 - NCH Software)
Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Strategic War Command (HKLM-x32\...\{92677021-8835-6181-5178-752285230159}) (Version: 2.02 - rondomedia)
Stronghold Crusader (HKLM-x32\...\{8C3727F2-8E37-49E4-820C-03B1677F53B6}) (Version: - )
Structorizer (HKU\S-1-5-21-1623171927-3149244632-4192914800-1000\...\Structorizer) (Version: - Bob Fisch)
Structorizer (HKU\S-1-5-21-1623171927-3149244632-4192914800-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Structorizer) (Version: - Bob Fisch)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 13.2.2.0 - Synaptics Incorporated)
The Movies(TM) Demo (HKLM-x32\...\InstallShield_{2E2BBF0D-EF39-42EA-9D96-F33AEE22904B}) (Version: 1.0 - Ihr Firmenname)
The Movies(TM) Demo (x32 Version: 1.0 - Ihr Firmenname) Hidden
The Talos Principle Demo (HKLM-x32\...\Steam App 330710) (Version: - Croteam)
Tom Clancy's Splinter Cell Chaos Theory (HKLM-x32\...\{888DD888-82BE-4D85-BCB2-2E042CD3E844}) (Version: 1.05.157 - Ubisoft)
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden
Unity Web Player (HKU\S-1-5-21-1623171927-3149244632-4192914800-1000\...\UnityWebPlayer) (Version: 5.0.1f1 - Unity Technologies ApS)
Unity Web Player (HKU\S-1-5-21-1623171927-3149244632-4192914800-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\UnityWebPlayer) (Version: 5.0.1f1 - Unity Technologies ApS)
UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden
Unreal Anthology (HKLM-x32\...\{14AA72DA-DB40-4A34-93A6-401A81D7AF9E}) (Version: 1.00.0000 - Epic Games, Inc.)
Video Downloader (HKLM-x32\...\Video Downloader) (Version: 1.14 - hxxp://www.vgrabber.com)
Video Web Camera (HKLM-x32\...\{7760D94E-B1B5-40A0-9AA0-ABF942108755}) (Version: 5.1.7.2 - Suyin Optronics Corp)
Virtua Tennis (HKLM-x32\...\{EADF648F-1711-11D6-AFAD-0040052179B6}) (Version: - )
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WebCake 3.00 (HKLM\...\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}) (Version: 3.00 - WebCake LLC) <==== ATTENTION
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
Welcome Center (HKLM-x32\...\eMachines Welcome Center) (Version: 1.02.3004 - Acer Incorporated)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{586509F0-350D-48B5-B763-9CC2F8D96C4C}) (Version: 14.0.8117.416 - Microsoft Corporation)
WindowsMangerProtect20.0.0.502 (HKLM-x32\...\WindowsMangerProtect) (Version: 20.0.0.502 - WindowsProtect LIMITED) <==== ATTENTION
WinRAR 4.11 (32-Bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.11.0 - win.rar GmbH)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-06-2015
Ran by Marrel (administrator) on Marrel-PC on 08-06-2015 00:24:09
Running from C:\Users\Marrel\Downloads
Loaded Profiles: Marrel & postgres & (Available Profiles: Marrel & X & postgres)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
() C:\ProgramData\DatacardService\DCService.exe
(Acer Incorporated) C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccsvchst.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(NTI, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(PostgreSQL Global Development Group) C:\postgreSQL\bin\pg_ctl.exe
(PostgreSQL Global Development Group) C:\postgreSQL\bin\postgres.exe
(Acer Group) C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(PostgreSQL Global Development Group) C:\postgreSQL\bin\postgres.exe
(PostgreSQL Global Development Group) C:\postgreSQL\bin\postgres.exe
(PostgreSQL Global Development Group) C:\postgreSQL\bin\postgres.exe
(PostgreSQL Global Development Group) C:\postgreSQL\bin\postgres.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccsvchst.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Acer Incorporated) C:\Program Files\eMachines\eMachines Power Management\ePowerTray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Windows\PLFSetI.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Acer Incorporated) C:\Program Files\eMachines\eMachines Power Management\ePowerEvent.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Malwarebytes Corporation) C:\Users\Marrel\Desktop\mbar\mbar.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\Marrel\Desktop\Defogger (1).exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\eMachines\eMachines Power Management\ePowerTray.exe [818720 2010-02-26] (Acer Incorporated)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1808168 2009-06-18] (Synaptics Incorporated)
HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [206208 2010-06-09] ()
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-10-01] (Microsoft Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [728312 2015-05-05] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1623171927-3149244632-4192914800-1000\...\MountPoints2: {1bf890a5-e014-11e1-9125-1c75081ac654} - E:\AutoRun.exe
HKU\S-1-5-21-1623171927-3149244632-4192914800-1000\...\MountPoints2: {1bf890b6-e014-11e1-9125-1c75081ac654} - E:\AutoRun.exe
HKU\S-1-5-21-1623171927-3149244632-4192914800-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {1bf890a5-e014-11e1-9125-1c75081ac654} - E:\AutoRun.exe
HKU\S-1-5-21-1623171927-3149244632-4192914800-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {1bf890b6-e014-11e1-9125-1c75081ac654} - E:\AutoRun.exe
HKU\S-1-5-21-1623171927-3149244632-4192914800-1005\...\RunOnce: [ScrSav] => C:\Program Files (x86)\eMachines\Screensaver\run_eMachines.exe [162336 2009-07-22] ()
HKU\S-1-5-21-1623171927-3149244632-4192914800-1005\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\eMachines.scr [425984 2009-08-05] ()
HKU\S-1-5-21-1623171927-3149244632-4192914800-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [ScrSav] => C:\Program Files (x86)\eMachines\Screensaver\run_eMachines.exe [162336 2009-07-22] ()
HKU\S-1-5-21-1623171927-3149244632-4192914800-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\eMachines.scr [425984 2009-08-05] ()
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyServer: [S-1-5-21-1623171927-3149244632-4192914800-1000] => http=;ftp=;https=;
ProxyServer: [S-1-5-21-1623171927-3149244632-4192914800-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0] => http=;ftp=;https=;
ProxyEnable: [S-1-5-21-1623171927-3149244632-4192914800-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0] => Internet Explorer proxy is enabled
ProxyServer: [S-1-5-21-1623171927-3149244632-4192914800-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0] => http=127.0.0.1:13828
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\S-1-5-21-1623171927-3149244632-4192914800-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1623171927-3149244632-4192914800-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?publisher=InternetTurboYB&dpid=InternetTurboYB&co=DE&userid=2d9ba86a-b224-4694-aebd-2d0d0011e71c&searchtype=ds&q={searchTerms}&installDate=18/07/2013
HKU\S-1-5-21-1623171927-3149244632-4192914800-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?publisher=InternetTurboYB&dpid=InternetTurboYB&co=DE&userid=2d9ba86a-b224-4694-aebd-2d0d0011e71c&searchtype=ds&q={searchTerms}&installDate=18/07/2013
HKU\S-1-5-21-1623171927-3149244632-4192914800-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1623171927-3149244632-4192914800-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?publisher=InternetTurboYB&dpid=InternetTurboYB&co=DE&userid=2d9ba86a-b224-4694-aebd-2d0d0011e71c&searchtype=ds&q={searchTerms}&installDate=18/07/2013
HKU\S-1-5-21-1623171927-3149244632-4192914800-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?publisher=InternetTurboYB&dpid=InternetTurboYB&co=DE&userid=2d9ba86a-b224-4694-aebd-2d0d0011e71c&searchtype=ds&q={searchTerms}&installDate=18/07/2013
HKU\S-1-5-21-1623171927-3149244632-4192914800-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2801948
HKU\S-1-5-21-1623171927-3149244632-4192914800-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://emachines.msn.com
HKU\S-1-5-21-1623171927-3149244632-4192914800-1005\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.snap.do/?publisher=InternetTurboYB&dpid=InternetTurboYB&co=DE&userid=2d9ba86a-b224-4694-aebd-2d0d0011e71c&searchtype=hp&installDate=20/04/2013
HKU\S-1-5-21-1623171927-3149244632-4192914800-1005\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snap.do/?publisher=InternetTurboYB&dpid=InternetTurboYB&co=DE&userid=2d9ba86a-b224-4694-aebd-2d0d0011e71c&searchtype=ds&q={searchTerms}&installDate=20/04/2013
HKU\S-1-5-21-1623171927-3149244632-4192914800-1005\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snap.do/?publisher=InternetTurboYB&dpid=InternetTurboYB&co=DE&userid=2d9ba86a-b224-4694-aebd-2d0d0011e71c&searchtype=ds&q={searchTerms}&installDate=20/04/2013
HKU\S-1-5-21-1623171927-3149244632-4192914800-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.snap.do/?publisher=InternetTurboYB&dpid=InternetTurboYB&co=DE&userid=2d9ba86a-b224-4694-aebd-2d0d0011e71c&searchtype=hp&installDate=20/04/2013
HKU\S-1-5-21-1623171927-3149244632-4192914800-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snap.do/?publisher=InternetTurboYB&dpid=InternetTurboYB&co=DE&userid=2d9ba86a-b224-4694-aebd-2d0d0011e71c&searchtype=ds&q={searchTerms}&installDate=20/04/2013
HKU\S-1-5-21-1623171927-3149244632-4192914800-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snap.do/?publisher=InternetTurboYB&dpid=InternetTurboYB&co=DE&userid=2d9ba86a-b224-4694-aebd-2d0d0011e71c&searchtype=ds&q={searchTerms}&installDate=20/04/2013
URLSearchHook: HKLM-x32 - (No Name) - {37483b40-c254-4a72-bda4-22ee90182c1e} - No File
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AEMTDF&pc=MAEM&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AEMTDF&pc=MAEM&src=IE-SearchBox
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2417} URL = hxxp://www.searchqu.com/web?src=ieb&appid=0&systemid=417&sr=0&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AEMTDF&pc=MAEM&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AEMTDF&pc=MAEM&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1623171927-3149244632-4192914800-1000 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=InternetTurboYB&dpid=InternetTurboYB&co=DE&userid=2d9ba86a-b224-4694-aebd-2d0d0011e71c&searchtype=ds&q={searchTerms}&installDate=18/07/2013
SearchScopes: HKU\S-1-5-21-1623171927-3149244632-4192914800-1000 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=InternetTurboYB&dpid=InternetTurboYB&co=DE&userid=2d9ba86a-b224-4694-aebd-2d0d0011e71c&searchtype=ds&q={searchTerms}&installDate=18/07/2013
SearchScopes: HKU\S-1-5-21-1623171927-3149244632-4192914800-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1623171927-3149244632-4192914800-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=InternetTurboYB&dpid=InternetTurboYB&co=DE&userid=2d9ba86a-b224-4694-aebd-2d0d0011e71c&searchtype=ds&q={searchTerms}&installDate=18/07/2013
SearchScopes: HKU\S-1-5-21-1623171927-3149244632-4192914800-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=InternetTurboYB&dpid=InternetTurboYB&co=DE&userid=2d9ba86a-b224-4694-aebd-2d0d0011e71c&searchtype=ds&q={searchTerms}&installDate=18/07/2013
SearchScopes: HKU\S-1-5-21-1623171927-3149244632-4192914800-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1623171927-3149244632-4192914800-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1623171927-3149244632-4192914800-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1623171927-3149244632-4192914800-1005 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL =
SearchScopes: HKU\S-1-5-21-1623171927-3149244632-4192914800-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-02] (Google Inc.)
BHO: a2zLyrics -> {BB43A0A3-3F51-CCE3-D565-A22150A9CF21} -> C:\Program Files (x86)\ver3a2zLyrics\178_x64.dll [2014-09-19] ()
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-20] (Hewlett-Packard Co.)
BHO-x32: Plus-HD-1.6 -> {11111111-1111-1111-1111-110311201102} -> C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-bho.dll No File
BHO-x32: No Name -> {37483b40-c254-4a72-bda4-22ee90182c1e} -> No File
BHO-x32: Symantec NCO BHO -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll [2012-06-07] (Symantec Corporation)
BHO-x32: Symantec Intrusion Prevention -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\IPS\IPSBHO.DLL [2011-03-31] (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-29] (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-02] (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-29] (Oracle Corporation)
BHO-x32: kikin Plugin -> {E601996F-E400-41CA-804B-CD6373A7EEE2} -> C:\Program Files (x86)\kikin\ie_kikin.dll [2010-11-23] (kikin)
BHO-x32: SMTTB2009 Class -> {FCBCCB87-9224-4B8D-B117-F56D924BEB18} -> C:\Program Files (x86)\DealBulldog Toolbar\tbcore3.dll [2011-06-22] ()
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-20] (Hewlett-Packard Co.)
Toolbar: HKLM - No Name - !{338B4DFE-2E2C-4338-9E41-E176D497299E} - No File
Toolbar: HKLM - No Name - !{ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-02] (Google Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll [2012-06-07] (Symantec Corporation)
Toolbar: HKLM-x32 - No Name - !{338B4DFE-2E2C-4338-9E41-E176D497299E} - No File
Toolbar: HKLM-x32 - No Name - !{ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-02] (Google Inc.)
Toolbar: HKU\S-1-5-21-1623171927-3149244632-4192914800-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKU\S-1-5-21-1623171927-3149244632-4192914800-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-02] (Google Inc.)
Toolbar: HKU\S-1-5-21-1623171927-3149244632-4192914800-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKU\S-1-5-21-1623171927-3149244632-4192914800-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-02] (Google Inc.)
Toolbar: HKU\S-1-5-21-1623171927-3149244632-4192914800-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKU\S-1-5-21-1623171927-3149244632-4192914800-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-02] (Google Inc.)
Toolbar: HKU\S-1-5-21-1623171927-3149244632-4192914800-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0 -> No Name - {37483B40-C254-4A72-BDA4-22EE90182C1E} - No File
Toolbar: HKU\S-1-5-21-1623171927-3149244632-4192914800-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0 -> No Name - {338B4DFE-2E2C-4338-9E41-E176D497299E} - No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{EE30255C-7BF5-4CEF-AE16-49F14F918F35}: [NameServer] 193.189.244.225 193.189.244.206
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://isearch.omiga-plus.com/?type=sc&ts=1405683532&from=smt&uid=WDCXWD6400BEVT-22A0RT0_WD-WXP1A80S5655S5655
FireFox:
========
FF ProfilePath: C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default
FF Keyword.URL: hxxp://feed.snapdo.com/?publisher=InternetTurboYB&dpid=InternetTurboYB&co=DE&userid=2d9ba86a-b224-4694-aebd-2d0d0011e71c&searchtype=ds&installDate=18/07/2013&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_278.dll [2012-09-28] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll [2012-09-28] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-29] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-29] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-05-11] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1623171927-3149244632-4192914800-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Marrel\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-03-27] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-1623171927-3149244632-4192914800-1000: electronicarts.com/GameFacePlugin -> C:\Users\Marrel\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll [2012-12-20] (Electronic Arts)
FF Plugin HKU\S-1-5-21-1623171927-3149244632-4192914800-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Marrel\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-03-27] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-1623171927-3149244632-4192914800-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: electronicarts.com/GameFacePlugin -> C:\Users\Marrel\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll [2012-12-20] (Electronic Arts)
FF user.js: detected! => C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\user.js [2014-09-19]
FF SearchPlugin: C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\searchplugins\Web Search.xml [2013-12-31]
FF Extension: General Crawler - C:\Users\Marrel\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com [2013-04-20]
FF Extension: Plus-HD-1.6c - C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\Extensions\9d29e4ccd2024f2d8e320@ad524784406d4c8dab290.com [2015-01-04]
FF Extension: Avira Browser Safety - C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\Extensions\abs@avira.com [2014-12-25]
FF Extension: Internet Turbo - C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\Extensions\{2d9ba86a-b224-4694-aebd-2d0d0011e71c} [2013-12-11]
FF Extension: Free YouTube Download (Free Studio) Menu - C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012-11-10]
FF Extension: TurnTool Viewer - C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\Extensions\ViewerInstall.xpi [2013-01-30]
FF Extension: Adblock Plus - C:\Users\Marrel\AppData\Roaming\Mozilla\Firefox\Profiles\hi9gzhok.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-03-23]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\IPSFFPlgn
FF Extension: Symantec Intrusion Prevention - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\IPSFFPlgn [2012-03-23]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\coFFPlgn_2011_7_13_2
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\coFFPlgn_2011_7_13_2 [2015-06-07]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-06-15]
FF HKU\S-1-5-21-1623171927-3149244632-4192914800-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKU\S-1-5-21-1623171927-3149244632-4192914800-1000\...\Firefox\Extensions: [{56785E7F-4711-0B8B-95D3-4F5852047D9B}] - C:\Program Files (x86)\ver3a2zLyrics\178.xpi
FF Extension: a2zLyrics - C:\Program Files (x86)\ver3a2zLyrics\178.xpi [2014-09-19]
FF HKU\S-1-5-21-1623171927-3149244632-4192914800-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKU\S-1-5-21-1623171927-3149244632-4192914800-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Firefox\Extensions: [{56785E7F-4711-0B8B-95D3-4F5852047D9B}] - C:\Program Files (x86)\ver3a2zLyrics\178.xpi
Chrome:
=======
CHR Profile: C:\Users\Marrel\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (ProxFlow) - C:\Users\Marrel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek [2014-10-01]
CHR Extension: (Adblock Plus) - C:\Users\Marrel\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-03-21]
CHR Extension: (General Crawler) - C:\Users\Marrel\AppData\Local\Google\Chrome\User Data\Default\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel [2014-09-19]
CHR Extension: (Bookmark Manager) - C:\Users\Marrel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-22]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Marrel\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (Google Wallet) - C:\Users\Marrel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [dednnpigldgdbpgcdpfppmlcnnbjciel] - C:\Users\Marrel\AppData\Roaming\Media Finder\Extensions\gencrawler_gc.crx [2013-04-20]
CHR HKLM-x32\...\Chrome\Extension: [fjoijdanhaiflhibkljeklcghcmmfffh] - C:\Program Files (x86)\Betcat\WebCakeLayers.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lpmkgpnbiojfaoklbkpfneikocaobfai] - C:\Users\Marrel\AppData\Roaming\Media Finder\Extensions\mf_plugin_gc.crx [Not Found]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [827640 2015-05-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [434424 2015-05-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [434424 2015-05-05] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1185584 2015-05-05] (Avira Operations GmbH & Co. KG)
R2 DCService.exe; C:\ProgramData\DatacardService\DCService.exe [229376 2010-05-08] () [File not signed]
R2 ePowerSvc; C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe [841248 2010-02-26] (Acer Incorporated)
S3 FirebirdServerMAGIXInstance; C:\Software\Musikrecorder\Common\Database\bin\fbserver.exe [1527900 2005-11-17] (MAGIX®) [File not signed]
R2 GREGService; C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe [23584 2010-01-08] (Acer Incorporated)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1037824 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe [130008 2011-04-17] (Symantec Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-02] (Symantec Corporation)
R2 NTISchedulerSvc; C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [144640 2010-04-17] (NTI, Inc.)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
R2 postgresql-8.4; c:\postgreSQL\bin\pg_ctl.exe [66048 2011-01-28] (PostgreSQL Global Development Group) [File not signed]
R2 Updater Service; C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [243232 2010-01-29] (Acer Group)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [152744 2015-05-05] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-05-05] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-18] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-03-12] (Avira Operations GmbH & Co. KG)
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\BASHDefs\20120507.001\BHDrvx64.sys [1160824 2012-04-03] (Symantec Corporation)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-03-17] (DT Soft Ltd)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [482936 2012-03-24] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138360 2012-04-23] (Symantec Corporation)
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [250368 2010-04-07] (Huawei Technologies Co., Ltd.)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\IPSDefs\20120518.002\IDSvia64.sys [488568 2012-04-28] (Symantec Corporation)
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [107736 2015-06-07] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-06-07] (Malwarebytes Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20120522.005\ENG64.SYS [120440 2012-05-16] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20120522.005\EX64.SYS [2068600 2012-05-16] (Symantec Corporation)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1207020.003\SRTSP64.SYS [744568 2011-03-31] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1207020.003\SRTSPX64.SYS [40568 2011-03-31] (Symantec Corporation)
R3 stdriver; C:\Windows\System32\DRIVERS\stdriverx64.sys [33488 2013-12-08] ()
R0 SymDS; C:\Windows\System32\drivers\NISx64\1207020.003\SYMDS64.SYS [450680 2011-01-27] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1207020.003\SYMEFA64.SYS [912504 2011-03-15] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2012-03-24] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS [171128 2011-01-27] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS [386168 2011-04-21] (Symantec Corporation)
S2 webinstr; \??\C:\Windows\system32\Drivers\webinstr.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-06-08 00:23 - 2015-06-08 00:23 - 00000246 _____ C:\Windows\SysWOW64\defogger_enable.log
2015-06-08 00:21 - 2015-06-08 00:23 - 00000474 _____ C:\Windows\SysWOW64\defogger_disable.log
2015-06-08 00:17 - 2015-06-08 00:17 - 00026405 _____ C:\Users\Marrel\Downloads\Addition.txt
2015-06-08 00:14 - 2015-06-08 00:24 - 00033636 _____ C:\Users\Marrel\Downloads\FRST.txt
2015-06-08 00:13 - 2015-06-08 00:24 - 00000000 ____D C:\FRST
2015-06-08 00:13 - 2015-06-08 00:13 - 02108928 _____ (Farbar) C:\Users\Marrel\Downloads\FRST64.exe
2015-06-08 00:12 - 2015-06-08 00:12 - 00050477 _____ C:\Users\Marrel\Desktop\Defogger (1).exe
2015-06-08 00:11 - 2015-06-08 00:11 - 00050477 _____ C:\Users\Marrel\Downloads\Defogger.exe
2015-06-07 21:13 - 2015-06-07 23:34 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-06-07 21:13 - 2015-06-07 23:31 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-07 21:11 - 2015-06-07 23:18 - 00000000 ____D C:\Users\Marrel\Desktop\mbar
2015-06-07 21:11 - 2015-06-07 21:23 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-06-07 21:10 - 2015-06-07 21:10 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Marrel\Downloads\mbar-1.09.1.1004.exe
2015-06-07 20:19 - 2015-06-07 20:19 - 00276928 _____ C:\Windows\Minidump\060715-29686-01.dmp
2015-06-07 20:06 - 2015-06-07 20:06 - 00276928 _____ C:\Windows\Minidump\060715-30217-01.dmp
2015-06-06 23:40 - 2015-06-06 23:40 - 00000000 ____D C:\Users\Marrel\AppData\Roaming\SitNGoWizard
2015-06-06 23:25 - 2015-06-06 23:28 - 110090565 _____ C:\Users\Marrel\Downloads\8311_Hm2AutoUpdate.exe
2015-06-06 04:30 - 2015-06-06 04:30 - 00001153 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Prism Videodatei-Konverter.lnk
2015-06-06 04:30 - 2015-06-06 04:30 - 00000000 ____D C:\Users\Marrel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Videoverwandte Programme
2015-06-06 04:30 - 2015-06-06 04:30 - 00000000 ____D C:\Users\Marrel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Software Produktpalette
2015-06-06 01:21 - 2015-06-06 01:21 - 00000000 ____D C:\bildschirm
2015-06-04 02:04 - 2015-06-04 02:05 - 00000000 ____D C:\Users\Marrel\AppData\Local\{A9CE8B73-A121-4CC9-ACFA-F89C8FFE2709}
2015-05-19 16:55 - 2015-05-19 16:56 - 00000000 ____D C:\Users\Marrel\Documents\UniversalReplayer
2015-05-19 16:54 - 2015-05-19 17:36 - 00002180 _____ C:\Users\Marrel\URPreferences.xml
2015-05-19 16:44 - 2015-05-19 16:44 - 00001345 _____ C:\Users\Marrel\Downloads\universal_replayer (1).jnlp
2015-05-19 16:43 - 2015-05-19 16:44 - 00562272 _____ (Oracle Corporation) C:\Users\Marrel\Downloads\chromeinstall-8u45.exe
2015-05-19 16:40 - 2015-05-19 16:41 - 00001345 _____ C:\Users\Marrel\Downloads\universal_replayer.jnlp
2015-05-17 02:59 - 2015-05-17 02:59 - 00010940 _____ C:\Users\Marrel\Documents\pokerbook.odt
2015-05-13 19:54 - 2015-05-13 19:54 - 00000000 ____D C:\Users\Marrel\AppData\Local\{89E771F2-90A2-4135-A699-1C8388D74046}
2015-05-10 04:13 - 2015-05-10 04:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PSDViewer
2015-05-10 04:13 - 2015-05-10 04:13 - 00000000 ____D C:\Program Files (x86)\PSDViewer
2015-05-10 04:10 - 2015-05-10 04:10 - 01203488 _____ C:\Users\Marrel\Downloads\PSD viewer - CHIP-Installer.exe
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-06-08 00:26 - 2013-04-20 13:18 - 00000360 _____ C:\Windows\Tasks\AmiUpdXp.job
2015-06-08 00:23 - 2012-03-23 23:11 - 00000000 ____D C:\Users\Marrel
2015-06-08 00:09 - 2013-04-20 12:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\GoforFiles
2015-06-08 00:09 - 2013-04-20 12:56 - 00000000 ____D C:\Program Files (x86)\GoforFiles
2015-06-08 00:03 - 2012-04-09 03:25 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-07 23:45 - 2012-03-23 22:39 - 01995154 _____ C:\Windows\WindowsUpdate.log
2015-06-07 23:35 - 2009-07-14 06:45 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-07 23:35 - 2009-07-14 06:45 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-07 23:30 - 2012-03-24 07:31 - 22396180 _____ C:\Windows\system32\perfh007.dat
2015-06-07 23:30 - 2012-03-24 07:31 - 07215964 _____ C:\Windows\system32\perfc007.dat
2015-06-07 23:30 - 2009-07-14 07:13 - 00006256 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-07 23:25 - 2014-09-19 01:30 - 00000408 _____ C:\Windows\Tasks\a2zLyrics Update.job
2015-06-07 23:25 - 2014-07-31 20:20 - 00263754 _____ C:\Windows\PFRO.log
2015-06-07 23:25 - 2014-07-31 03:28 - 00061958 _____ C:\Windows\setupact.log
2015-06-07 23:25 - 2013-06-20 06:47 - 00001832 _____ C:\Windows\Tasks\Plus-HD-1.6-firefoxinstaller.job
2015-06-07 23:25 - 2013-06-20 06:47 - 00001200 _____ C:\Windows\Tasks\Plus-HD-1.6-codedownloader.job
2015-06-07 23:25 - 2013-06-20 06:47 - 00001196 _____ C:\Windows\Tasks\Plus-HD-1.6-updater.job
2015-06-07 23:25 - 2013-06-20 06:47 - 00001100 _____ C:\Windows\Tasks\Plus-HD-1.6-enabler.job
2015-06-07 23:25 - 2012-05-11 15:12 - 00000000 ____D C:\Users\postgres
2015-06-07 23:25 - 2012-04-09 03:25 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-07 23:25 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-07 23:18 - 2013-06-20 06:47 - 00000000 ____D C:\Users\Marrel\AppData\Roaming\WebCake
2015-06-07 23:18 - 2013-06-20 06:47 - 00000000 ____D C:\Program Files (x86)\WebCake
2015-06-07 20:57 - 2014-09-15 18:08 - 00000000 ____D C:\Users\Marrel\AppData\Roaming\Skype
2015-06-07 20:43 - 2012-05-11 15:24 - 00000000 ____D C:\Users\Marrel\AppData\Roaming\HoldemManager
2015-06-07 20:23 - 2012-03-24 00:07 - 00000000 ____D C:\Users\Marrel\AppData\Local\PokerStars.EU
2015-06-07 20:22 - 2014-03-18 12:20 - 00000000 ____D C:\a
2015-06-07 20:19 - 2013-05-06 18:36 - 00000000 ____D C:\Windows\Minidump
2015-06-07 20:18 - 2014-07-31 20:20 - 468712171 _____ C:\Windows\MEMORY.DMP
2015-06-06 23:33 - 2012-05-11 15:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Holdem Manager 2
2015-06-06 04:30 - 2012-06-03 04:30 - 00000000 ____D C:\Windows\System32\Tasks\NCH Software
2015-06-06 04:30 - 2012-06-03 04:30 - 00000000 ____D C:\ProgramData\NCH Software
2015-06-06 04:30 - 2012-06-03 04:29 - 00000000 ____D C:\Users\Marrel\AppData\Roaming\NCH Software
2015-06-06 04:30 - 2012-06-03 04:29 - 00000000 ____D C:\Program Files (x86)\NCH Software
2015-06-06 00:45 - 2013-07-25 00:45 - 00000058 _____ C:\Windows\ChssBase.ini
2015-06-05 03:49 - 2015-02-19 01:27 - 00004305 _____ C:\blitzerr.txt
2015-05-30 18:19 - 2014-09-15 18:08 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-05-30 18:19 - 2014-09-15 18:08 - 00000000 ____D C:\ProgramData\Skype
2015-05-30 17:07 - 2012-04-30 13:40 - 00000000 ____D C:\Users\Marrel\AppData\Local\Equilab
2015-05-25 20:23 - 2009-07-14 07:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-05-20 20:02 - 2014-10-06 02:04 - 00003854 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1412553844
2015-05-20 20:02 - 2014-10-06 02:04 - 00000000 ____D C:\Program Files (x86)\Opera
2015-05-17 03:58 - 2012-04-09 03:25 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-17 03:58 - 2012-04-09 03:25 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-13 20:20 - 2009-07-14 04:34 - 00000514 _____ C:\Windows\win.ini
==================== Files in the root of some directories =======
2013-07-29 10:21 - 2013-07-29 10:21 - 0051992 _____ (cake bake) C:\Program Files (x86)\WDesktop.Updater.exe
2014-03-21 03:27 - 2014-03-21 03:27 - 0072341 _____ () C:\Users\Marrel\AppData\Roaming\Debut.dmp
2013-12-08 21:30 - 2013-12-08 21:30 - 0001181 _____ () C:\Users\Marrel\AppData\Roaming\trace_FilterInstaller.txt
2013-12-08 21:30 - 2013-12-08 21:30 - 0000000 _____ () C:\Users\Marrel\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt
2006-12-11 20:13 - 2006-12-11 20:13 - 0097336 _____ (Un4seen Developments) C:\Users\Marrel\AppData\Local\bass.dll
2006-12-11 20:13 - 2006-12-11 20:13 - 0013872 _____ (Un4seen Developments) C:\Users\Marrel\AppData\Local\basscd.dll
2007-08-13 18:46 - 2007-08-13 18:46 - 0102912 _____ (Albert L Faber) C:\Users\Marrel\AppData\Local\CDRip.dll
2007-08-13 18:46 - 2007-08-13 18:46 - 0155136 _____ () C:\Users\Marrel\AppData\Local\lame_enc.dll
2007-01-18 22:09 - 2007-01-18 22:09 - 0623616 _____ (Ivan Bischof ©2003 - 2005) C:\Users\Marrel\AppData\Local\No23 Recorder.exe
2005-08-23 23:34 - 2005-08-23 23:34 - 0029184 _____ () C:\Users\Marrel\AppData\Local\no23xwrapper.dll
2006-10-26 02:06 - 2006-10-26 02:06 - 0015872 _____ () C:\Users\Marrel\AppData\Local\ogg.dll
2014-12-01 18:35 - 2014-12-01 18:35 - 0001456 _____ () C:\Users\Marrel\AppData\Local\RecConfig.xml
2012-06-04 09:59 - 2015-01-12 00:30 - 0007593 _____ () C:\Users\Marrel\AppData\Local\Resmon.ResmonCfg
2006-10-26 02:06 - 2006-10-26 02:06 - 0143872 _____ () C:\Users\Marrel\AppData\Local\vorbis.dll
2006-10-26 02:06 - 2006-10-26 02:06 - 0064000 _____ () C:\Users\Marrel\AppData\Local\vorbisenc.dll
2006-10-26 02:06 - 2006-10-26 02:06 - 0019456 _____ () C:\Users\Marrel\AppData\Local\vorbisfile.dll
2013-06-15 00:39 - 2013-06-24 23:54 - 0001181 _____ () C:\ProgramData\hpzinstall.log
Some files in TEMP:
====================
C:\Users\Marrel\AppData\Local\Temp\avgnt.exe
C:\Users\Marrel\AppData\Local\Temp\ffmpeg16.exe
C:\Users\Marrel\AppData\Local\Temp\ffmpeg19.exe
C:\Users\Marrel\AppData\Local\Temp\jre-8u40-windows-au.exe
C:\Users\Marrel\AppData\Local\Temp\prismsetup.exe
C:\Users\Marrel\AppData\Local\Temp\uninst.exe
C:\Users\Marrel\AppData\Local\Temp\yFlW0.dll
C:\Users\Marrel\AppData\Local\Temp\yFlW0.exe
C:\Users\Marrel\AppData\Local\Temp\_LookF.exe
C:\Users\X\AppData\Local\Temp\avgnt.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-05-26 06:21
==================== End of log ============================
Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org
Database version:
main: v2015.06.07.05
rootkit: v2015.06.02.01
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Marrel :: Marrel-PC [administrator]
07/06/2015 21:29:16
mbar-log-2015-06-07 (21-29-16).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 483781
Time elapsed: 1 hour(s), 45 minute(s), 1 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 5
C:\Users\Marrel\AppData\Roaming\WebCake\WebCakeDesktop.exe (Adware.WebCake) -> Delete on reboot. [568b4671474361d59eac9cc4c541f60a]
C:\Program Files (x86)\WebCake\WebCakeDesktop.Updater.exe (Adware.WebCake) -> Delete on reboot. [429fbef9f991300669e1421ed5318f71]
C:\Users\X\AppData\Local\Temp\Low\hkRR.dll (Trojan.FakeMS.ED) -> Delete on reboot. [22bf981f92f8bc7a76e04c764fb2b24e]
C:\Windows\System32\drivers\Msft_Kernel_webinstr_01009.Wdf (PUP.Optional.WebInstr.A) -> Delete on reboot. []
C:\Windows\System32\drivers\webinstr.sys (PUP.Optional.AddLyrics) -> Delete on reboot. [46676950e690ec64f0d776263b28f622]
Physical Sectors Detected: 0
(No malicious items detected)
(end)
Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org
Database version:
main: v2015.06.07.05
rootkit: v2015.06.02.01
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Marrel :: Marrel-PC [administrator]
07/06/2015 23:31:59
mbar-log-2015-06-07 (23-31-59).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 482186
Time elapsed: 1 hour(s), 33 minute(s), 52 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
 für jegliche Hilfe.Gruß Marrel |
| Themen zu Windows 7 Laptop: Probleme mit Maleware Befall, was kann ich tun? |
| .com, adware, antivirus, avira, browser, converter, desktop, device driver, downloader, firefox, flash player, ftp, iexplore.exe, internet, internet explorer, maleware, mp3, officejet, scan, security, sekunden, server, symantec, system, usb, werbung, windows |
Baum-Darstellung