| |
| |||||||
Log-Analyse und Auswertung: Seagate Dashboard Backup Antivir und Malwarebytes haben mehrere Virgen gefunden PUA/Crawler.Gen, PUA/DownloadSponsor.GenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
12.07.2015, 16:53
| #1 |
| |  Seagate Dashboard Backup Antivir und Malwarebytes haben mehrere Virgen gefunden PUA/Crawler.Gen, PUA/DownloadSponsor.Gen Hallo Zusammen, ich habe gerade einige Probleme mit meinem Laptop. Deswegen wollte ich nach langer Zeit wieder ein Backup machen. Ich hatte das letzte Mal ein Backup mit Seagate vor ca. 1-2 Jahren gemacht. Dann nie wieder an mein Laptop angeschlossen. Vor ein paar Tagen habe ich den Drive an mein Laptop angeschlossen und sofort Antivir auf dem Drive laufen lassen. Antivir hatte einige Funde, deswegen habe ich dann noch mal Malwarebytes laufen lassen. Bevor ich die Probleme auf meinem Laptop beheben kann, möchte ich erst die Probleme auf dem Backup Drive beheben. Meinen Laptop werde ich heute oder morgen scannen. Ich würde mich freuen, wenn wer helfen kann. Danke. Free Antivirus Erstellungsdatum der Reportdatei: Donnerstag, 9. Juli 2015 10:02 Das Programm läuft als uneingeschränkte Vollversion. Online-Dienste stehen zur Verfügung. Lizenznehmer : Avira Antivirus Free Seriennummer : 0000149996-AVHOE-0000001 Plattform : Windows Vista (TM) Home Premium Windowsversion : (Service Pack 2) [6.0.6002] Boot Modus : Normal gebootet Benutzername : / Computername : / Versionsinformationen: BUILD.DAT : 15.0.11.579 109728 Bytes 16.06.2015 09:37:00 AVSCAN.EXE : 15.0.11.576 1041656 Bytes 06.07.2015 12:08:59 AVSCANRC.DLL : 15.0.11.478 63792 Bytes 20.06.2015 07:37:43 LUKE.DLL : 15.0.11.550 59696 Bytes 20.06.2015 07:47:26 AVSCPLR.DLL : 15.0.11.550 95024 Bytes 20.06.2015 07:37:47 REPAIR.DLL : 15.0.11.576 463608 Bytes 06.07.2015 12:08:37 REPAIR.RDF : 1.0.8.60 946395 Bytes 06.07.2015 12:10:24 AVREG.DLL : 15.0.11.550 276784 Bytes 20.06.2015 07:36:30 AVLODE.DLL : 15.0.11.572 611632 Bytes 20.06.2015 07:36:05 AVLODE.RDF : 14.0.4.72 79262 Bytes 08.07.2015 19:29:43 XBV00022.VDF : 8.11.165.190 2048 Bytes 07.08.2014 19:38:21 XBV00023.VDF : 8.11.165.190 2048 Bytes 07.08.2014 19:38:21 XBV00024.VDF : 8.11.165.190 2048 Bytes 07.08.2014 19:38:21 XBV00025.VDF : 8.11.165.190 2048 Bytes 07.08.2014 19:38:21 XBV00026.VDF : 8.11.165.190 2048 Bytes 07.08.2014 19:38:21 XBV00027.VDF : 8.11.165.190 2048 Bytes 07.08.2014 19:38:21 XBV00028.VDF : 8.11.165.190 2048 Bytes 07.08.2014 19:38:22 XBV00029.VDF : 8.11.165.190 2048 Bytes 07.08.2014 19:38:22 XBV00030.VDF : 8.11.165.190 2048 Bytes 07.08.2014 19:38:22 XBV00031.VDF : 8.11.165.190 2048 Bytes 07.08.2014 19:38:22 XBV00032.VDF : 8.11.165.190 2048 Bytes 07.08.2014 19:38:22 XBV00033.VDF : 8.11.165.190 2048 Bytes 07.08.2014 19:38:22 XBV00034.VDF : 8.11.165.190 2048 Bytes 07.08.2014 19:38:23 XBV00035.VDF : 8.11.165.190 2048 Bytes 07.08.2014 19:38:23 XBV00036.VDF : 8.11.165.190 2048 Bytes 07.08.2014 19:38:23 XBV00037.VDF : 8.11.165.190 2048 Bytes 07.08.2014 19:38:23 XBV00038.VDF : 8.11.165.190 2048 Bytes 07.08.2014 19:38:23 XBV00039.VDF : 8.11.165.190 2048 Bytes 07.08.2014 19:38:23 XBV00040.VDF : 8.11.165.190 2048 Bytes 07.08.2014 19:38:24 XBV00041.VDF : 8.11.165.190 2048 Bytes 07.08.2014 19:38:24 XBV00165.VDF : 8.11.243.12 2048 Bytes 26.06.2015 07:40:31 XBV00166.VDF : 8.11.243.12 2048 Bytes 26.06.2015 07:40:31 XBV00167.VDF : 8.11.243.12 2048 Bytes 26.06.2015 07:40:31 XBV00168.VDF : 8.11.243.12 2048 Bytes 26.06.2015 07:40:31 XBV00169.VDF : 8.11.243.12 2048 Bytes 26.06.2015 07:40:32 XBV00170.VDF : 8.11.243.12 2048 Bytes 26.06.2015 07:40:32 XBV00171.VDF : 8.11.243.12 2048 Bytes 26.06.2015 07:40:34 XBV00172.VDF : 8.11.243.12 2048 Bytes 26.06.2015 07:40:42 XBV00173.VDF : 8.11.243.12 2048 Bytes 26.06.2015 07:40:45 XBV00174.VDF : 8.11.243.12 2048 Bytes 26.06.2015 07:40:46 XBV00175.VDF : 8.11.243.12 2048 Bytes 26.06.2015 07:40:48 XBV00176.VDF : 8.11.243.12 2048 Bytes 26.06.2015 07:40:50 XBV00177.VDF : 8.11.243.12 2048 Bytes 26.06.2015 07:40:53 XBV00178.VDF : 8.11.243.12 2048 Bytes 26.06.2015 07:40:54 XBV00179.VDF : 8.11.243.12 2048 Bytes 26.06.2015 07:40:55 XBV00180.VDF : 8.11.243.12 2048 Bytes 26.06.2015 07:40:56 XBV00181.VDF : 8.11.243.12 2048 Bytes 26.06.2015 07:40:56 XBV00182.VDF : 8.11.243.12 2048 Bytes 26.06.2015 07:40:56 XBV00183.VDF : 8.11.243.12 2048 Bytes 26.06.2015 07:40:57 XBV00184.VDF : 8.11.243.12 2048 Bytes 26.06.2015 07:40:58 XBV00185.VDF : 8.11.243.12 2048 Bytes 26.06.2015 07:40:58 XBV00186.VDF : 8.11.243.12 2048 Bytes 26.06.2015 07:40:58 XBV00187.VDF : 8.11.243.12 2048 Bytes 26.06.2015 07:40:59 XBV00188.VDF : 8.11.243.12 2048 Bytes 26.06.2015 07:40:59 XBV00189.VDF : 8.11.243.12 2048 Bytes 26.06.2015 07:41:00 XBV00190.VDF : 8.11.243.12 2048 Bytes 26.06.2015 07:41:01 XBV00191.VDF : 8.11.243.12 2048 Bytes 26.06.2015 07:41:02 XBV00192.VDF : 8.11.243.12 2048 Bytes 26.06.2015 07:41:02 XBV00193.VDF : 8.11.243.12 2048 Bytes 26.06.2015 07:41:02 XBV00194.VDF : 8.11.243.12 2048 Bytes 26.06.2015 07:41:03 XBV00195.VDF : 8.11.243.12 2048 Bytes 26.06.2015 07:41:04 XBV00196.VDF : 8.11.243.12 2048 Bytes 26.06.2015 07:41:07 XBV00197.VDF : 8.11.243.12 2048 Bytes 26.06.2015 07:41:13 XBV00198.VDF : 8.11.243.12 2048 Bytes 26.06.2015 07:41:26 XBV00199.VDF : 8.11.243.12 2048 Bytes 26.06.2015 07:41:27 XBV00200.VDF : 8.11.243.12 2048 Bytes 26.06.2015 07:41:27 XBV00201.VDF : 8.11.243.12 2048 Bytes 26.06.2015 07:41:27 XBV00202.VDF : 8.11.243.12 2048 Bytes 26.06.2015 07:41:27 XBV00203.VDF : 8.11.243.12 2048 Bytes 26.06.2015 07:41:28 XBV00204.VDF : 8.11.243.12 2048 Bytes 26.06.2015 07:41:28 XBV00205.VDF : 8.11.243.12 2048 Bytes 26.06.2015 07:41:28 XBV00206.VDF : 8.11.243.12 2048 Bytes 26.06.2015 07:41:28 XBV00207.VDF : 8.11.243.12 2048 Bytes 26.06.2015 07:41:28 XBV00208.VDF : 8.11.243.12 2048 Bytes 26.06.2015 07:41:30 XBV00209.VDF : 8.11.243.12 2048 Bytes 26.06.2015 07:41:30 XBV00210.VDF : 8.11.243.12 2048 Bytes 26.06.2015 07:41:31 XBV00211.VDF : 8.11.243.12 2048 Bytes 26.06.2015 07:41:31 XBV00212.VDF : 8.11.243.12 2048 Bytes 26.06.2015 07:41:31 XBV00213.VDF : 8.11.243.12 2048 Bytes 26.06.2015 07:41:32 XBV00214.VDF : 8.11.243.12 2048 Bytes 26.06.2015 07:41:32 XBV00215.VDF : 8.11.243.12 2048 Bytes 26.06.2015 07:41:33 XBV00216.VDF : 8.11.243.12 2048 Bytes 26.06.2015 07:41:33 XBV00217.VDF : 8.11.243.12 2048 Bytes 26.06.2015 07:41:34 XBV00218.VDF : 8.11.243.12 2048 Bytes 26.06.2015 07:41:34 XBV00219.VDF : 8.11.243.12 2048 Bytes 26.06.2015 07:41:35 XBV00220.VDF : 8.11.243.12 2048 Bytes 26.06.2015 07:41:35 XBV00221.VDF : 8.11.243.12 2048 Bytes 26.06.2015 07:41:36 XBV00222.VDF : 8.11.243.12 2048 Bytes 26.06.2015 07:41:36 XBV00223.VDF : 8.11.243.12 2048 Bytes 26.06.2015 07:41:38 XBV00224.VDF : 8.11.243.12 2048 Bytes 26.06.2015 07:41:38 XBV00225.VDF : 8.11.243.12 2048 Bytes 26.06.2015 07:41:39 XBV00226.VDF : 8.11.243.12 2048 Bytes 26.06.2015 07:41:40 XBV00227.VDF : 8.11.243.12 2048 Bytes 26.06.2015 07:41:41 XBV00228.VDF : 8.11.243.12 2048 Bytes 26.06.2015 07:41:43 XBV00229.VDF : 8.11.243.12 2048 Bytes 26.06.2015 07:41:44 XBV00230.VDF : 8.11.243.12 2048 Bytes 26.06.2015 07:41:44 XBV00231.VDF : 8.11.243.12 2048 Bytes 26.06.2015 07:41:51 XBV00232.VDF : 8.11.243.12 2048 Bytes 26.06.2015 07:41:54 XBV00233.VDF : 8.11.243.12 2048 Bytes 26.06.2015 07:41:55 XBV00234.VDF : 8.11.243.12 2048 Bytes 26.06.2015 07:41:57 XBV00235.VDF : 8.11.243.12 2048 Bytes 26.06.2015 07:41:59 XBV00236.VDF : 8.11.243.12 2048 Bytes 26.06.2015 07:41:59 XBV00237.VDF : 8.11.243.12 2048 Bytes 26.06.2015 07:42:00 XBV00238.VDF : 8.11.243.12 2048 Bytes 26.06.2015 07:42:00 XBV00239.VDF : 8.11.243.12 2048 Bytes 26.06.2015 07:42:10 XBV00240.VDF : 8.11.243.12 2048 Bytes 26.06.2015 07:42:13 XBV00241.VDF : 8.11.243.12 2048 Bytes 26.06.2015 07:42:20 XBV00242.VDF : 8.11.243.12 2048 Bytes 26.06.2015 07:42:22 XBV00243.VDF : 8.11.243.12 2048 Bytes 26.06.2015 07:42:25 XBV00244.VDF : 8.11.243.12 2048 Bytes 26.06.2015 07:42:26 XBV00245.VDF : 8.11.243.12 2048 Bytes 26.06.2015 07:42:27 XBV00246.VDF : 8.11.243.12 2048 Bytes 26.06.2015 07:42:28 XBV00247.VDF : 8.11.243.12 2048 Bytes 26.06.2015 07:42:30 XBV00248.VDF : 8.11.243.12 2048 Bytes 26.06.2015 07:42:34 XBV00249.VDF : 8.11.243.12 2048 Bytes 26.06.2015 07:42:36 XBV00250.VDF : 8.11.243.12 2048 Bytes 26.06.2015 07:42:45 XBV00251.VDF : 8.11.243.12 2048 Bytes 26.06.2015 07:42:48 XBV00252.VDF : 8.11.243.12 2048 Bytes 26.06.2015 07:42:52 XBV00253.VDF : 8.11.243.12 2048 Bytes 26.06.2015 07:42:55 XBV00254.VDF : 8.11.243.12 2048 Bytes 26.06.2015 07:42:58 XBV00255.VDF : 8.11.243.12 2048 Bytes 26.06.2015 07:43:00 XBV00000.VDF : 7.11.70.0 66736640 Bytes 04.04.2013 17:14:08 XBV00001.VDF : 7.11.74.226 2201600 Bytes 30.04.2013 17:14:08 XBV00002.VDF : 7.11.80.60 2751488 Bytes 28.05.2013 17:14:08 XBV00003.VDF : 7.11.85.214 2162688 Bytes 21.06.2013 17:14:08 XBV00004.VDF : 7.11.91.176 3903488 Bytes 23.07.2013 17:14:08 XBV00005.VDF : 7.11.98.186 6822912 Bytes 29.08.2013 17:14:08 XBV00006.VDF : 7.11.139.38 15708672 Bytes 27.03.2014 18:57:47 XBV00007.VDF : 7.11.152.100 4193792 Bytes 02.06.2014 20:19:59 XBV00008.VDF : 8.11.165.192 4251136 Bytes 07.08.2014 19:38:18 XBV00009.VDF : 8.11.172.30 2094080 Bytes 15.09.2014 20:04:06 XBV00010.VDF : 8.11.178.32 1581056 Bytes 14.10.2014 20:02:03 XBV00011.VDF : 8.11.184.50 2178560 Bytes 11.11.2014 20:53:12 XBV00012.VDF : 8.11.190.32 1876992 Bytes 03.12.2014 20:27:55 XBV00013.VDF : 8.11.201.28 2973696 Bytes 14.01.2015 21:46:26 XBV00014.VDF : 8.11.206.252 2695680 Bytes 04.02.2015 21:24:00 XBV00015.VDF : 8.11.213.84 3175936 Bytes 03.03.2015 20:47:18 XBV00016.VDF : 8.11.213.176 212480 Bytes 05.03.2015 20:47:22 XBV00017.VDF : 8.11.219.166 2033664 Bytes 25.03.2015 20:27:53 XBV00018.VDF : 8.11.225.88 2367488 Bytes 22.04.2015 09:13:12 XBV00019.VDF : 8.11.230.186 1674752 Bytes 13.05.2015 08:45:19 XBV00020.VDF : 8.11.237.30 4711936 Bytes 02.06.2015 19:20:03 XBV00021.VDF : 8.11.243.12 2747904 Bytes 26.06.2015 07:36:55 XBV00042.VDF : 8.11.243.20 3584 Bytes 26.06.2015 07:36:56 XBV00043.VDF : 8.11.243.28 2048 Bytes 26.06.2015 07:36:58 XBV00044.VDF : 8.11.243.36 2048 Bytes 26.06.2015 07:37:00 XBV00045.VDF : 8.11.243.46 38912 Bytes 26.06.2015 07:37:03 XBV00046.VDF : 8.11.243.48 3584 Bytes 26.06.2015 07:37:05 XBV00047.VDF : 8.11.243.52 27136 Bytes 27.06.2015 09:32:54 XBV00048.VDF : 8.11.243.54 36864 Bytes 27.06.2015 15:33:11 XBV00049.VDF : 8.11.243.56 8704 Bytes 27.06.2015 15:33:12 XBV00050.VDF : 8.11.243.60 83968 Bytes 28.06.2015 11:08:10 XBV00051.VDF : 8.11.243.62 2048 Bytes 28.06.2015 11:08:14 XBV00052.VDF : 8.11.243.70 6656 Bytes 28.06.2015 13:06:28 XBV00053.VDF : 8.11.243.78 8192 Bytes 28.06.2015 13:06:28 XBV00054.VDF : 8.11.243.86 3584 Bytes 28.06.2015 15:06:19 XBV00055.VDF : 8.11.243.94 68608 Bytes 29.06.2015 20:04:25 XBV00056.VDF : 8.11.243.96 4608 Bytes 29.06.2015 20:04:25 XBV00057.VDF : 8.11.243.98 5120 Bytes 29.06.2015 20:04:26 XBV00058.VDF : 8.11.243.100 5632 Bytes 29.06.2015 20:04:26 XBV00059.VDF : 8.11.243.102 5120 Bytes 29.06.2015 20:04:26 XBV00060.VDF : 8.11.243.122 46080 Bytes 29.06.2015 20:04:27 XBV00061.VDF : 8.11.243.124 2048 Bytes 29.06.2015 20:04:27 XBV00062.VDF : 8.11.243.126 26624 Bytes 29.06.2015 20:04:28 XBV00063.VDF : 8.11.243.128 2048 Bytes 29.06.2015 20:04:28 XBV00064.VDF : 8.11.243.134 18944 Bytes 29.06.2015 20:04:29 XBV00065.VDF : 8.11.243.138 33280 Bytes 30.06.2015 20:04:30 XBV00066.VDF : 8.11.243.146 30208 Bytes 30.06.2015 20:04:30 XBV00067.VDF : 8.11.243.152 14336 Bytes 30.06.2015 20:04:31 XBV00068.VDF : 8.11.243.158 3584 Bytes 30.06.2015 20:04:31 XBV00069.VDF : 8.11.243.170 33792 Bytes 30.06.2015 20:04:32 XBV00070.VDF : 8.11.243.176 2560 Bytes 30.06.2015 20:04:32 XBV00071.VDF : 8.11.243.184 29184 Bytes 30.06.2015 20:04:33 XBV00072.VDF : 8.11.243.186 15360 Bytes 30.06.2015 10:08:28 XBV00073.VDF : 8.11.243.188 10752 Bytes 30.06.2015 10:08:29 XBV00074.VDF : 8.11.243.192 85504 Bytes 01.07.2015 10:08:31 XBV00075.VDF : 8.11.243.194 2048 Bytes 01.07.2015 10:08:31 XBV00076.VDF : 8.11.243.196 2048 Bytes 01.07.2015 10:08:32 XBV00077.VDF : 8.11.243.198 2048 Bytes 01.07.2015 10:08:32 XBV00078.VDF : 8.11.243.200 12288 Bytes 01.07.2015 10:08:32 XBV00079.VDF : 8.11.243.234 47104 Bytes 01.07.2015 10:08:33 XBV00080.VDF : 8.11.244.42 33792 Bytes 01.07.2015 10:08:34 XBV00081.VDF : 8.11.244.74 42496 Bytes 01.07.2015 10:08:35 XBV00082.VDF : 8.11.244.106 23040 Bytes 01.07.2015 10:08:36 XBV00083.VDF : 8.11.244.142 17408 Bytes 01.07.2015 10:08:36 XBV00084.VDF : 8.11.244.148 59904 Bytes 02.07.2015 10:08:38 XBV00085.VDF : 8.11.244.152 2048 Bytes 02.07.2015 10:08:38 XBV00086.VDF : 8.11.244.154 8192 Bytes 02.07.2015 10:08:38 XBV00087.VDF : 8.11.244.156 5120 Bytes 02.07.2015 10:08:39 XBV00088.VDF : 8.11.244.158 3584 Bytes 02.07.2015 10:08:39 XBV00089.VDF : 8.11.244.160 3584 Bytes 02.07.2015 10:08:39 XBV00090.VDF : 8.11.244.164 34816 Bytes 02.07.2015 10:08:41 XBV00091.VDF : 8.11.244.166 2048 Bytes 02.07.2015 10:08:41 XBV00092.VDF : 8.11.244.170 32256 Bytes 02.07.2015 10:08:42 XBV00093.VDF : 8.11.244.172 4608 Bytes 02.07.2015 10:08:43 XBV00094.VDF : 8.11.244.174 7168 Bytes 02.07.2015 10:08:43 XBV00095.VDF : 8.11.244.198 9216 Bytes 03.07.2015 10:08:44 XBV00096.VDF : 8.11.244.218 29184 Bytes 03.07.2015 10:08:45 XBV00097.VDF : 8.11.244.220 2048 Bytes 03.07.2015 10:08:45 XBV00098.VDF : 8.11.244.240 7168 Bytes 03.07.2015 10:08:46 XBV00099.VDF : 8.11.244.242 4096 Bytes 03.07.2015 10:08:46 XBV00100.VDF : 8.11.245.8 35840 Bytes 03.07.2015 10:08:48 XBV00101.VDF : 8.11.245.10 10752 Bytes 03.07.2015 10:08:48 XBV00102.VDF : 8.11.245.12 6144 Bytes 03.07.2015 10:08:49 XBV00103.VDF : 8.11.245.14 4608 Bytes 03.07.2015 10:08:49 XBV00104.VDF : 8.11.245.16 2048 Bytes 03.07.2015 10:08:49 XBV00105.VDF : 8.11.245.18 2048 Bytes 03.07.2015 10:08:49 XBV00106.VDF : 8.11.245.20 3072 Bytes 03.07.2015 10:08:49 XBV00107.VDF : 8.11.245.22 2048 Bytes 03.07.2015 10:08:50 XBV00108.VDF : 8.11.245.24 2048 Bytes 03.07.2015 10:08:50 XBV00109.VDF : 8.11.245.34 3072 Bytes 04.07.2015 10:08:50 XBV00110.VDF : 8.11.245.36 2048 Bytes 04.07.2015 10:08:50 XBV00111.VDF : 8.11.245.40 82944 Bytes 04.07.2015 13:58:33 XBV00112.VDF : 8.11.245.42 12288 Bytes 04.07.2015 13:58:34 XBV00113.VDF : 8.11.245.44 73216 Bytes 05.07.2015 12:26:19 XBV00114.VDF : 8.11.245.64 5120 Bytes 05.07.2015 12:26:20 XBV00115.VDF : 8.11.245.84 7680 Bytes 05.07.2015 12:26:21 XBV00116.VDF : 8.11.245.104 10752 Bytes 05.07.2015 12:26:23 XBV00117.VDF : 8.11.245.124 3072 Bytes 05.07.2015 12:26:24 XBV00118.VDF : 8.11.245.126 4096 Bytes 05.07.2015 12:09:12 XBV00119.VDF : 8.11.245.128 8192 Bytes 05.07.2015 12:09:14 XBV00120.VDF : 8.11.245.130 5120 Bytes 05.07.2015 12:09:16 XBV00121.VDF : 8.11.245.132 41472 Bytes 06.07.2015 12:09:19 XBV00122.VDF : 8.11.245.134 22528 Bytes 06.07.2015 12:09:22 XBV00123.VDF : 8.11.245.136 6144 Bytes 06.07.2015 12:09:25 XBV00124.VDF : 8.11.245.138 7680 Bytes 06.07.2015 12:09:26 XBV00125.VDF : 8.11.245.140 6656 Bytes 06.07.2015 12:09:27 XBV00126.VDF : 8.11.245.142 11776 Bytes 06.07.2015 12:09:29 XBV00127.VDF : 8.11.245.146 24064 Bytes 06.07.2015 19:11:02 XBV00128.VDF : 8.11.245.148 8704 Bytes 06.07.2015 19:11:04 XBV00129.VDF : 8.11.245.150 2048 Bytes 06.07.2015 19:11:04 XBV00130.VDF : 8.11.245.152 2048 Bytes 06.07.2015 19:11:05 XBV00131.VDF : 8.11.245.154 25600 Bytes 06.07.2015 19:11:06 XBV00132.VDF : 8.11.245.158 19968 Bytes 06.07.2015 15:10:34 XBV00133.VDF : 8.11.245.178 7680 Bytes 06.07.2015 15:10:36 XBV00134.VDF : 8.11.245.196 2048 Bytes 06.07.2015 15:10:38 XBV00135.VDF : 8.11.245.214 3584 Bytes 06.07.2015 15:10:40 XBV00136.VDF : 8.11.245.234 8192 Bytes 07.07.2015 15:10:42 XBV00137.VDF : 8.11.245.252 2560 Bytes 07.07.2015 15:10:43 XBV00138.VDF : 8.11.245.254 2560 Bytes 07.07.2015 15:10:44 XBV00139.VDF : 8.11.246.0 2048 Bytes 07.07.2015 15:10:45 XBV00140.VDF : 8.11.246.2 11264 Bytes 07.07.2015 15:10:46 XBV00141.VDF : 8.11.246.4 2048 Bytes 07.07.2015 15:10:46 XBV00142.VDF : 8.11.246.8 34816 Bytes 07.07.2015 15:10:48 XBV00143.VDF : 8.11.246.10 2048 Bytes 07.07.2015 15:10:48 XBV00144.VDF : 8.11.246.12 20480 Bytes 07.07.2015 19:33:41 XBV00145.VDF : 8.11.246.14 4608 Bytes 07.07.2015 19:33:42 XBV00146.VDF : 8.11.246.18 38912 Bytes 07.07.2015 21:34:57 XBV00147.VDF : 8.11.246.20 18944 Bytes 07.07.2015 21:34:58 XBV00148.VDF : 8.11.246.22 18432 Bytes 07.07.2015 09:20:32 XBV00149.VDF : 8.11.246.24 5632 Bytes 07.07.2015 09:20:32 XBV00150.VDF : 8.11.246.28 26112 Bytes 08.07.2015 09:20:33 XBV00151.VDF : 8.11.246.30 3584 Bytes 08.07.2015 09:20:33 XBV00152.VDF : 8.11.246.32 8704 Bytes 08.07.2015 09:20:33 XBV00153.VDF : 8.11.246.34 11264 Bytes 08.07.2015 11:21:13 XBV00154.VDF : 8.11.246.52 2048 Bytes 08.07.2015 11:21:15 XBV00155.VDF : 8.11.246.70 18432 Bytes 08.07.2015 11:21:20 XBV00156.VDF : 8.11.246.108 53760 Bytes 08.07.2015 19:29:44 XBV00157.VDF : 8.11.246.126 4608 Bytes 08.07.2015 19:29:45 XBV00158.VDF : 8.11.246.128 2048 Bytes 08.07.2015 21:30:12 XBV00159.VDF : 8.11.246.130 3072 Bytes 08.07.2015 21:30:14 XBV00160.VDF : 8.11.246.132 2048 Bytes 08.07.2015 21:30:17 XBV00161.VDF : 8.11.246.134 2048 Bytes 08.07.2015 07:36:26 XBV00162.VDF : 8.11.246.136 2048 Bytes 08.07.2015 07:36:26 XBV00163.VDF : 8.11.246.140 7680 Bytes 09.07.2015 07:36:26 XBV00164.VDF : 8.11.246.144 33792 Bytes 09.07.2015 07:36:27 LOCAL000.VDF : 8.11.246.144 130633728 Bytes 09.07.2015 07:39:57 Engineversion : 8.3.32.14 AEBB.DLL : 8.1.2.0 60448 Bytes 08.08.2014 19:35:27 AECORE.DLL : 8.3.7.2 249920 Bytes 20.06.2015 07:30:37 AEDROID.DLL : 8.4.3.280 1480616 Bytes 30.06.2015 20:04:24 AEEMU.DLL : 8.1.3.4 399264 Bytes 08.08.2014 19:35:33 AEEXP.DLL : 8.4.2.88 266296 Bytes 12.05.2015 21:19:54 AEGEN.DLL : 8.1.7.42 457576 Bytes 27.06.2015 07:34:54 AEHELP.DLL : 8.3.2.2 281456 Bytes 30.06.2015 20:02:36 AEHEUR.DLL : 8.1.4.1770 8493936 Bytes 04.07.2015 10:08:20 AEMOBILE.DLL : 8.1.7.4 280488 Bytes 10.06.2015 19:12:03 AEOFFICE.DLL : 8.3.1.42 399272 Bytes 30.06.2015 20:03:56 AEPACK.DLL : 8.4.0.82 792488 Bytes 30.06.2015 20:04:05 AERDL.DLL : 8.2.1.20 731040 Bytes 11.02.2015 20:33:50 AESBX.DLL : 8.2.21.0 1622072 Bytes 02.06.2015 19:17:48 AESCN.DLL : 8.3.2.10 142456 Bytes 12.05.2015 21:19:46 AESCRIPT.DLL : 8.2.2.78 531584 Bytes 04.07.2015 10:08:27 AEVDF.DLL : 8.3.1.6 133992 Bytes 20.08.2014 20:23:52 AVWINLL.DLL : 15.0.11.478 25904 Bytes 20.06.2015 07:30:24 AVPREF.DLL : 15.0.11.478 54216 Bytes 20.06.2015 07:36:24 AVREP.DLL : 15.0.11.478 220464 Bytes 20.06.2015 07:36:37 AVARKT.DLL : 15.0.11.478 228088 Bytes 20.06.2015 07:33:50 AVEVTLOG.DLL : 15.0.11.550 195320 Bytes 20.06.2015 07:34:36 SQLITE3.DLL : 15.0.11.478 455472 Bytes 20.06.2015 07:48:02 AVSMTP.DLL : 15.0.11.478 79096 Bytes 20.06.2015 07:37:53 NETNT.DLL : 15.0.11.478 16384 Bytes 20.06.2015 07:47:28 CommonImageRc.dll: 15.0.11.478 4279600 Bytes 20.06.2015 07:30:25 CommonTextRc.dll: 15.0.11.478 69936 Bytes 20.06.2015 07:30:25 Konfiguration für den aktuellen Suchlauf: Job Name..............................: ShlExt Konfigurationsdatei...................: C:\Users\Name~1\AppData\Local\Temp\0cb16953.avp Protokollierung.......................: standard Primäre Aktion........................: Interaktiv Sekundäre Aktion......................: Ignorieren Durchsuche Masterbootsektoren.........: ein Durchsuche Bootsektoren...............: ein Bootsektoren..........................: G:, Durchsuche aktive Programme...........: aus Durchsuche Registrierung..............: aus Suche nach Rootkits...................: aus Integritätsprüfung von Systemdateien..: aus Prüfe alle Dateien....................: Alle Dateien Durchsuche Archive....................: ein Rekursionstiefe einschränken..........: aus Archiv Smart Extensions...............: ein Abweichende Archivtypen...............: +, +, +, +, +, +, +, +, Makrovirenheuristik...................: ein Dateiheuristik........................: Vollständig Abweichende Gefahrenkategorien........: +APPL,+GAME,+JOKE,+PCK,+SPR, Beginn des Suchlaufs: Donnerstag, 9. Juli 2015 10:02 Der Suchlauf über die ausgewählten Dateien wird begonnen: Beginne mit der Suche in 'G:\' <Seagate Backup Plus Drive> G:\Seagate Dashboard 2.0\__PC\Name\Backup\82aac917-19b3-4d02-971e-43c35a219eba\20120929_001931_Name1\C\Users\Name\Downloads\ICQ_7.4_Build__4629_Banner_Remover_1.0_Setup.exe [FUND] Enthält Muster der Software PUA/DownloadSponsor.Gen G:\Seagate Dashboard 2.0\__PC\Name\Backup\82aac917-19b3-4d02-971e-43c35a219eba\20120929_001931_Name1\C\Users\Name\Downloads\PCRxSetup.exe [FUND] Enthält Muster der Software PUA/Crawler.Gen G:\Seagate Dashboard 2.0\__PC\Name\Backup\82aac917-19b3-4d02-971e-43c35a219eba\20120929_001931_Name1\C\Users\Name\Downloads\SpywareTerminatorSetup269.exe [FUND] Enthält Muster der Software PUA/Crawler.Gen [0] Archivtyp: Runtime Packed --> G:\Seagate Dashboard 2.0\__PC\Name\Backup\82aac917-19b3-4d02-971e-43c35a219eba\20120929_001931_Name1\C\Users\Name\Downloads\jre-7-windows-i586-iftw.exe [1] Archivtyp: Runtime Packed --> G:\Seagate Dashboard 2.0\__PC\Name\Backup\82aac917-19b3-4d02-971e-43c35a219eba\20120929_001931_Name1\C\Users\Name\Downloads\jre-7u2-windows-i586-iftw(1).exe [2] Archivtyp: Runtime Packed --> G:\Seagate Dashboard 2.0\__PC\Name\Backup\82aac917-19b3-4d02-971e-43c35a219eba\20120929_001931_Name1\C\Users\Name\Downloads\jre-7u2-windows-i586-iftw.exe [3] Archivtyp: Runtime Packed --> G:\Seagate Dashboard 2.0\__PC\Name\Backup\82aac917-19b3-4d02-971e-43c35a219eba\20120929_001931_Name1\C\Users\Name\Downloads\jxpiinstall(1).exe [4] Archivtyp: Runtime Packed --> G:\Seagate Dashboard 2.0\__PC\Name\Backup\82aac917-19b3-4d02-971e-43c35a219eba\20120929_001931_Name1\C\Users\Name\Downloads\jxpiinstall(2).exe [5] Archivtyp: Runtime Packed --> G:\Seagate Dashboard 2.0\__PC\Name\Backup\82aac917-19b3-4d02-971e-43c35a219eba\20120929_001931_Name1\C\Users\Name\Downloads\jxpiinstall.exe [6] Archivtyp: Runtime Packed --> G:\Seagate Dashboard 2.0\__PC\Name\Backup\82aac917-19b3-4d02-971e-43c35a219eba\20120929_001931_Name1\D\__PC\Backup Set 2010-06-25 225119\Backup Files 2010-06-25 225119\Backup files 121.zip [7] Archivtyp: ZIP --> C/Users/Name/AppData/Local/Microsoft/Outlook/Outlook.pst [WARNUNG] Die Datei konnte nicht gelesen werden! --> G:\Seagate Dashboard 2.0\__PC\Name\Backup\82aac917-19b3-4d02-971e-43c35a219eba\20121029_235411_Name1Inc29\D\__PC\Backup Set 2010-06-25 225119\Backup Files 2010-06-27 190006\Backup files 2.zip [7] Archivtyp: ZIP --> C/Users/Name/AppData/Local/Microsoft/Outlook/Outlook.pst [WARNUNG] Die Datei konnte nicht gelesen werden! --> G:\Seagate Dashboard 2.0\__PC\Name\Backup\82aac917-19b3-4d02-971e-43c35a219eba\20121029_235411_Name1Inc29\D\__PC\Backup Set 2010-06-25 225119\Backup Files 2010-07-04 190201\Backup files 3.zip [7] Archivtyp: ZIP --> C/Users/Name/AppData/Local/Microsoft/Outlook/Outlook.pst [WARNUNG] Die Datei konnte nicht gelesen werden! G:\Seagate Dashboard 2.0\__PC\Name\Backup\f85e7464-00c9-433b-a842-de0a619fa64e\20121021_020236_Name\C\Users\Name\Downloads\ICQ_7.4_Build__4629_Banner_Remover_1.0_Setup.exe [FUND] Enthält Muster der Software PUA/DownloadSponsor.Gen G:\Seagate Dashboard 2.0\__PC\Name\Backup\f85e7464-00c9-433b-a842-de0a619fa64e\20121021_020236_Name\C\Users\Name\Downloads\PCRxSetup.exe [FUND] Enthält Muster der Software PUA/Crawler.Gen G:\Seagate Dashboard 2.0\__PC\Name\Backup\f85e7464-00c9-433b-a842-de0a619fa64e\20121021_020236_Name\C\Users\Name\Downloads\SpywareTerminatorSetup269.exe [FUND] Enthält Muster der Software PUA/Crawler.Gen --> G:\Seagate Dashboard 2.0\__PC\Name\Backup\f85e7464-00c9-433b-a842-de0a619fa64e\20121021_020236_Name\C\Users\Name\Downloads\jre-6u23-windows-i586-iftw-rv.exe [7] Archivtyp: Runtime Packed --> G:\Seagate Dashboard 2.0\__PC\Name\Backup\f85e7464-00c9-433b-a842-de0a619fa64e\20121021_020236_Name\C\Users\Name\Downloads\jre-7-windows-i586-iftw.exe [8] Archivtyp: Runtime Packed --> G:\Seagate Dashboard 2.0\__PC\Name\Backup\f85e7464-00c9-433b-a842-de0a619fa64e\20121021_020236_Name\C\Users\Name\Downloads\jre-7u2-windows-i586-iftw(1).exe [9] Archivtyp: Runtime Packed --> G:\Seagate Dashboard 2.0\__PC\Name\Backup\f85e7464-00c9-433b-a842-de0a619fa64e\20121021_020236_Name\C\Users\Name\Downloads\jre-7u2-windows-i586-iftw.exe [10] Archivtyp: Runtime Packed --> G:\Seagate Dashboard 2.0\__PC\Name\Backup\f85e7464-00c9-433b-a842-de0a619fa64e\20121021_020236_Name\C\Users\Name\Downloads\jxpiinstall(1).exe [11] Archivtyp: Runtime Packed --> G:\Seagate Dashboard 2.0\__PC\Name\Backup\f85e7464-00c9-433b-a842-de0a619fa64e\20121021_020236_Name\C\Users\Name\Downloads\jxpiinstall(2).exe [12] Archivtyp: Runtime Packed --> G:\Seagate Dashboard 2.0\__PC\Name\Backup\f85e7464-00c9-433b-a842-de0a619fa64e\20121021_020236_Name\C\Users\Name\Downloads\jxpiinstall.exe [13] Archivtyp: Runtime Packed --> G:\Seagate Dashboard 2.0\__PC\Name\Backup\f85e7464-00c9-433b-a842-de0a619fa64e\20121021_020236_Name\D\__PC\Backup Set 2010-06-25 225119\Backup Files 2010-06-25 225119\Backup files 121.zip [14] Archivtyp: ZIP --> C/Users/Name/AppData/Local/Microsoft/Outlook/Outlook.pst [WARNUNG] Die Datei konnte nicht gelesen werden! --> G:\Seagate Dashboard 2.0\__PC\Name\Backup\f85e7464-00c9-433b-a842-de0a619fa64e\20121029_235410_NameInc21\D\__PC\Backup Set 2010-06-25 225119\Backup Files 2010-06-27 190006\Backup files 2.zip [14] Archivtyp: ZIP --> C/Users/Name/AppData/Local/Microsoft/Outlook/Outlook.pst [WARNUNG] Die Datei konnte nicht gelesen werden! --> G:\Seagate Dashboard 2.0\__PC\Name\Backup\f85e7464-00c9-433b-a842-de0a619fa64e\20121029_235410_NameInc21\D\__PC\Backup Set 2010-06-25 225119\Backup Files 2010-07-04 190201\Backup files 3.zip [14] Archivtyp: ZIP --> C/Users/Name/AppData/Local/Microsoft/Outlook/Outlook.pst [WARNUNG] Die Datei konnte nicht gelesen werden! Beginne mit der Desinfektion: G:\Seagate Dashboard 2.0\__PC\Name\Backup\f85e7464-00c9-433b-a842-de0a619fa64e\20121021_020236_Name\C\Users\Name\Downloads\SpywareTerminatorSetup269.exe [FUND] Enthält Muster der Software PUA/Crawler.Gen [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '3bcc6a26.qua' verschoben! G:\Seagate Dashboard 2.0\__PC\Name\Backup\f85e7464-00c9-433b-a842-de0a619fa64e\20121021_020236_Name\C\Users\Name\Downloads\PCRxSetup.exe [FUND] Enthält Muster der Software PUA/Crawler.Gen [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '473058a0.qua' verschoben! G:\Seagate Dashboard 2.0\__PC\Name\Backup\f85e7464-00c9-433b-a842-de0a619fa64e\20121021_020236_Name\C\Users\Name\Downloads\ICQ_7.4_Build__4629_Banner_Remover_1.0_Setup.exe [FUND] Enthält Muster der Software PUA/DownloadSponsor.Gen [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '0b9774f9.qua' verschoben! G:\Seagate Dashboard 2.0\__PC\Name\Backup\82aac917-19b3-4d02-971e-43c35a219eba\20120929_001931_Name1\C\Users\Name\Downloads\SpywareTerminatorSetup269.exe [FUND] Enthält Muster der Software PUA/Crawler.Gen [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '7477346c.qua' verschoben! G:\Seagate Dashboard 2.0\__PC\Name\Backup\82aac917-19b3-4d02-971e-43c35a219eba\20120929_001931_Name1\C\Users\Name\Downloads\PCRxSetup.exe [FUND] Enthält Muster der Software PUA/Crawler.Gen [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5aca1b2a.qua' verschoben! G:\Seagate Dashboard 2.0\__PC\Name\Backup\82aac917-19b3-4d02-971e-43c35a219eba\20120929_001931_Name1\C\Users\Name\Downloads\ICQ_7.4_Build__4629_Banner_Remover_1.0_Setup.exe [FUND] Enthält Muster der Software PUA/DownloadSponsor.Gen [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '43bd20bf.qua' verschoben! Ende des Suchlaufs: Donnerstag, 9. Juli 2015 22:54 Benötigte Zeit: 8:13:04 Stunde(n) Der Suchlauf wurde vollständig durchgeführt. 4665 Verzeichnisse wurden überprüft 2042431 Dateien wurden geprüft 6 Viren bzw. unerwünschte Programme wurden gefunden 0 Dateien wurden als verdächtig eingestuft 0 Dateien wurden gelöscht 0 Viren bzw. unerwünschte Programme wurden repariert 6 Dateien wurden in die Quarantäne verschoben 0 Dateien wurden umbenannt 0 Dateien konnten nicht durchsucht werden 2042425 Dateien ohne Befall 34903 Archive wurden durchsucht 0 Warnungen 6 Hinweise Malwarebytes Anti-Malware www.malwarebytes.org Update, 12.07.2015 12:22:41, SYSTEM, __PC, Manual, Rootkit Database, 2015.7.9.1, 2015.7.10.1, Update, 12.07.2015 12:30:00, SYSTEM, __PC, Manual, Malware Database, 2015.7.9.6, 2015.7.12.1, Scan, 12.07.2015 16:12:00, SYSTEM, __PC, Context, Start: 12.07.2015 12:38:54, Dauer: 2 Stunden 27 Minuten 6 Sekunden, Bedrohungs-Suchlauf, Abgeschlossen, 0 Malwareerkennung, "13" nicht-Malwareerkennung, (end) Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 12.07.2015 Suchlauf-Zeit: 12:38:54 Logdatei: Administrator: Ja Version: 2.01.6.1022 Malware Datenbank: v2015.07.12.01 Rootkit Datenbank: v2015.07.10.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows Vista Service Pack 2 CPU: x86 Dateisystem: NTFS Benutzer: Name Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 59960 Verstrichene Zeit: 2 Std, 27 Min, 6 Sek Speicher: Deaktiviert Autostart: Deaktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Warnen PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente gefunden) Module: 0 (Keine schädliche Elemente gefunden) Registrierungsschlüssel: 0 (Keine schädliche Elemente gefunden) Registrierungswerte: 0 (Keine schädliche Elemente gefunden) Registrierungsdaten: 0 (Keine schädliche Elemente gefunden) Ordner: 0 (Keine schädliche Elemente gefunden) Dateien: 13 PUP.Optiona.ConduitTB.Gen, G:\Seagate Dashboard 2.0\__PC\Name\Backup\82aac917-19b3-4d02-971e-43c35a219eba\20120929_001931_Name1\D\test\Trend Micro\HiJackThis\backups\backup-20111012-200018-442.dll, In Quarantäne, [3ca5e6fa97f38da9bbb979e6da2bce32], PUP.Optiona.ConduitTB.Gen, G:\Seagate Dashboard 2.0\__PC\Name\Backup\82aac917-19b3-4d02-971e-43c35a219eba\20120929_001931_Name1\D\test\Trend Micro\HiJackThis\backups\backup-20111012-200018-995.dll, In Quarantäne, [5091fae6107a6acc5f15b7a8b84d56aa], PUP.Optiona.ConduitTB.Gen, G:\Seagate Dashboard 2.0\__PC\Name\Backup\82aac917-19b3-4d02-971e-43c35a219eba\20121029_235411_Name1Inc29\D\test\Trend Micro\HiJackThis\backups\backup-20111012-200018-442.dll, In Quarantäne, [d50cd907e7a370c6f57f8cd322e30ef2], PUP.Optiona.ConduitTB.Gen, G:\Seagate Dashboard 2.0\__PC\Name\Backup\82aac917-19b3-4d02-971e-43c35a219eba\20121029_235411_Name1Inc29\D\test\Trend Micro\HiJackThis\backups\backup-20111012-200018-995.dll, In Quarantäne, [b928e6fafe8cb581d2a2e47ba65fcf31], PUP.Optiona.ConduitTB.Gen, G:\Seagate Dashboard 2.0\__PC\Name\Backup\f85e7464-00c9-433b-a842-de0a619fa64e\20120929_003333_Name\D\test\Trend Micro\HiJackThis\backups\backup-20111012-200018-442.dll, In Quarantäne, [eff2ca162e5c4ee8b8bc540bc14457a9], PUP.Optiona.ConduitTB.Gen, G:\Seagate Dashboard 2.0\__PC\Name\Backup\f85e7464-00c9-433b-a842-de0a619fa64e\20120929_003333_Name\D\test\Trend Micro\HiJackThis\backups\backup-20111012-200018-995.dll, In Quarantäne, [8061af31e8a29c9ac4b0d788b84dd030], PUP.Optional.OpenCandy, G:\Seagate Dashboard 2.0\__PC\Name\Backup\f85e7464-00c9-433b-a842-de0a619fa64e\20121021_020236_Name\C\Users\Name\Downloads\install_icq7b5620.exe, In Quarantäne, [f0f14799c4c643f30a0760f35ca914ec], PUP.Optiona.ConduitTB.Gen, G:\Seagate Dashboard 2.0\__PC\Name\Backup\f85e7464-00c9-433b-a842-de0a619fa64e\20121021_020236_Name\D\test\Trend Micro\HiJackThis\backups\backup-20111012-200018-442.dll, In Quarantäne, [a9381bc53456fb3bdf95510ebf4612ee], PUP.Optiona.ConduitTB.Gen, G:\Seagate Dashboard 2.0\__PC\Name\Backup\f85e7464-00c9-433b-a842-de0a619fa64e\20121021_020236_Name\D\test\Trend Micro\HiJackThis\backups\backup-20111012-200018-995.dll, In Quarantäne, [657c1ac67317a096165ef16eed18659b], PUP.Optiona.ConduitTB.Gen, G:\Seagate Dashboard 2.0\__PC\Name\Backup\f85e7464-00c9-433b-a842-de0a619fa64e\20150322_153354_NameInc22\D\test\Trend Micro\HiJackThis\backups\backup-20111012-200018-442.dll, In Quarantäne, [d20fa739f991072f4c2878e78481b14f], PUP.Optiona.ConduitTB.Gen, G:\Seagate Dashboard 2.0\__PC\Name\Backup\f85e7464-00c9-433b-a842-de0a619fa64e\20150322_153354_NameInc22\D\test\Trend Micro\HiJackThis\backups\backup-20111012-200018-995.dll, In Quarantäne, [db06ecf44d3d68ceafc50f502bda1fe1], PUP.Optiona.ConduitTB.Gen, G:\Seagate Dashboard 2.0\__PC\Name\Backup\f85e7464-00c9-433b-a842-de0a619fa64e\20121029_235410_NameInc21\D\test\Trend Micro\HiJackThis\backups\backup-20111012-200018-442.dll, In Quarantäne, [449d954beaa06cca8ee6312e17ee619f], , G:\Seagate Dashboard 2.0\__PC\Name\Backup\f85e7464-00c9-433b-a842-de0a619fa64e\20121029_235410_NameInc21\D\test\Trend Micro\HiJackThis\backups\backup-20111012-200018-995.dll, In Quarantäne, [e2ffcd137812f046abc9a3bc9c69946c], Physische Sektoren: 0 (Keine schädliche Elemente gefunden) (end) |
|
12.07.2015, 18:47
| #2 |
| /// the machine /// TB-Ausbilder    | Seagate Dashboard Backup Antivir und Malwarebytes haben mehrere Virgen gefunden PUA/Crawler.Gen, PUA/DownloadSponsor.Gen Hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
12.07.2015, 22:03
| #3 |
| | Seagate Dashboard Backup Antivir und Malwarebytes haben mehrere Virgen gefunden PUA/Crawler.Gen, PUA/DownloadSponsor.Gen Hallo Schrauber,
__________________danke für die Hilfe. Ich bin mir gerade nicht sicher, ob ich die Logdateien richtig gepostete habe. Wenn ich auf das #-Symbol gehe, passiert nichts. Addition.txtFRST Additions Logfile: [CODE]Additional FRST Logfile: Code:
ATTFilter scan result of Farbar Recovery Scan Tool (x86) Version: 12-07-2015
Ran by Name at 2015-07-12 22:27:03
Running from C:\Users\Name\Downloads
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-867486852-2202442794-3401772244-500 - Administrator - Disabled)
Name (S-1-5-21-867486852-2202442794-3401772244-1000 - Administrator - Enabled) => C:\Users\Name
Gast (S-1-5-21-867486852-2202442794-3401772244-501 - Limited - Enabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Antivirus (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
ABBYY FineReader 6.0 Sprint (HKLM\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.1395.4512 - ABBYY Software House)
Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version: - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
ActiveCheck component for HP Active Support Library (Version: 3.0.0.2 - Hewlett-Packard) Hidden
Adobe Flash Player 18 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 18.0.0.203 - Adobe Systems Incorporated)
Adobe Reader X (10.1.14) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.14 - Adobe Systems Incorporated)
Adobe Shockwave Player (HKLM\...\{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}) (Version: 11.0 - Adobe Systems, Inc.)
Adobe Shockwave Player 11.6 (HKLM\...\{FF2A5498-4EFE-430F-A138-7EB365DBEBAD}) (Version: 11.6.1.629 - Adobe Systems, Inc)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.8.158 - Adobe Systems, Inc.)
Apple Application Support (32-Bit) (HKLM\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{E1DB0812-2D60-43DB-AE09-6C7027D93B28}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{C3BB5992-04BD-5A27-A8A5-5D976DF8E743}) (Version: 3.0.704.0 - ATI Technologies, Inc.)
AVerMedia A309 (MiniCard, DVB-T) 1.0.0.46 (HKLM\...\AVerMedia A309 (MiniCard, DVB-T)) (Version: 1.0.0.46 - AVerMedia TECHNOLOGIES, Inc.)
Avira Antivirus (HKLM\...\Avira Antivirus) (Version: 15.0.11.579 - Avira Operations GmbH & Co. KG)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
ccc-core-static (Version: 2008.1231.1149.21141 - Ihr Firmenname) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.06 - Piriform)
Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CyberLink DVD Suite (HKLM\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.2326 - CyberLink Corp.)
DigitalPersona Personal 4.11 (HKLM\...\{47F3EDF5-C821-49E6-B9B3-D00BF0A9BAB8}) (Version: 4.11.3826 - DigitalPersona, Inc.)
DivX Version Checker (HKLM\...\{3FC7CBBC4C1E11DCA1A752EA55D89593}) (Version: 7.1.0.9 - DivX, Inc.)
EPSON Scan (HKLM\...\EPSON Scanner) (Version: - )
EPSON SX410 Series Printer Uninstall (HKLM\...\EPSON SX410 Series) (Version: - SEIKO EPSON Corporation)
EPSON-Drucker-Software (HKLM\...\EPSON Printer and Utilities) (Version: - SEIKO EPSON Corporation)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - )
ESU for Microsoft Vista (HKLM\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
Facebook Plug-In (HKU\S-1-5-21-867486852-2202442794-3401772244-1000\...\Facebook Plug-In) (Version: - Facebook, Inc.)
FLV Player 2.0 (build 25) (HKLM\...\FLV Player) (Version: 2.0 (build 25) - Martijn de Visser)
Gewichtslogger (HKLM\...\{680E66F3-1A4D-4221-B017-DF323A8B8DBA}) (Version: 1.2.0 - LISSWORX)
Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.27.5 - Google Inc.) Hidden
HP Active Support Library (HKLM\...\{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}) (Version: 3.1.9.1 - Hewlett-Packard)
HP Customer Experience Enhancements (HKLM\...\{57A5AEC1-97FC-474D-92C4-908FCC2253D4}) (Version: 5.7.0.2664 - Hewlett-Packard)
HP Help and Support (HKLM\...\{0054A0F6-00C9-4498-B821-B5C9578F433E}) (Version: 2.1.3.0 - Hewlett-Packard Company)
HP IDF Software (HKLM\...\{974025B1-769B-49E9-817C-C638ABE8F372}) (Version: 11.15.1000 - Hewlett-Packard Company)
HP Integrated Module with Bluetooth wireless technology 6.0.1.6204 (HKLM\...\{03D1988F-469F-4843-8E6E-E5FE9D17889D}) (Version: 6.0.1.6204 - HP)
HP MediaSmart DVD (HKLM\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 2.1.2328 - Hewlett-Packard)
HP MediaSmart Music/Photo/Video (HKLM\...\InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}) (Version: 2.1.2425 - Hewlett-Packard)
HP MediaSmart SmartMenu (HKLM\...\{A7AC8E69-01FF-494E-9A2C-423B82CEA604}) (Version: 2.1.7 - Hewlett-Packard)
HP MediaSmart TV (HKLM\...\InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}) (Version: 2.1.1219 - Hewlett-Packard)
HP MediaSmart Webcam (HKLM\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.1.1124 - Hewlett-Packard)
HP Quick Launch Buttons 6.40 L1 (HKLM\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.40 L1 - Hewlett-Packard)
HP Total Care Setup (HKLM\...\{95A747E0-DF19-46CB-A622-20A0107201BD}) (Version: 1.1.2413.2876 - Hewlett-Packard Company)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HP User Guides 0134 (HKLM\...\{6ABE0E28-3A8E-4ADC-A050-784064B76236}) (Version: 1.01.0000 - Hewlett-Packard)
HP Wireless Assistant (HKLM\...\{E5E29403-3D25-40C6-892B-F9FEE2A95585}) (Version: 3.50 A6 - Hewlett-Packard)
HPAsset component for HP Active Support Library (Version: 3.0.2.2 - Hewlett-Packard) Hidden
HPNetworkAssistant (Version: 1.1.70 - Hewlett-Packard.) Hidden
IDT Audio (HKLM\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6159.0 - IDT)
iTunes (HKLM\...\{CE1F04C7-79BC-4219-BE6A-BA490224D4B5}) (Version: 12.1.2.27 - Apple Inc.)
Java 8 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
JavaFX 2.0.3 (HKLM\...\{1111706F-666A-4037-7777-203328764D10}) (Version: 2.0.3 - Oracle Corporation)
JMicron JMB38X Flash Media Controller Driver (HKLM\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.00.20.07 - JMicron Technology Corp.)
Junk Mail filter update (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
LabelPrint (HKLM\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1118 - CyberLink Corp.)
LabelPrint (Version: 2.5.1118 - CyberLink Corp.) Hidden
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (Français) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1036) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (Italiano) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1040) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISER) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Live Add-in Patches (HKLM\...\{8DCD7A9A-8B0B-4184-A5D7-C4BDAA31C750}) (Version: 2.0.3009.0 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (German) (HKLM\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Works (HKLM\...\{39D0E034-1042-4905-BECB-5502909FCB7C}) (Version: 9.7.0621 - Microsoft Corporation)
MobileMe Control Panel (HKLM\...\{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}) (Version: 3.1.6.0 - Apple Inc.)
Mozilla Firefox 39.0 (x86 en-US) (HKLM\...\Mozilla Firefox 39.0 (x86 en-US)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
My HP Games (HKLM\...\WildTangent hp Master Uninstall) (Version: 1.0.0.62 - WildTangent)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
PhotoNow! (HKLM\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.5615 - CyberLink Corp.)
PhotoNow! (Version: 1.1.5615 - CyberLink Corp.) Hidden
Power2Go (HKLM\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.2325 - CyberLink Corp.)
Power2Go (Version: 6.0.2325 - CyberLink Corp.) Hidden
PowerDirector (HKLM\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.2317 - CyberLink Corp.)
PowerDirector (Version: 7.0.2317 - CyberLink Corp.) Hidden
ProtectSmart Hard Drive Protection (HKLM\...\{CB71A20E-B1B4-4562-81FA-33E1DBD0342F}) (Version: 3.10 A7 - Hewlett-Packard)
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek 8169 8168 8101E 8102E Ethernet Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0000 - Realtek)
Seagate Dashboard (HKLM\...\{EA266F00-A8E7-43A0-8DED-FBFE3F076934}) (Version: 4.0.2102.0 - Seagate)
Skins (Version: 2008.1231.1149.21141 - ATI) Hidden
Skype™ 7.5 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.5.102 - Skype Technologies S.A.)
Sony Ericsson Update Engine (HKLM\...\Update Engine) (Version: 2.13.6.201305161305 - Sony Ericsson Communications AB)
Sony PC Companion 2.10.275 (HKLM\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.275 - Sony)
SPORE Creature Creator Trial Edition (HKLM\...\{ECEE0279-785F-4CB3-9F28-E69813234BF8}) (Version: 1.00.0000 - Electronic Arts)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISER_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISER_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISER_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISER_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
Validity Sensors software (HKLM\...\{F65B8208-5221-43D9-AA12-DDEA64EC4AF6}) (Version: 2.8.109 - Validity Sensors, Inc.)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Vuze (HKLM\...\8461-7759-5462-8226) (Version: 4.7 - Vuze Inc.)
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live ID-Anmelde-Assistent (HKLM\...\{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{586509F0-350D-48B5-B763-9CC2F8D96C4C}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live-Uploadtool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR 5.10 beta 2 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.2 - win.rar GmbH)
WISO Steuer 2014 (HKLM\...\{58006B4F-8725-4DBC-B645-BE65FAE0A485}) (Version: 21.00.8480 - Buhl Data Service GmbH)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-867486852-2202442794-3401772244-1000_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-867486852-2202442794-3401772244-1000_Classes\CLSID\{32C3FEAE-0877-4767-8C20-62A5829A0945}\InprocServer32 -> C:\Users\Name\AppData\Roaming\Facebook\axfbootloader.dll ( )
CustomCLSID: HKU\S-1-5-21-867486852-2202442794-3401772244-1000_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-867486852-2202442794-3401772244-1000_Classes\CLSID\{C98FE784-B96E-41e1-8399-1337AE3E539F}\InprocServer32 -> C:\Users\Name\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
CustomCLSID: HKU\S-1-5-21-867486852-2202442794-3401772244-1000_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
==================== Restore Points =========================
10-07-2015 09:56:18 Sony Ericsson PC Suite Drivers
10-07-2015 10:00:44 Sprachpaketdeinstallation
10-07-2015 22:05:51 Sprachpaketdeinstallation
11-07-2015 11:06:41 Sprachpaketdeinstallation
11-07-2015 22:48:18 Sprachpaketdeinstallation
12-07-2015 10:35:06 Sprachpaketdeinstallation
12-07-2015 16:31:17 Sprachpaketdeinstallation
12-07-2015 21:46:28 Sprachpaketdeinstallation
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2006-11-02 12:23 - 2011-03-29 19:05 - 00392168 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 032439.com
127.0.0.1 032439.com
127.0.0.1 0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 1000gratisproben.com*-*Diese Website steht zum Verkauf!*-*Informationen zum Thema 1000gratisproben.
127.0.0.1 1001namen.com
127.0.0.1 404 Not Found
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100sexlinks.com*-*Diese Website steht zum Verkauf!*-*Informationen zum Thema Sexlinks.
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 Gadgets And More
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 123 Movies | Borrow Kindle books - Watch TV Series
There are 1000 more lines.
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {14170CF8-087B-4C35-B9FC-27D2BF02D174} - System32\Tasks\NetworkWizardHNW => C:\Program Files\Hewlett-Packard\HP TCS\RemEngine.exe [2008-12-17] ()
Task: {2A57B145-DCD3-4760-B460-6179ED43324D} - System32\Tasks\HP Health Check => c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-10-09] (Hewlett-Packard)
Task: {374A753F-3EC6-46CF-A41B-36A5EA33B107} - System32\Tasks\Name1 Merge => C:\Program Files\Seagate\Seagate Dashboard 2.0\NBCore.exe [2015-04-01] (Seagate Technology LLC)
Task: {5D2B5A4B-C25F-4B2F-ADBA-7F7A311BC98C} - System32\Tasks\Name => C:\Program Files\Seagate\Seagate Dashboard 2.0\NBCore.exe [2015-04-01] (Seagate Technology LLC)
Task: {699421FD-F6F6-4D5F-9020-A5AF7F923977} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-08] (Adobe Systems Incorporated)
Task: {7F8F0B99-182D-46A3-9126-BCF0072F93CD} - System32\Tasks\{08FD0BD2-4060-4F10-95BC-38E95EF15E46} => pcalua.exe -a "C:\Users\Name\Downloads\avira_antivir_personal_de(1).exe" -d C:\Windows\system32
Task: {9AE51921-ECC6-4956-B9E7-34188CAE68C7} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Name => C:\Program Files\Windows Calendar\WinCal.exe [2009-04-11] (Microsoft Corporation)
Task: {9FC96BD6-33DE-454E-BA6E-309DF9EBBC0A} - System32\Tasks\Name Merge => C:\Program Files\Seagate\Seagate Dashboard 2.0\NBCore.exe [2015-04-01] (Seagate Technology LLC)
Task: {A1456932-4E70-48DF-9CE5-D159AEDAD170} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-05-08] (Piriform Ltd)
Task: {A53296A5-7266-457C-9A05-7741A2FC8DF0} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {A7701183-7C23-4E8C-8DCC-3941D5BCBC9B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-25] (Google Inc.)
Task: {AB347969-1159-4188-ABF9-A6A17B3B709F} - System32\Tasks\{0BE5E6C3-49D4-49B3-8D1B-3ACD617C9F1A} => pcalua.exe -a "C:\Users\Name\Desktop\setup.exe" -d "C:\Users\Name\Desktop"
Task: {B5F89E1F-8A3E-41AE-AC33-856353E95BF3} - System32\Tasks\{4FE4B5B0-08F8-4719-9B7C-B5709160CE71} => pcalua.exe -a "C:\Users\Name\Downloads\OOo_3.3.0_Win_x86_install-wJRE_de.exe" -d C:\Windows\system32
Task: {D0477411-3458-4C77-84AA-2F4D8D0F9834} - System32\Tasks\Seagate_Install_Launch => C:\Program Files\Seagate\Seagate Dashboard 2.0\Dashboard.exe [2015-04-01] (Seagate Technology LLC)
Task: {D2DCA6B1-1B82-40D3-9B33-5B897B0E9BCD} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-06-12] (Adobe Systems Incorporated)
Task: {D6324D85-0999-4DBE-B98A-5703C07ADF7A} - System32\Tasks\{1B59329E-F150-4439-AE05-2AAE7C099B18} => Firefox.exe Skype für den Desktop herunterladen
Task: {D80F064F-9B52-4485-A2EC-81BD74A76BBB} - System32\Tasks\Name1 => C:\Program Files\Seagate\Seagate Dashboard 2.0\NBCore.exe [2015-04-01] (Seagate Technology LLC)
Task: {DC2BC639-C1D2-4EF7-8DA6-86601933040A} - System32\Tasks\{B81DB788-7654-4F4A-AB90-A3AF4C695DFF} => pcalua.exe -a "C:\Users\Name\Downloads\epson318477eu.exe" -d "C:\Users\Name\Downloads"
Task: {E7CD0132-4948-4C3F-A314-34565DE2E97F} - System32\Tasks\Name DBAgent 2 0 => C:\Program Files\Seagate\Seagate Dashboard 2.0\DBAgent.exe [2015-04-01] (Seagate Technology LLC)
Task: {F7C3883E-2446-43F7-89C4-2C69D57B7D68} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-25] (Google Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (Whitelisted) ==============
2014-07-03 13:20 - 2014-07-03 13:20 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-02-13 04:20 - 2015-02-13 04:20 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2009-02-21 05:27 - 2008-12-17 17:11 - 00365952 _____ () C:\Program Files\SMINST\BLService.exe
2009-02-21 05:28 - 2008-12-17 17:11 - 00132480 _____ () C:\Program Files\SMINST\STWmiM.dll
2009-02-21 04:31 - 2008-09-15 16:13 - 00241734 _____ () C:\Program Files\CyberLink\Shared files\RichVideo.exe
2008-11-26 17:13 - 2008-11-26 17:13 - 00296320 ____N () C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
2008-11-26 17:13 - 2008-11-26 17:13 - 00263560 ____N () C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\CLCapEngine.dll
2008-11-26 17:13 - 2008-11-26 17:13 - 00038184 ____N () C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\CLCapSvcps.dll
2008-11-26 17:13 - 2008-11-26 17:13 - 00116096 ____N () C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
2008-11-26 17:13 - 2008-11-26 17:13 - 00124288 ____N () C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\CLSchMgr.dll
2008-11-26 17:13 - 2008-11-26 17:13 - 00349480 ____N () C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\CLTinyDB.dll
2008-12-31 14:36 - 2008-12-31 14:36 - 00159744 _____ () C:\Windows\system32\atitmmxx.dll
2008-12-25 13:41 - 2008-12-25 13:41 - 00881960 ____N () C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
2012-02-12 02:09 - 2012-04-30 11:57 - 00039936 _____ () C:\Program Files\Sony\Sony PC Companion\TMonitorAPI.dll
2012-02-12 02:09 - 2014-12-04 15:18 - 00241152 _____ () C:\Program Files\Sony\Sony PC Companion\MExplorer.dll
2015-07-10 09:51 - 2015-06-18 10:42 - 00911360 _____ () C:\Program Files\Sony\Sony PC Companion\deviceupdate_dll.dll
2012-02-12 02:09 - 2015-06-10 11:13 - 00113024 _____ () C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe
2015-05-08 20:50 - 2015-05-08 20:50 - 00057344 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2008-10-22 11:32 - 2008-10-22 11:32 - 00628016 _____ () C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\Temp:2F40CED0
AlternateDataStreams: C:\ProgramData\Temp:32A82570
AlternateDataStreams: C:\ProgramData\Temp:5F869815
AlternateDataStreams: C:\ProgramData\Temp:DFC5A2B2
AlternateDataStreams: C:\ProgramData\Temp:E9A61FAD
==================== Safe Mode (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> 00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> 0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> 1000gratisproben.com*-*Diese Website steht zum Verkauf!*-*Informationen zum Thema 1000gratisproben.
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> 404 Not Found
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> 100sexlinks.com*-*Diese Website steht zum Verkauf!*-*Informationen zum Thema Sexlinks.
IE restricted site: HKU\.DEFAULT\...\10sek.com -> Gadgets And More
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> 123 Movies | Borrow Kindle books - Watch TV Series
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> 123Simsen-Projekte
There are 6964 more restricted sites.
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-867486852-2202442794-3401772244-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Name\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
DNS Servers: 192.168.2.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [TCP Query User{0A792F6D-A09B-4E10-9FF1-7A4197D99499}C:\program files\icq6.5\icq.exe] => (Allow) C:\program files\icq6.5\icq.exe
FirewallRules: [UDP Query User{2A8CD3E9-E9A8-4204-9909-89694826549C}C:\program files\icq6.5\icq.exe] => (Allow) C:\program files\icq6.5\icq.exe
FirewallRules: [TCP Query User{A4069B35-6CCE-4347-9BED-7085B95608DE}C:\program files\skype\phone\skype.exe] => (Allow) C:\program files\skype\phone\skype.exe
FirewallRules: [UDP Query User{62ECD631-1025-40BA-B55B-3B9C62F3F0FF}C:\program files\skype\phone\skype.exe] => (Allow) C:\program files\skype\phone\skype.exe
FirewallRules: [TCP Query User{EC155FA3-01B6-41DB-B079-5B02A996A2B1}C:\program files\windows live\messenger\msnmsgr.exe] => (Allow) C:\program files\windows live\messenger\msnmsgr.exe
FirewallRules: [UDP Query User{36FB7BF8-B1C8-4B5A-807D-3F0676371D1C}C:\program files\windows live\messenger\msnmsgr.exe] => (Allow) C:\program files\windows live\messenger\msnmsgr.exe
FirewallRules: [TCP Query User{01145E8F-75A4-45F5-9310-1B6D4138F405}C:\program files\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe] => (Allow) C:\program files\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe
FirewallRules: [UDP Query User{C3EE443C-C4C2-4AD0-9446-3383C5ACC2CD}C:\program files\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe] => (Allow) C:\program files\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe
FirewallRules: [TCP Query User{84C656B4-83C7-455D-9620-317B48517E3E}C:\program files\internet explorer\iexplore.exe] => (Allow) C:\program files\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{1EAC5332-4CFC-40D3-A7A3-B40BC5A5D7F3}C:\program files\internet explorer\iexplore.exe] => (Allow) C:\program files\internet explorer\iexplore.exe
FirewallRules: [TCP Query User{A3609765-0165-4060-BAF9-51F8EB17E4BA}C:\program files\icq6.5\icq.exe] => (Allow) C:\program files\icq6.5\icq.exe
FirewallRules: [UDP Query User{15D6C7B1-3232-47EA-8885-0A3AEB76E1F2}C:\program files\icq6.5\icq.exe] => (Allow) C:\program files\icq6.5\icq.exe
FirewallRules: [TCP Query User{2DC88603-3D26-44A0-B2D0-B93F238794E1}C:\program files\windows live\messenger\msnmsgr.exe] => (Allow) C:\program files\windows live\messenger\msnmsgr.exe
FirewallRules: [TCP Query User{9C6387C6-017F-451D-A107-40EEEA241616}C:\program files\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe] => (Allow) C:\program files\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe
FirewallRules: [UDP Query User{AE03A36A-2DDA-4A23-9B8D-FBB122D9B9CA}C:\program files\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe] => (Allow) C:\program files\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe
FirewallRules: [TCP Query User{03B04633-1897-45B3-9BB0-9F3563557F08}C:\program files\java\jre6\bin\java.exe] => (Block) C:\program files\java\jre6\bin\java.exe
FirewallRules: [UDP Query User{9CC93268-8E86-47DA-A882-43AB330879F2}C:\program files\java\jre6\bin\java.exe] => (Block) C:\program files\java\jre6\bin\java.exe
FirewallRules: [{EEDFF9A7-E1BD-435C-8DBD-D26FE8C4F018}] => (Allow) C:\Program Files\Vuze\Azureus.exe
FirewallRules: [{67B306AE-6AA3-4008-ABD7-6B6C257FD546}] => (Allow) C:\Program Files\Vuze\Azureus.exe
FirewallRules: [TCP Query User{077363D5-D9D9-471D-833F-5B8FADA43016}C:\program files\spyware terminator\spywareterminatorupdate.exe] => (Block) C:\program files\spyware terminator\spywareterminatorupdate.exe
FirewallRules: [UDP Query User{06B7D60F-FE06-419F-A0F3-E11232182B14}C:\program files\spyware terminator\spywareterminatorupdate.exe] => (Block) C:\program files\spyware terminator\spywareterminatorupdate.exe
FirewallRules: [TCP Query User{50F28D37-AEA7-4184-9AC4-36FC5D71B3A4}C:\program files\spyware terminator\spywareterminatorupdate.exe] => (Allow) C:\program files\spyware terminator\spywareterminatorupdate.exe
FirewallRules: [UDP Query User{D92F00A7-44CE-4E43-9938-25257C812AF5}C:\program files\spyware terminator\spywareterminatorupdate.exe] => (Allow) C:\program files\spyware terminator\spywareterminatorupdate.exe
FirewallRules: [TCP Query User{B626AB6D-631B-4F7C-A2CE-D5A905DB368B}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{FCF423EB-BF8D-4E86-BB6D-16E04AFE0637}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{60D84F71-B31F-48D4-B11F-D5963D60FC29}C:\program files\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe] => (Allow) C:\program files\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe
FirewallRules: [UDP Query User{BA7C414A-2213-46FE-BCF0-715A0D4217D5}C:\program files\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe] => (Allow) C:\program files\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe
FirewallRules: [TCP Query User{3A0A9B46-5221-414B-A699-813F5D282CA3}C:\program files\google\google earth\plugin\geplugin.exe] => (Block) C:\program files\google\google earth\plugin\geplugin.exe
FirewallRules: [UDP Query User{EC28A2D8-EB4F-4308-8DD9-C32BD302BAD0}C:\program files\google\google earth\plugin\geplugin.exe] => (Block) C:\program files\google\google earth\plugin\geplugin.exe
FirewallRules: [TCP Query User{1B980F3F-264B-4E63-9AB5-04344144286C}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{CDB3932E-DF44-4C76-AD6F-8C3FE377E048}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe
FirewallRules: [TCP Query User{B38F8228-8AED-4DBD-AE40-8F01444F889D}C:\program files\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe] => (Allow) C:\program files\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe
FirewallRules: [UDP Query User{85D82438-5F6A-4523-8B0F-FEDA5D3C5FB1}C:\program files\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe] => (Allow) C:\program files\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe
FirewallRules: [{D51A0571-4860-4EB0-92E8-94A21AFA207C}] => (Allow) LPort=80
FirewallRules: [{9929286B-520E-44C4-BEDF-77B860BED50C}] => (Allow) LPort=80
FirewallRules: [{1B8EB552-6AF4-4DD3-9980-A4F0E0170BEF}] => (Allow) LPort=80
FirewallRules: [{CAAED870-1DBE-4FFC-B2B9-53E88B40371D}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{169AF886-F097-4FE5-B72B-57AA9359D19C}] => (Allow) svchost.exe
FirewallRules: [{F953BBBA-3DBA-415B-A67F-9B449E2BD9C1}] => (Allow) C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [TCP Query User{FD05B2AE-5847-4147-A1FA-469AF8E72857}C:\program files\icq7.4\icq.exe] => (Block) C:\program files\icq7.4\icq.exe
FirewallRules: [UDP Query User{8A6587F5-D9DB-4842-95D6-4700F73268CB}C:\program files\icq7.4\icq.exe] => (Block) C:\program files\icq7.4\icq.exe
FirewallRules: [TCP Query User{7B67A34E-12D0-487B-97BD-7C117D256248}C:\program files\mozilla firefox\plugin-container.exe] => (Block) C:\program files\mozilla firefox\plugin-container.exe
FirewallRules: [UDP Query User{03E9FD07-80F7-4A7C-9DA3-9358AEA9A07B}C:\program files\mozilla firefox\plugin-container.exe] => (Block) C:\program files\mozilla firefox\plugin-container.exe
FirewallRules: [{990303DA-BFA7-4B6D-92DB-6F2C9E60F24A}] => (Allow) C:\Users\Name\AppData\Local\Temp\7zS180D.tmp\SymNRT.exe
FirewallRules: [{BE983415-6ADB-44D7-82C9-822544A126E1}] => (Allow) C:\Users\Name\AppData\Local\Temp\7zS180D.tmp\SymNRT.exe
FirewallRules: [{19F82D6B-43EF-4DBF-9EC1-082988DEC84F}] => (Allow) C:\Program Files\Vuze\Azureus.exe
FirewallRules: [{ED19D3AA-3FBD-4067-9286-DEA9C7102E5C}] => (Allow) C:\Program Files\Vuze\Azureus.exe
FirewallRules: [{ACE6FF3A-0C02-4E8C-88B7-6B1391A468AF}] => (Allow) C:\Program Files\Sony Ericsson\Update Engine\Sony Ericsson Update Engine.exe
FirewallRules: [{DB5188CB-1C78-48AE-A066-C244EA5AC06E}] => (Allow) C:\Program Files\Sony Ericsson\Update Engine\Sony Ericsson Update Engine.exe
FirewallRules: [{45E7DE04-75C8-4784-9BE2-A50E015B2201}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{28FD41F6-AFBB-4512-B756-6107CABAB438}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{09234471-ABD6-4667-BB74-31938F6D314C}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{5D72A88F-ED4B-4689-B76D-0D610367B100}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{C42432B7-F18D-46F5-B1DF-04E22F40419B}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{0E955BDA-ECB2-4027-8897-11E191ABA9FB}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{D93CC5EB-6FD6-4843-A6F4-CA745F99994F}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{03A36807-105D-496E-B64B-A003DAC94BE1}C:\program files\seagate\seagate dashboard 2.0\dashboard.exe] => (Allow) C:\program files\seagate\seagate dashboard 2.0\dashboard.exe
FirewallRules: [UDP Query User{08E6AC9B-B050-4EA1-A8CA-629C323FD470}C:\program files\seagate\seagate dashboard 2.0\dashboard.exe] => (Allow) C:\program files\seagate\seagate dashboard 2.0\dashboard.exe
FirewallRules: [{8DF643F7-DB93-40E3-A4DC-5872EA711552}] => (Allow) LPort=8888
FirewallRules: [{483CD29C-E6CA-4622-B6B5-1F9E5E07DDCE}] => (Allow) C:\Program Files\iTunes\iTunes.exe
==================== Faulty Device Manager Devices =============
Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (07/12/2015 09:30:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/12/2015 06:40:50 PM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
Error: (07/12/2015 04:15:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/12/2015 10:51:28 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung TVAgent.exe, Version 2.1.1.1321, Zeitstempel 0x49772d0a, fehlerhaftes Modul MFC71.DLL, Version 7.10.3077.0, Zeitstempel 0x3e77fdfd, Ausnahmecode 0xc0000005, Fehleroffset 0x0002a3a3,
Prozess-ID 0x920, Anwendungsstartzeit TVAgent.exe0.
Error: (07/12/2015 10:18:48 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/11/2015 10:47:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung TVAgent.exe, Version 2.1.1.1321, Zeitstempel 0x49772d0a, fehlerhaftes Modul MFC71.DLL, Version 7.10.3077.0, Zeitstempel 0x3e77fdfd, Ausnahmecode 0xc0000005, Fehleroffset 0x0002a3a3,
Prozess-ID 0xa4c, Anwendungsstartzeit TVAgent.exe0.
Error: (07/11/2015 08:11:14 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/11/2015 03:40:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6827399
Error: (07/11/2015 03:40:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6827399
Error: (07/11/2015 03:40:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
System errors:
=============
Error: (07/12/2015 09:49:58 PM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1003) (User: NT-AUTORITÄT)
Description: 0x800f0825it-IT
Error: (07/12/2015 09:49:54 PM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1003) (User: NT-AUTORITÄT)
Description: 0x800f0825fr-FR
Error: (07/12/2015 09:36:56 PM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1001) (User: NT-AUTORITÄT)
Description: 0x80070032
Error: (07/12/2015 09:32:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: iPod-Dienst%%1053
Error: (07/12/2015 09:32:09 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000iPod-Dienst
Error: (07/12/2015 09:32:09 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1053iPod Service{063D34A4-BF84-4B8D-B699-E8CA06504DDE}
Error: (07/12/2015 09:30:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058
Error: (07/12/2015 04:32:38 PM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1003) (User: NT-AUTORITÄT)
Description: 0x800f0825it-IT
Error: (07/12/2015 04:32:33 PM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1003) (User: NT-AUTORITÄT)
Description: 0x800f0825fr-FR
Error: (07/12/2015 04:18:12 PM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1001) (User: NT-AUTORITÄT)
Description: 0x80070032
Microsoft Office:
=========================
Error: (01/27/2013 02:58:20 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 425 seconds with 60 seconds of active time. This session ended with a crash.
Error: (12/11/2011 11:33:20 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 16 seconds with 0 seconds of active time. This session ended with a crash.
Error: (11/14/2011 04:36:35 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6 seconds with 0 seconds of active time. This session ended with a crash.
Error: (10/04/2011 02:15:26 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 6 seconds with 0 seconds of active time. This session ended with a crash.
Error: (09/19/2011 11:37:26 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 9 seconds with 0 seconds of active time. This session ended with a crash.
Error: (08/18/2011 12:32:50 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 20 seconds with 0 seconds of active time. This session ended with a crash.
Error: (08/08/2011 12:00:37 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 60 seconds with 0 seconds of active time. This session ended with a crash.
Error: (07/11/2011 09:17:35 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 7 seconds with 0 seconds of active time. This session ended with a crash.
Error: (06/18/2011 04:02:15 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 78 seconds with 60 seconds of active time. This session ended with a crash.
Error: (06/02/2011 01:37:51 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6550.5004, Microsoft Office Version: 12.0.6425.1000. This session lasted 23 seconds with 0 seconds of active time. This session ended with a crash.
CodeIntegrity Errors:
===================================
Date: 2015-07-12 22:25:20.298
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-07-12 22:25:19.066
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-07-12 22:25:17.865
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-07-12 22:25:16.742
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-01-31 14:56:22.572
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-01-31 14:56:21.527
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-01-31 14:56:20.497
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-01-31 14:56:19.405
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-01-31 14:56:16.223
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-01-31 14:56:15.131
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Processor: Intel(R) Core(TM)2 Duo CPU P8800 @ 2.66GHz
Percentage of memory in use: 45%
Total physical RAM: 3038.25 MB
Available physical RAM: 1664.29 MB
Total Virtual: 6279.48 MB
Available Virtual: 4602.37 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:286.52 GB) (Free:132.12 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:298.09 GB) (Free:187.29 GB) NTFS
Drive e: (RECOVERY) (Fixed) (Total:11.56 GB) (Free:1.33 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive f: (ST2014) (CDROM) (Total:0.56 GB) (Free:0 GB) CDFS
Drive g: (Seagate Backup Plus Drive) (Fixed) (Total:465.76 GB) (Free:181.86 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 6D694358)
Partition 1: (Active) - (Size=286.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=11.6 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: 3AFC0EC1)
Partition 1: (Not Active) - (Size=298.1 GB) - (Type=07 NTFS)
========================================================
Disk: 2 (Size: 465.8 GB) (Disk ID: BF9AECE4)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)
==================== End of log ============================
FRST.txt FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-07-2015
Ran by Name (administrator) on __PC on 12-07-2015 22:24:31
Running from C:\Users\Name\Downloads
Loaded Profiles: Name (Available Profiles: Name)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Geeks to Go Forum
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\stacsv.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Validity Sensors, Inc.) C:\Windows\System32\vfsFPService.exe
(DigitalPersona, Inc.) C:\Program Files\DigitalPersona\Bin\DpHostW.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\SMINST\BLService.exe
() C:\Program Files\CyberLink\Shared files\RichVideo.exe
(Seagate Technology LLC) C:\Program Files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
(Seagate Technology LLC) C:\Program Files\Seagate\Seagate Dashboard 2.0\MobileService.exe
() C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
() C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(CyberLink Corp.) C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
(CyberLink) C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(DigitalPersona, Inc.) C:\Program Files\DigitalPersona\Bin\DpAgent.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Seagate Technology LLC) C:\Program Files\Seagate\Seagate Dashboard 2.0\DBAgent.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Sony) C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe
(Seagate Technology LLC) C:\Program Files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
() C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(Seagate Technology LLC) C:\Program Files\Seagate\Seagate Dashboard 2.0\DeviceAgent.exe
() C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\ehome\ehsched.exe
(Microsoft Corporation) C:\Windows\ehome\ehrecvr.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2299176 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [TSMAgent] => C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe [1316136 2008-12-25] (CyberLink Corp.)
HKLM\...\Run: [CLMLServer for HP TouchSmart] => C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [189736 2008-12-25] (CyberLink)
HKLM\...\Run: [TVAgent] => C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe [210216 2009-01-21] (CyberLink Corp.)
HKLM\...\Run: [UCam_Menu] => C:\Program Files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe [218408 2008-11-14] (CyberLink Corp.)
HKLM\...\Run: [QlbCtrl.exe] => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [206128 2008-10-10] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [WirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [432432 2008-12-08] (Hewlett-Packard)
HKLM\...\Run: [DpAgent] => C:\Program Files\DigitalPersona\Bin\dpagent.exe [842816 2009-12-01] (DigitalPersona, Inc.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-03-20] (Apple Inc.)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [730416 2015-06-20] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [914224 2008-11-18] (Hewlett-Packard)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [450652 2009-06-03] (IDT, Inc.)
HKLM\...\Run: [DBAgent] => C:\Program Files\Seagate\Seagate Dashboard 2.0\DBAgent.exe [1533728 2015-04-01] (Seagate Technology LLC)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2015-04-07] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKU\S-1-5-21-867486852-2202442794-3401772244-1000\...\Run: [Sony PC Companion] => C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe [456576 2015-06-10] (Sony)
HKU\S-1-5-21-867486852-2202442794-3401772244-1000\...\Run: [Uploader] => C:\Program Files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe [127304 2015-04-01] (Seagate Technology LLC)
HKU\S-1-5-21-867486852-2202442794-3401772244-1000\...\Run: [EPSON Stylus DX8400 Series] => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE [182272 2007-04-12] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-867486852-2202442794-3401772244-1000\...\Run: [EPSON Stylus DX8400 Series (Kopie 1)] => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE [182272 2007-04-12] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-867486852-2202442794-3401772244-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6369048 2015-05-08] (Piriform Ltd)
HKU\S-1-5-21-867486852-2202442794-3401772244-1000\...\MountPoints2: G - G:\AutoRun.exe
HKU\S-1-5-21-867486852-2202442794-3401772244-1000\...\MountPoints2: {2d1f3e4a-b78a-11df-ad94-00269e0d09e9} - G:\AutoRun.exe
HKU\S-1-5-21-867486852-2202442794-3401772244-1000\...\MountPoints2: {3ad994c7-9db6-11de-98c6-806e6f6e6963} - F:\start.exe /auto
HKU\S-1-5-21-867486852-2202442794-3401772244-1000\...\MountPoints2: {ac27b419-54b8-11e1-b04d-00247eaba5e9} - G:\Startme.exe
Lsa: [Notification Packages] scecli DPPWDFLT
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk [2015-05-14]
ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files\WISO\Steuersoftware 2014\mshaktuell.exe ()
ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll No File
ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 2 (GFS Stub)] -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll No File
ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll No File
ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 3 (GFS Folder)] -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll No File
ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll No File
BootExecute: autocheck autochk *
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN Deutschland ? mit Hotmail Nachfolger Outlook und Messenger Skype
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-867486852-2202442794-3401772244-1000\Software\Microsoft\Internet Explorer\Main,Start Page = MSN Deutschland ? mit Hotmail Nachfolger Outlook und Messenger Skype
HKU\S-1-5-21-867486852-2202442794-3401772244-1000\Software\Microsoft\Internet Explorer\Main,ICQ Search = hxxp://search.icq.com/search/results.php?ch_id=sk27211&q={searchTerms}
URLSearchHook: HKLM - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
URLSearchHook: HKLM - (No Name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - No File
SearchScopes: HKLM -> {1F71B852-794A-4692-9217-6FF667304147} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
SearchScopes: HKLM -> {5D0FFAEB-57A6-4251-B466-B91BA97A89F7} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de
SearchScopes: HKU\.DEFAULT -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\.DEFAULT -> {1F71B852-794A-4692-9217-6FF667304147} URL =
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-867486852-2202442794-3401772244-1000 -> {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} URL = hxxp://www.crawler.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=60347
SearchScopes: HKU\S-1-5-21-867486852-2202442794-3401772244-1000 -> {1F71B852-794A-4692-9217-6FF667304147} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
SearchScopes: HKU\S-1-5-21-867486852-2202442794-3401772244-1000 -> {5D0FFAEB-57A6-4251-B466-B91BA97A89F7} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de
SearchScopes: HKU\S-1-5-21-867486852-2202442794-3401772244-1000 -> {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = hxxp://search.icq.com/search/results.php?ch_id=sk27211&q={searchTerms}
SearchScopes: HKU\S-1-5-21-867486852-2202442794-3401772244-1000 -> {AC129BF9-68BF-4bc4-A1DC-ECB62712FF99} URL = hxxp://search.kikin.com/search/?q={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll No File
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-07-04] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-07-04] (Oracle Corporation)
Toolbar: HKU\.DEFAULT -> No Name - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
Toolbar: HKU\.DEFAULT -> No Name - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - No File
Toolbar: HKU\.DEFAULT -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKU\S-1-5-21-867486852-2202442794-3401772244-1000 -> No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
Toolbar: HKU\S-1-5-21-867486852-2202442794-3401772244-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKU\S-1-5-21-867486852-2202442794-3401772244-1000 -> No Name - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-06-08] (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll No File [ ]
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-31] (Apple Inc.)
Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984 2013-10-19] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984 2013-10-19] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 03 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984 2013-10-19] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 04 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984 2013-10-19] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 05 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984 2013-10-19] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 06 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984 2013-10-19] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 07 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984 2013-10-19] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 08 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984 2013-10-19] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 20 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984 2013-10-19] (Avira Operations GmbH & Co. KG)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{D8AF4668-0142-4ECD-8760-828A6163B38E}: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Name\AppData\Roaming\Mozilla\Firefox\Profiles\l8hr62f5.default-1410900117419
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_18_0_0_203.dll [2015-07-08] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1218158.dll [2015-05-07] (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll No File
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-07-04] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-07-04] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.3 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-17] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-04-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-867486852-2202442794-3401772244-1000: @facebook.com/FBPlugin,version=1.0.3 -> C:\Users\Name\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll [2010-03-06] ( )
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll [2009-11-14] (DivX, Inc)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2015-04-30] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2014-06-27] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2014-06-27] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2014-06-27] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2014-06-27] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2014-06-27] (Apple Inc.)
FF Extension: Ecology - C:\Users\Name\AppData\Roaming\Mozilla\Firefox\Profiles\l8hr62f5.default-1410900117419\Extensions\ecolo@loic.com.xpi [2014-09-26]
FF Extension: Walnut for Firefox - C:\Users\Name\AppData\Roaming\Mozilla\Firefox\Profiles\l8hr62f5.default-1410900117419\Extensions\{5A170DD3-63CA-4c58-93B7-DE9FF536C2FF}.xpi [2014-09-16]
FF Extension: NoScript - C:\Users\Name\AppData\Roaming\Mozilla\Firefox\Profiles\l8hr62f5.default-1410900117419\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-09-16]
FF Extension: Adblock Plus - C:\Users\Name\AppData\Roaming\Mozilla\Firefox\Profiles\l8hr62f5.default-1410900117419\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-09-16]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-09-11]
FF HKLM\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files\DigitalPersona\Bin\FirefoxExt
FF Extension: DigitalPersona Extension - C:\Program Files\DigitalPersona\Bin\FirefoxExt [2010-04-14]
FF HKU\S-1-5-21-867486852-2202442794-3401772244-1000\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files\DigitalPersona\Bin\firefoxext
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2015-07-04]
Chrome:
=======
CHR Profile: C:\Users\Name\AppData\Local\Google\Chrome\User Data\Default
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 AntiVirMailService; C:\Program Files\Avira\AntiVir Desktop\avmailc.exe [825136 2015-06-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [450808 2015-06-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [450808 2015-06-20] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1187336 2015-06-20] (Avira Operations GmbH & Co. KG)
R2 DpHost; C:\Program Files\DigitalPersona\Bin\DpHostW.exe [322624 2009-12-01] (DigitalPersona, Inc.) [File not signed]
R2 ezSharedSvc; C:\Windows\System32\ezsvc7.dll [129992 2008-02-03] (EasyBits Sofware AS) [File not signed]
R2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-10-09] (Hewlett-Packard) [File not signed]
R3 hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [223232 2008-10-23] (Hewlett-Packard Development Company, L.P.) [File not signed]
S2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 Recovery Service for Windows; C:\Program Files\SMINST\BLService.exe [365952 2008-12-17] ()
R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [241734 2008-09-15] () [File not signed]
R2 Seagate Dashboard Services; C:\Program Files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [16216 2015-02-13] (Seagate Technology LLC)
R2 Seagate MobileBackup Service; C:\Program Files\Seagate\Seagate Dashboard 2.0\MobileService.exe [157992 2015-04-01] (Seagate Technology LLC)
S3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155520 2015-06-10] (Avanquest Software)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\STacSV.exe [217170 2009-06-03] (IDT, Inc.)
R2 TVCapSvc; C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe [296320 2008-11-26] ()
R2 TVSched; C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe [116096 2008-11-26] ()
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108448 2015-06-20] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136728 2015-06-20] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37896 2015-05-24] (Avira Operations GmbH & Co. KG)
S3 KMWDFILTER; C:\Windows\System32\DRIVERS\KMWDFILTER.sys [17408 2008-10-09] (Windows (R) Codename Longhorn DDK provider)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-04-14] (Malwarebytes Corporation)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [31848 2015-06-20] (Avira Operations GmbH & Co. KG)
R2 {55662437-DA8C-40c0-AADA-2C816A897A49}; C:\Program Files\Hewlett-Packard\Media\DVD\000.fcl [87536 2008-11-28] (CyberLink Corp.)
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-07-12 22:24 - 2015-07-12 22:25 - 00025491 _____ C:\Users\Name\Downloads\FRST.txt
2015-07-12 22:23 - 2015-07-12 22:24 - 00000000 ____D C:\FRST
2015-07-12 22:17 - 2015-07-12 22:18 - 01636864 _____ (Farbar) C:\Users\Name\Downloads\FRST.exe
2015-07-06 14:17 - 2015-07-06 14:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-07-04 14:57 - 2015-07-04 14:58 - 01126608 _____ (Adobe Systems Incorporated) C:\Users\Name\Downloads\reader10_de_ha_install.exe
2015-07-04 14:26 - 2015-07-04 14:27 - 01125056 _____ (Adobe Systems Incorporated) C:\Users\Name\Downloads\flashplayer18_ha_install.exe
2015-07-04 14:03 - 2015-07-04 14:03 - 00000000 ____D C:\Windows\system32\Adobe
2015-07-04 13:55 - 2015-07-04 13:58 - 05009736 _____ (Adobe Systems Inc.) C:\Users\Name\Downloads\Shockwave_Installer_Slim(7).exe
2015-07-04 13:54 - 2015-07-04 13:54 - 00000000 ____D C:\Program Files\Common Files\Java
2015-07-04 13:54 - 2015-07-04 13:50 - 00096352 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2015-07-04 13:51 - 2015-07-04 13:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-07-04 12:23 - 2015-07-04 12:23 - 00561248 _____ (Oracle Corporation) C:\Users\Name\Downloads\jxpiinstall(3).exe
2015-07-04 11:35 - 2015-07-04 19:39 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-06-30 22:07 - 2015-06-30 22:08 - 01125056 _____ (Adobe Systems Incorporated) C:\Users\Name\Downloads\flashplayer18au_ha_install.exe
2015-06-14 11:46 - 2015-06-14 11:54 - 06549184 _____ (Piriform Ltd) C:\Users\Name\Downloads\ccsetup506.exe
2015-06-12 22:08 - 2015-04-24 17:54 - 00532480 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-06-12 21:59 - 2015-05-21 16:22 - 02066432 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-06-12 21:58 - 2015-05-09 01:08 - 00894464 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-06-12 21:10 - 2015-05-05 00:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-06-12 21:08 - 2015-05-05 00:51 - 10628608 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-06-12 21:08 - 2015-05-05 00:50 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-06-12 21:08 - 2015-05-05 00:50 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-06-12 21:08 - 2015-05-04 23:21 - 08147456 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-07-12 21:42 - 2014-09-09 22:16 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-12 21:34 - 2006-11-02 14:37 - 00000000 ___RD C:\Users\Public\Recorded TV
2015-07-12 21:30 - 2010-10-08 02:31 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-12 21:29 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-12 21:29 - 2006-11-02 14:47 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-12 21:29 - 2006-11-02 14:47 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-12 21:27 - 2008-01-21 04:47 - 00948064 _____ C:\Windows\PFRO.log
2015-07-12 18:41 - 2009-07-20 02:35 - 00002140 _____ C:\Windows\bthservsdp.dat
2015-07-12 18:41 - 2006-11-02 15:01 - 00032534 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-07-12 18:40 - 2009-07-20 02:35 - 02002609 _____ C:\Windows\WindowsUpdate.log
2015-07-12 18:29 - 2010-10-08 02:31 - 00001098 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-12 17:30 - 2014-07-20 20:16 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-11 11:26 - 2010-07-12 14:16 - 00002549 _____ C:\Users\Name\Desktop\Gewichtslogger.lnk
2015-07-10 14:16 - 2009-09-10 23:39 - 00000000 ____D C:\Users\Name\AppData\Roaming\Skype
2015-07-10 12:43 - 2009-09-10 23:30 - 00000000 ____D C:\ProgramData\Skype
2015-07-10 09:58 - 2009-07-20 02:41 - 00544786 _____ C:\Windows\DPINST.LOG
2015-07-10 09:56 - 2015-05-01 12:24 - 00001841 _____ C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
2015-07-10 09:56 - 2012-03-08 22:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2015-07-10 09:51 - 2009-02-21 03:30 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2015-07-09 10:02 - 2009-02-21 11:18 - 00705230 _____ C:\Windows\system32\perfh010.dat
2015-07-09 10:02 - 2009-02-21 11:18 - 00142814 _____ C:\Windows\system32\perfc010.dat
2015-07-09 10:02 - 2006-11-02 12:33 - 03270364 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-08 22:59 - 2014-09-09 22:16 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-07-08 22:59 - 2014-09-09 22:16 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-07-06 14:17 - 2015-05-24 01:39 - 00001851 _____ C:\Users\Public\Desktop\Avira Antivirus.lnk
2015-07-04 19:39 - 2012-04-24 22:56 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-07-04 15:33 - 2014-06-13 12:02 - 00000000 ____D C:\Users\Name\AppData\Local\Adobe
2015-07-04 13:55 - 2015-01-28 00:30 - 00000000 ____D C:\ProgramData\Oracle
2015-07-04 13:49 - 2011-06-07 02:43 - 00000000 ____D C:\Program Files\Java
2015-06-21 21:34 - 2009-09-18 00:49 - 00000000 ____D C:\Users\Name\AppData\Roaming\HpUpdate
2015-06-20 10:18 - 2013-10-19 14:50 - 00136728 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-06-20 10:18 - 2013-10-19 14:50 - 00108448 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-06-20 10:18 - 2013-10-19 14:50 - 00031848 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\ssmdrv.sys
2015-06-14 20:48 - 2014-07-20 20:15 - 00000000 ____D C:\Program Files\ Malwarebytes Anti-Malware
2015-06-14 12:43 - 2014-07-20 20:15 - 00000861 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-06-14 12:43 - 2014-07-20 20:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-06-14 12:08 - 2009-09-13 01:45 - 00000000 ____D C:\Users\Name\AppData\Roaming\Azureus
2015-06-14 12:00 - 2015-02-01 14:13 - 00000766 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-06-14 11:59 - 2009-12-19 04:39 - 00000000 ____D C:\Program Files\CCleaner
2015-06-13 09:50 - 2006-11-02 14:47 - 00406192 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-12 22:16 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\rescache
2015-06-12 22:08 - 2009-09-10 23:16 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-06-12 21:58 - 2013-08-16 21:09 - 00000000 ____D C:\Windows\system32\MRT
2015-06-12 21:23 - 2006-11-02 12:24 - 136900096 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-06-12 21:17 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\system32\it-IT
2015-06-12 21:17 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\system32\fr-FR
2015-06-12 21:17 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\system32\de-DE
==================== Files in the root of some directories =======
2011-10-28 00:08 - 2011-11-17 22:56 - 0000005 _____ () C:\Users\Name\AppData\Roaming\hhxprot5
2013-03-27 00:54 - 2013-03-27 00:54 - 0000046 _____ () C:\Users\Name\AppData\Roaming\mbam.context.scan
2011-10-28 00:20 - 2011-10-28 00:20 - 0000018 _____ () C:\Users\Name\AppData\Roaming\sys386ll.dat
2009-09-26 20:02 - 2009-09-26 20:02 - 0024206 _____ () C:\Users\Name\AppData\Roaming\UserTile.png
2010-03-18 01:41 - 2012-08-10 20:48 - 0000262 _____ () C:\Users\Name\AppData\Roaming\wklnhst.dat
2009-09-10 23:40 - 2009-09-10 23:40 - 0000000 _____ () C:\Users\Name\AppData\Local\AtStart.txt
2009-09-22 01:10 - 2013-01-17 02:18 - 0006836 _____ () C:\Users\Name\AppData\Local\d3d9caps.dat
2009-09-13 02:40 - 2015-05-24 00:27 - 0046592 _____ () C:\Users\Name\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2009-09-10 23:40 - 2009-09-10 23:40 - 0000000 _____ () C:\Users\Name\AppData\Local\DSwitch.txt
2009-09-13 22:50 - 2009-09-13 22:50 - 0000000 _____ () C:\Users\Name\AppData\Local\FnF4.txt
2010-04-22 23:24 - 2010-04-23 04:25 - 0011312 ___SH () C:\Users\Name\AppData\Local\Mi715R2
2009-09-10 23:40 - 2009-09-10 23:40 - 0000000 _____ () C:\Users\Name\AppData\Local\QSwitch.txt
2011-01-21 22:49 - 2011-01-21 22:49 - 0361614 _____ () C:\Users\Name\AppData\Local\tmpIMG_1713 - KOPIE.JPG
2011-09-29 12:08 - 2011-09-29 12:09 - 0523853 _____ () C:\Users\Name\AppData\Local\tmpIMG_3283.JPG
2014-10-27 18:47 - 2014-10-27 18:47 - 0000000 _____ () C:\Users\Name\AppData\Local\{77AEF7DB-8685-4D63-806F-4B1C01EC9B84}
2013-11-26 21:28 - 2015-07-12 22:26 - 0100893 _____ () C:\ProgramData\HPWALog.txt
2010-04-22 23:24 - 2010-04-23 04:25 - 0011312 ___SH () C:\ProgramData\Mi715R2
2009-07-20 04:10 - 2009-07-20 04:10 - 0000032 _____ () C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
2009-02-21 04:32 - 2009-02-21 04:32 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2009-07-20 04:09 - 2009-07-20 04:09 - 0000032 _____ () C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
2009-02-21 04:26 - 2009-02-21 04:27 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2009-07-20 04:07 - 2009-07-20 04:07 - 0000032 _____ () C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
2012-06-04 22:01 - 2012-06-04 22:01 - 0000164 _____ () C:\ProgramData\{5CAFA1B7-9EEF-4cc7-B9F7-9DDB3DAA679E}
2012-06-04 22:01 - 2012-06-04 22:01 - 0000092 _____ () C:\ProgramData\{701ACAF9-F102-47c2-8907-36246F4DFB51}
2009-07-20 04:09 - 2009-07-20 04:09 - 0000032 _____ () C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
2009-02-21 04:25 - 2009-02-21 04:26 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2009-02-21 04:27 - 2009-02-21 04:31 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
2009-07-20 04:10 - 2009-07-20 04:10 - 0000105 _____ () C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log
Some files in TEMP:
====================
C:\Users\Name\AppData\Local\Temp\avgnt.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-07-12 21:37
==================== End of log ============================
--- --- --- |
|
13.07.2015, 15:09
| #4 |
| /// the machine /// TB-Ausbilder | Seagate Dashboard Backup Antivir und Malwarebytes haben mehrere Virgen gefunden PUA/Crawler.Gen, PUA/DownloadSponsor.Gen Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
13.07.2015, 18:18
| #5 |
| | Seagate Dashboard Backup Antivir und Malwarebytes haben mehrere Virgen gefunden PUA/Crawler.Gen, PUA/DownloadSponsor.Gen Hallo, ADWCleander:AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v4.208 - Bericht erstellt 13/07/2015 um 18:26:27
# Aktualisiert 09/07/2015 von Xplode
# Datenbank : 2015-07-09.2 [Lokal]
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (x86)
# Benutzername : Name - __PC
# Gestarted von : C:\Users\Name\Desktop\AdwCleaner_4.208.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\ICQ\ICQToolbar
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FLV Player
Ordner Gelöscht : C:\Program Files\Conduit
Ordner Gelöscht : C:\Program Files\Crawler
Ordner Gelöscht : C:\Program Files\ICQ6Toolbar
Ordner Gelöscht : C:\Users\Name\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\Name\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\Name\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Name\AppData\Roaming\OCS
Datei Gelöscht : C:\END
Datei Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
Datei Gelöscht : C:\Program Files\Mozilla Firefox\defaults\pref\itms.js
***** [ Geplante Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\ICQ\ICQToolBar
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Conduit.Engine
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\FLVPlayer.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2504091
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{76C45B18-A29E-43EA-AAF8-AF55C2E1AE17}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{96EF404C-24C7-43D0-9096-4CCC8BB7CCAC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{97720195-206A-42AE-8E65-260B9BA5589F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{986F7A5A-9676-47E1-8642-F41F8C3FCF82}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B18788A4-92BD-440E-A4D1-380C36531119}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{4B3803EA-5230-4DC3-A7FC-33638F3D3542}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{21FA44EF-376D-4D53-9B0F-8A89D3229068}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{5D0FFAEB-57A6-4251-B466-B91BA97A89F7}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5D0FFAEB-57A6-4251-B466-B91BA97A89F7}
Schlüssel Gelöscht : HKCU\Software\Cr_Installer
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\ICQ\ICQToolbar
Schlüssel Gelöscht : HKU\.DEFAULT\Software\CToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FLV Player
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\FLV Player
***** [ Internetbrowser ] *****
-\\ Internet Explorer v9.0.8112.16659
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
-\\ Mozilla Firefox v39.0 (x86 en-US)
-\\ Google Chrome v
[C:\Users\Name\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://de.ask.com/web?q={searchTerms}
[C:\Users\Name\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://search.icq.com/search/results.php?ch_id=sk27211&q={searchTerms}&icid=chrome
[C:\Users\Name\AppData\Local\Google\Chrome\User Data\Default\Preferences] - Gelöscht [Homepage] : hxxp://start.icq.com/sk27211/
*************************
AdwCleaner[R0].txt - [4959 Bytes] - [13/07/2015 18:21:41]
AdwCleaner[S0].txt - [4815 Bytes] - [13/07/2015 18:26:27]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4874 Bytes] ##########
JRT: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Malwarebytes Version: 7.4.6 (07.12.2015:2) OS: Windows Vista (TM) Home Premium x86 Ran by Name on 13.07.2015 at 18:37:54,19 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Tasks Successfully deleted: [Task] C:\Windows\System32\tasks\NetworkWizardHNW ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{AC129BF9-68BF-4bc4-A1DC-ECB62712FF99} ~~~ Files ~~~ Folders Failed to delete: [Folder] C:\Program Files\DIGITA~1 Successfully deleted: [Folder] C:\Users\Name\appdata\local\DIGITA~1 Successfully deleted: [Folder] C:\Users\Name\AppData\Roaming\DIGITA~1 ~~~ FireFox Emptied folder: C:\Users\Name\AppData\Roaming\mozilla\firefox\profiles\l8hr62f5.default-1410900117419\minidumps [19 files] ~~~ Chrome [C:\Users\Name\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset [C:\Users\Name\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted: [C:\Users\Name\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset [C:\Users\Name\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 13.07.2015 at 18:44:36,99 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ FRST Log: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-07-2015
Ran by Name (administrator) on __PC on 13-07-2015 19:01:38
Running from C:\Users\Name\Desktop
Loaded Profiles: Name (Available Profiles: Name)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Geeks to Go Forum
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Windows\ehome\ehsched.exe
(Microsoft Corporation) C:\Windows\ehome\ehrecvr.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Farbar) C:\Users\Name\Desktop\FRST(1).exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2299176 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [TSMAgent] => C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe [1316136 2008-12-25] (CyberLink Corp.)
HKLM\...\Run: [CLMLServer for HP TouchSmart] => C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [189736 2008-12-25] (CyberLink)
HKLM\...\Run: [TVAgent] => C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe [210216 2009-01-21] (CyberLink Corp.)
HKLM\...\Run: [UCam_Menu] => C:\Program Files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe [218408 2008-11-14] (CyberLink Corp.)
HKLM\...\Run: [QlbCtrl.exe] => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [206128 2008-10-10] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [WirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [432432 2008-12-08] (Hewlett-Packard)
HKLM\...\Run: [DpAgent] => C:\Program Files\DigitalPersona\Bin\dpagent.exe
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-03-20] (Apple Inc.)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [730416 2015-06-20] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [914224 2008-11-18] (Hewlett-Packard)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [450652 2009-06-03] (IDT, Inc.)
HKLM\...\Run: [DBAgent] => C:\Program Files\Seagate\Seagate Dashboard 2.0\DBAgent.exe [1533728 2015-04-01] (Seagate Technology LLC)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2015-04-07] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKU\S-1-5-21-867486852-2202442794-3401772244-1000\...\Run: [Sony PC Companion] => C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe [456576 2015-06-10] (Sony)
HKU\S-1-5-21-867486852-2202442794-3401772244-1000\...\Run: [Uploader] => C:\Program Files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe [127304 2015-04-01] (Seagate Technology LLC)
HKU\S-1-5-21-867486852-2202442794-3401772244-1000\...\Run: [EPSON Stylus DX8400 Series] => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE [182272 2007-04-12] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-867486852-2202442794-3401772244-1000\...\Run: [EPSON Stylus DX8400 Series (Kopie 1)] => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE [182272 2007-04-12] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-867486852-2202442794-3401772244-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6369048 2015-05-08] (Piriform Ltd)
HKU\S-1-5-21-867486852-2202442794-3401772244-1000\...\MountPoints2: G - G:\AutoRun.exe
HKU\S-1-5-21-867486852-2202442794-3401772244-1000\...\MountPoints2: {2d1f3e4a-b78a-11df-ad94-00269e0d09e9} - G:\AutoRun.exe
HKU\S-1-5-21-867486852-2202442794-3401772244-1000\...\MountPoints2: {3ad994c7-9db6-11de-98c6-806e6f6e6963} - F:\start.exe /auto
HKU\S-1-5-21-867486852-2202442794-3401772244-1000\...\MountPoints2: {ac27b419-54b8-11e1-b04d-00247eaba5e9} - G:\Startme.exe
Lsa: [Notification Packages] scecli DPPWDFLT
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk [2015-05-14]
ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files\WISO\Steuersoftware 2014\mshaktuell.exe ()
ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll No File
ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 2 (GFS Stub)] -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll No File
ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll No File
ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 3 (GFS Folder)] -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll No File
ShellIconOverlayIdentifiers: [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll No File
BootExecute: autocheck autochk *
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN Deutschland ? mit Hotmail Nachfolger Outlook und Messenger Skype
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-867486852-2202442794-3401772244-1000\Software\Microsoft\Internet Explorer\Main,Start Page = MSN Deutschland ? mit Hotmail Nachfolger Outlook und Messenger Skype
URLSearchHook: HKLM - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
SearchScopes: HKLM -> {1F71B852-794A-4692-9217-6FF667304147} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> {1F71B852-794A-4692-9217-6FF667304147} URL =
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-867486852-2202442794-3401772244-1000 -> {1F71B852-794A-4692-9217-6FF667304147} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll No File
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-07-04] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-07-04] (Oracle Corporation)
Toolbar: HKU\.DEFAULT -> No Name - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
Toolbar: HKU\.DEFAULT -> No Name - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - No File
Toolbar: HKU\.DEFAULT -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-06-08] (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll No File [ ]
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-31] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{D8AF4668-0142-4ECD-8760-828A6163B38E}: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Name\AppData\Roaming\Mozilla\Firefox\Profiles\l8hr62f5.default-1410900117419
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_18_0_0_203.dll [2015-07-08] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1218158.dll [2015-05-07] (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll No File
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-07-04] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-07-04] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.3 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-17] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-04-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-867486852-2202442794-3401772244-1000: @facebook.com/FBPlugin,version=1.0.3 -> C:\Users\Name\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll [2010-03-06] ( )
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll [2009-11-14] (DivX, Inc)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2015-04-30] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2014-06-27] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2014-06-27] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2014-06-27] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2014-06-27] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2014-06-27] (Apple Inc.)
FF Extension: Ecology - C:\Users\Name\AppData\Roaming\Mozilla\Firefox\Profiles\l8hr62f5.default-1410900117419\Extensions\ecolo@loic.com.xpi [2014-09-26]
FF Extension: Walnut for Firefox - C:\Users\Name\AppData\Roaming\Mozilla\Firefox\Profiles\l8hr62f5.default-1410900117419\Extensions\{5A170DD3-63CA-4c58-93B7-DE9FF536C2FF}.xpi [2014-09-16]
FF Extension: NoScript - C:\Users\Name\AppData\Roaming\Mozilla\Firefox\Profiles\l8hr62f5.default-1410900117419\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-09-16]
FF Extension: Adblock Plus - C:\Users\Name\AppData\Roaming\Mozilla\Firefox\Profiles\l8hr62f5.default-1410900117419\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-09-16]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-09-11]
FF HKLM\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files\DigitalPersona\Bin\FirefoxExt
FF HKU\S-1-5-21-867486852-2202442794-3401772244-1000\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files\DigitalPersona\Bin\firefoxext
Chrome:
=======
CHR Profile: C:\Users\Name\AppData\Local\Google\Chrome\User Data\Default
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 AntiVirMailService; C:\Program Files\Avira\AntiVir Desktop\avmailc.exe [825136 2015-06-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [450808 2015-06-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [450808 2015-06-20] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1187336 2015-06-20] (Avira Operations GmbH & Co. KG)
R2 ezSharedSvc; C:\Windows\System32\ezsvc7.dll [129992 2008-02-03] (EasyBits Sofware AS) [File not signed]
R2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-10-09] (Hewlett-Packard) [File not signed]
S3 hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [223232 2008-10-23] (Hewlett-Packard Development Company, L.P.) [File not signed]
S2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S2 Recovery Service for Windows; C:\Program Files\SMINST\BLService.exe [365952 2008-12-17] ()
S2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [241734 2008-09-15] () [File not signed]
S2 Seagate Dashboard Services; C:\Program Files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [16216 2015-02-13] (Seagate Technology LLC)
S2 Seagate MobileBackup Service; C:\Program Files\Seagate\Seagate Dashboard 2.0\MobileService.exe [157992 2015-04-01] (Seagate Technology LLC)
S3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155520 2015-06-10] (Avanquest Software)
S2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\STacSV.exe [217170 2009-06-03] (IDT, Inc.)
S2 TVCapSvc; C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe [296320 2008-11-26] ()
S2 TVSched; C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe [116096 2008-11-26] ()
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)
S2 DpHost; C:\Program Files\DigitalPersona\Bin\DpHostW.exe [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108448 2015-06-20] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136728 2015-06-20] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37896 2015-05-24] (Avira Operations GmbH & Co. KG)
S3 KMWDFILTER; C:\Windows\System32\DRIVERS\KMWDFILTER.sys [17408 2008-10-09] (Windows (R) Codename Longhorn DDK provider)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-04-14] (Malwarebytes Corporation)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [31848 2015-06-20] (Avira Operations GmbH & Co. KG)
R2 {55662437-DA8C-40c0-AADA-2C816A897A49}; C:\Program Files\Hewlett-Packard\Media\DVD\000.fcl [87536 2008-11-28] (CyberLink Corp.)
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-07-13 19:00 - 2015-07-13 19:00 - 01636864 _____ (Farbar) C:\Users\Name\Desktop\FRST(1).exe
2015-07-13 18:44 - 2015-07-13 18:44 - 00001706 _____ C:\Users\Name\Desktop\JRT.txt
2015-07-13 18:38 - 2015-07-13 18:38 - 00000207 _____ C:\Windows\tweaking.com-regbackup-__PC-Windows-Vista-(TM)-Home-Premium-(32-bit).dat
2015-07-13 18:37 - 2015-07-13 18:37 - 00000000 ____D C:\RegBackup
2015-07-13 18:35 - 2015-07-13 18:36 - 03034492 _____ (Malwarebytes Corporation) C:\Users\Name\Desktop\JRT.exe
2015-07-13 18:31 - 2015-07-13 18:31 - 00004954 _____ C:\Users\Name\Desktop\AdwCleaner[S0].txt
2015-07-13 18:21 - 2015-07-13 18:27 - 00000000 ____D C:\AdwCleaner
2015-07-13 18:18 - 2015-07-13 18:19 - 02248704 _____ C:\Users\Name\Desktop\AdwCleaner_4.208.exe
2015-07-12 23:06 - 2015-07-13 19:01 - 00019955 _____ C:\Users\Name\Desktop\FRST.txt
2015-07-12 23:05 - 2015-07-12 23:05 - 00052134 _____ C:\Users\Name\Desktop\Addition.txt
2015-07-12 22:27 - 2015-07-12 22:31 - 00052134 _____ C:\Users\Name\Downloads\Addition.txt
2015-07-12 22:24 - 2015-07-12 22:31 - 00037014 _____ C:\Users\Name\Downloads\FRST.txt
2015-07-12 22:23 - 2015-07-13 19:01 - 00000000 ____D C:\FRST
2015-07-12 22:17 - 2015-07-12 22:18 - 01636864 _____ (Farbar) C:\Users\Name\Downloads\FRST.exe
2015-07-06 14:17 - 2015-07-06 14:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-07-04 14:57 - 2015-07-04 14:58 - 01126608 _____ (Adobe Systems Incorporated) C:\Users\Name\Downloads\reader10_de_ha_install.exe
2015-07-04 14:26 - 2015-07-04 14:27 - 01125056 _____ (Adobe Systems Incorporated) C:\Users\Name\Downloads\flashplayer18_ha_install.exe
2015-07-04 14:03 - 2015-07-04 14:03 - 00000000 ____D C:\Windows\system32\Adobe
2015-07-04 13:55 - 2015-07-04 13:58 - 05009736 _____ (Adobe Systems Inc.) C:\Users\Name\Downloads\Shockwave_Installer_Slim(7).exe
2015-07-04 13:54 - 2015-07-04 13:54 - 00000000 ____D C:\Program Files\Common Files\Java
2015-07-04 13:54 - 2015-07-04 13:50 - 00096352 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2015-07-04 13:51 - 2015-07-04 13:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-07-04 12:23 - 2015-07-04 12:23 - 00561248 _____ (Oracle Corporation) C:\Users\Name\Downloads\jxpiinstall(3).exe
2015-07-04 11:35 - 2015-07-04 19:39 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-06-30 22:07 - 2015-06-30 22:08 - 01125056 _____ (Adobe Systems Incorporated) C:\Users\Name\Downloads\flashplayer18au_ha_install.exe
2015-06-14 11:46 - 2015-06-14 11:54 - 06549184 _____ (Piriform Ltd) C:\Users\Name\Downloads\ccsetup506.exe
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-07-13 18:42 - 2014-09-09 22:16 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-13 18:40 - 2009-07-20 04:11 - 00000000 ____D C:\Program Files\DigitalPersona
2015-07-13 18:40 - 2006-11-02 14:47 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-13 18:40 - 2006-11-02 14:47 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-13 18:39 - 2006-11-02 14:37 - 00000000 ___RD C:\Users\Public\Recorded TV
2015-07-13 18:30 - 2010-10-08 02:31 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-13 18:29 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-13 18:27 - 2009-07-20 02:35 - 02027330 _____ C:\Windows\WindowsUpdate.log
2015-07-13 18:27 - 2009-07-20 02:35 - 00002140 _____ C:\Windows\bthservsdp.dat
2015-07-13 18:27 - 2006-11-02 15:01 - 00032534 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-07-13 17:29 - 2010-10-08 02:31 - 00001098 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-12 21:27 - 2008-01-21 04:47 - 00948064 _____ C:\Windows\PFRO.log
2015-07-12 17:30 - 2014-07-20 20:16 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-11 11:26 - 2010-07-12 14:16 - 00002549 _____ C:\Users\Name\Desktop\Gewichtslogger.lnk
2015-07-10 14:16 - 2009-09-10 23:39 - 00000000 ____D C:\Users\Name\AppData\Roaming\Skype
2015-07-10 12:43 - 2009-09-10 23:30 - 00000000 ____D C:\ProgramData\Skype
2015-07-10 09:58 - 2009-07-20 02:41 - 00544786 _____ C:\Windows\DPINST.LOG
2015-07-10 09:56 - 2015-05-01 12:24 - 00001841 _____ C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
2015-07-10 09:56 - 2012-03-08 22:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2015-07-10 09:51 - 2009-02-21 03:30 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2015-07-09 10:02 - 2009-02-21 11:18 - 00705230 _____ C:\Windows\system32\perfh010.dat
2015-07-09 10:02 - 2009-02-21 11:18 - 00142814 _____ C:\Windows\system32\perfc010.dat
2015-07-09 10:02 - 2006-11-02 12:33 - 03270364 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-08 22:59 - 2014-09-09 22:16 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-07-08 22:59 - 2014-09-09 22:16 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-07-06 14:17 - 2015-05-24 01:39 - 00001851 _____ C:\Users\Public\Desktop\Avira Antivirus.lnk
2015-07-04 19:39 - 2012-04-24 22:56 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-07-04 15:33 - 2014-06-13 12:02 - 00000000 ____D C:\Users\Name\AppData\Local\Adobe
2015-07-04 13:55 - 2015-01-28 00:30 - 00000000 ____D C:\ProgramData\Oracle
2015-07-04 13:49 - 2011-06-07 02:43 - 00000000 ____D C:\Program Files\Java
2015-06-21 21:34 - 2009-09-18 00:49 - 00000000 ____D C:\Users\Name\AppData\Roaming\HpUpdate
2015-06-20 10:18 - 2013-10-19 14:50 - 00136728 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-06-20 10:18 - 2013-10-19 14:50 - 00108448 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-06-20 10:18 - 2013-10-19 14:50 - 00031848 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\ssmdrv.sys
2015-06-14 20:48 - 2014-07-20 20:15 - 00000000 ____D C:\Program Files\ Malwarebytes Anti-Malware
2015-06-14 12:43 - 2014-07-20 20:15 - 00000861 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-06-14 12:43 - 2014-07-20 20:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-06-14 12:08 - 2009-09-13 01:45 - 00000000 ____D C:\Users\Name\AppData\Roaming\Azureus
2015-06-14 12:00 - 2015-02-01 14:13 - 00000766 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-06-14 11:59 - 2009-12-19 04:39 - 00000000 ____D C:\Program Files\CCleaner
2015-06-13 09:50 - 2006-11-02 14:47 - 00406192 _____ C:\Windows\system32\FNTCACHE.DAT
==================== Files in the root of some directories =======
2011-10-28 00:08 - 2011-11-17 22:56 - 0000005 _____ () C:\Users\Name\AppData\Roaming\hhxprot5
2013-03-27 00:54 - 2013-03-27 00:54 - 0000046 _____ () C:\Users\Name\AppData\Roaming\mbam.context.scan
2011-10-28 00:20 - 2011-10-28 00:20 - 0000018 _____ () C:\Users\Name\AppData\Roaming\sys386ll.dat
2009-09-26 20:02 - 2009-09-26 20:02 - 0024206 _____ () C:\Users\Name\AppData\Roaming\UserTile.png
2010-03-18 01:41 - 2012-08-10 20:48 - 0000262 _____ () C:\Users\Name\AppData\Roaming\wklnhst.dat
2009-09-10 23:40 - 2009-09-10 23:40 - 0000000 _____ () C:\Users\Name\AppData\Local\AtStart.txt
2009-09-22 01:10 - 2013-01-17 02:18 - 0006836 _____ () C:\Users\Name\AppData\Local\d3d9caps.dat
2009-09-13 02:40 - 2015-05-24 00:27 - 0046592 _____ () C:\Users\Name\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2009-09-10 23:40 - 2009-09-10 23:40 - 0000000 _____ () C:\Users\Name\AppData\Local\DSwitch.txt
2009-09-13 22:50 - 2009-09-13 22:50 - 0000000 _____ () C:\Users\Name\AppData\Local\FnF4.txt
2010-04-22 23:24 - 2010-04-23 04:25 - 0011312 ___SH () C:\Users\Name\AppData\Local\Mi715R2
2009-09-10 23:40 - 2009-09-10 23:40 - 0000000 _____ () C:\Users\Name\AppData\Local\QSwitch.txt
2011-01-21 22:49 - 2011-01-21 22:49 - 0361614 _____ () C:\Users\Name\AppData\Local\tmpIMG_1713 - KOPIE.JPG
2011-09-29 12:08 - 2011-09-29 12:09 - 0523853 _____ () C:\Users\Name\AppData\Local\tmpIMG_3283.JPG
2014-10-27 18:47 - 2014-10-27 18:47 - 0000000 _____ () C:\Users\Name\AppData\Local\{77AEF7DB-8685-4D63-806F-4B1C01EC9B84}
2013-11-26 21:28 - 2015-07-13 18:37 - 0052233 _____ () C:\ProgramData\HPWALog.txt
2010-04-22 23:24 - 2010-04-23 04:25 - 0011312 ___SH () C:\ProgramData\Mi715R2
2009-07-20 04:10 - 2009-07-20 04:10 - 0000032 _____ () C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
2009-02-21 04:32 - 2009-02-21 04:32 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2009-07-20 04:09 - 2009-07-20 04:09 - 0000032 _____ () C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
2009-02-21 04:26 - 2009-02-21 04:27 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2009-07-20 04:07 - 2009-07-20 04:07 - 0000032 _____ () C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
2012-06-04 22:01 - 2012-06-04 22:01 - 0000164 _____ () C:\ProgramData\{5CAFA1B7-9EEF-4cc7-B9F7-9DDB3DAA679E}
2012-06-04 22:01 - 2012-06-04 22:01 - 0000092 _____ () C:\ProgramData\{701ACAF9-F102-47c2-8907-36246F4DFB51}
2009-07-20 04:09 - 2009-07-20 04:09 - 0000032 _____ () C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
2009-02-21 04:25 - 2009-02-21 04:26 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2009-02-21 04:27 - 2009-02-21 04:31 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
2009-07-20 04:10 - 2009-07-20 04:10 - 0000105 _____ () C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log
Some files in TEMP:
====================
C:\Users\Name\AppData\Local\Temp\avgnt.exe
C:\Users\Name\AppData\Local\Temp\Quarantine.exe
C:\Users\Name\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-07-13 18:39
==================== End of log ============================
|
|
14.07.2015, 07:15
| #6 |
| /// the machine /// TB-Ausbilder | Seagate Dashboard Backup Antivir und Malwarebytes haben mehrere Virgen gefunden PUA/Crawler.Gen, PUA/DownloadSponsor.GenESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ --> Seagate Dashboard Backup Antivir und Malwarebytes haben mehrere Virgen gefunden PUA/Crawler.Gen, PUA/DownloadSponsor.Gen |
|
14.07.2015, 12:57
| #7 |
| | Seagate Dashboard Backup Antivir und Malwarebytes haben mehrere Virgen gefunden PUA/Crawler.Gen, PUA/DownloadSponsor.Gen Hallo Schrauber, leider habe ich jetzt noch ein größeres Problem. Nach dem AdwCleaner Scan hat sich mein Laptop normal hochgefahren und konnte mich, ohne Probleme, mit Digital Persona und meinem Fingerabdruck bei Windows anmelden. Aber nachdem ich den Laptop nach dem Junkware Scan ausgemacht habe und abends wieder anmachen wollte, hat die Anmeldung per Fingerabdruck nicht mehr funktioniert. Das Problem, ich habe mein Windows Passwort vergessen, weil ich mich immer nur mit dem Fingerabdruck angemeldet habe. Kann man da was machen ohne, dass ich meine Daten verliere? LG und Danke |
|
15.07.2015, 08:41
| #8 |
| /// the machine /// TB-Ausbilder | Seagate Dashboard Backup Antivir und Malwarebytes haben mehrere Virgen gefunden PUA/Crawler.Gen, PUA/DownloadSponsor.Gen Mach ne Systemwiederherstellung auf nen Punkt vor JRT. Aber allgemein it das weniger geil wenn man das PW nicht kennt und sich auf den Fingerabdruck-KRam verlässt
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Seagate Dashboard Backup Antivir und Malwarebytes haben mehrere Virgen gefunden PUA/Crawler.Gen, PUA/DownloadSponsor.Gen |
| antivir, appdata, avira, datei, hijack, hijackthis, home, icq, malwarebytes, namen, probleme, programm, pua/crawler.gen, pua/downloadsponsor.gen, remover, scan, schutz, sekunden, software, spyware, start, temp, trend, vista, warnung, windows, windows vista |
Linear-Darstellung
